still working on #154

2025-08-21 05:53:20 -07:00 · 2018-03-08 18:13:45 +01:00 · 2018-03-08 18:13:45 +01:00 · 2d53890501
commit 2d53890501
parent 741d9d8f6e
3 changed files with 70 additions and 3 deletions
--- a/modules/http_proxy_base.go
+++ b/modules/http_proxy_base.go
@ -42,7 +42,7 @@ type HTTPProxy struct {

 	isTLS       bool
 	isRunning   bool
-	stripSSL    bool
+	stripper    *SSLStripper
 	sniListener net.Listener
 	sess        *session.Session
 }
@ -60,8 +60,8 @@ func NewHTTPProxy(s *session.Session) *HTTPProxy {
 		Name:     "http.proxy",
 		Proxy:    goproxy.NewProxyHttpServer(),
 		sess:     s,
+		stripper: NewSSLStripper(false),
 		isTLS:    false,
-		stripSSL: true,
 		Server:   nil,
 	}

@ -109,7 +109,7 @@ func (p *HTTPProxy) doProxy(req *http.Request) bool {
 func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scriptPath string, stripSSL bool) error {
 	var err error

-	p.stripSSL = stripSSL
+	p.stripper.Enabled = stripSSL
 	p.Address = address

 	if scriptPath != "" {
@ -295,6 +295,13 @@ func (p *HTTPProxy) Start() {
 	go func() {
 		var err error

+		strip := core.Yellow("enabled")
+		if p.stripper.Enabled == false {
+			strip = core.Dim("disabled")
+		}
+
+		log.Info("%s started on %s (sslstrip %s)", core.Green(p.Name), p.Server.Addr, strip)
+
 		if p.isTLS == true {
 			err = p.httpsWorker()
 		} else {
--- a/modules/http_proxy_base_filters.go
+++ b/modules/http_proxy_base_filters.go
@ -18,6 +18,18 @@ func (p *HTTPProxy) onRequestFilter(req *http.Request, ctx *goproxy.ProxyCtx) (*
 		return req, nil
 	}

+	// sslstrip preprocessing, takes care of:
+	//
+	// - patching / removing security related headers
+	// - making unknown session cookies expire
+	// - handling stripped domains
+	redir := p.stripper.Preprocess(req, ctx)
+	if redir != nil {
+		// we need to redirect the user in order to make
+		// some session cookie expire
+		return req, redir
+	}
+
 	// run the module OnRequest callback if defined
 	jsreq, jsres := p.Script.OnRequest(req)
 	if jsreq != nil {
--- a/modules/http_proxy_base_sslstriper.go
+++ b/modules/http_proxy_base_sslstriper.go
@ -0,0 +1,48 @@
+package modules
+
+import (
+	"net/http"
+	"sync"
+	// "strings"
+
+	// "github.com/bettercap/bettercap/core"
+	// "github.com/bettercap/bettercap/log"
+
+	"github.com/elazarl/goproxy"
+)
+
+type cookieTracker struct {
+	sync.RWMutex
+	set map[string]string
+}
+
+func NewCookieTracker() *cookieTracker {
+	return &cookieTracker{
+		set: make(map[string]string),
+	}
+}
+
+type SSLStripper struct {
+	Enabled bool
+	cookies *cookieTracker
+}
+
+func NewSSLStripper(enabled bool) *SSLStripper {
+	return &SSLStripper{
+		Enabled: enabled,
+		cookies: NewCookieTracker(),
+	}
+}
+
+// sslstrip preprocessing, takes care of:
+//
+// - patching / removing security related headers
+// - making unknown session cookies expire
+// - handling stripped domains
+func (s *SSLStripper) Preprocess(req *http.Request, ctx *goproxy.ProxyCtx) (redir *http.Response) {
+	if s.Enabled == false {
+		return
+	}
+
+	return
+}