This commit is just to push the changes so far to github , still have to tidy things up here and there and fix some bugs (also I really hate javascript)

JavaPwn plugin has been renamed to BrowserSniper (cause it now supports java, flash and browser exploits), it's been completly re-written along with it's config file section Addition of the screenshotter plugin, currently there is a bug when decoding the base64 encoded png files (a very wierd one) , but other than that it works (did i mention i hate js?) Jskeylogger's javscript now works on every browser except FF mobile (have no clue what's with that) p.s. did i mention i hate JS? Plugins that deal with javascript now read it from a file as supposed to having it built in (encoding issues) fu javascript User agent parsing is now built in and handled by core/httpagentparser.py, this because the user-agent library is a pain to install on some distros , also removes 3-4 deps which is a plus also fuck javascript
2025-07-16 10:03:52 -07:00 · 2015-05-16 00:43:56 +02:00 · 2015-05-16 00:43:56 +02:00 · ff39a302f9
commit ff39a302f9
parent 86870b8b72
32 changed files with 4378 additions and 681 deletions
--- a/core/ferretNG/URLMonitor.py
+++ b/core/ferretNG/URLMonitor.py
@ -1,85 +0,0 @@
-# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-#
-
-import re
-import os
-import logging
-
-mitmf_logger = logging.getLogger('mimtf')
-
-class URLMonitor:    
-
-    '''
-    The URL monitor maintains a set of (client, url) tuples that correspond to requests which the
-    server is expecting over SSL.  It also keeps track of secure favicon urls.
-    '''
-
-    # Start the arms race, and end up here...
-    javascriptTrickery = [re.compile("http://.+\.etrade\.com/javascript/omntr/tc_targeting\.html")]
-    cookies            = dict()
-    _instance          = None
-
-    def __init__(self):
-        self.strippedURLs       = set()
-        self.strippedURLPorts   = dict()
-
-    @staticmethod
-    def getInstance():
-        if URLMonitor._instance == None:
-            URLMonitor._instance = URLMonitor()
-
-        return URLMonitor._instance
-
-    def isSecureLink(self, client, url):
-        for expression in URLMonitor.javascriptTrickery:
-            if (re.match(expression, url)):
-                return True
-
-        return (client,url) in self.strippedURLs
-
-    def getSecurePort(self, client, url):
-        if (client,url) in self.strippedURLs:
-            return self.strippedURLPorts[(client,url)]
-        else:
-            return 443
-
-    def addSecureLink(self, client, url):
-        methodIndex = url.find("//") + 2
-        method      = url[0:methodIndex]
-
-        pathIndex   = url.find("/", methodIndex)
-        if pathIndex is -1:
-            pathIndex = len(url)
-            url += "/"
-
-        host        = url[methodIndex:pathIndex].lower()
-        path        = url[pathIndex:]
-
-        port        = 443
-        portIndex   = host.find(":")
-
-        if (portIndex != -1):
-            host = host[0:portIndex]
-            port = host[portIndex+1:]
-            if len(port) == 0:
-                port = 443
-
-        url = method + host + path
-
-        self.strippedURLs.add((client, url))
-        self.strippedURLPorts[(client, url)] = int(port)