diff --git a/modules/http_proxy/http_proxy.go b/modules/http_proxy/http_proxy.go index 150d9c34..e8ab830a 100644 --- a/modules/http_proxy/http_proxy.go +++ b/modules/http_proxy/http_proxy.go @@ -54,10 +54,6 @@ func NewHttpProxy(s *session.Session) *HttpProxy { "false", "Enable or disable SSL stripping.")) - mod.AddParam(session.NewBoolParameter("http.proxy.sslstrip.useIDN", - "false", - "Use an Internationalized Domain Name to bypass HSTS. Otherwise, double the last TLD's character")) - mod.AddHandler(session.NewModuleHandler("http.proxy on", "", "Start HTTP proxy.", func(args []string) error { @@ -95,7 +91,6 @@ func (mod *HttpProxy) Configure() error { var doRedirect bool var scriptPath string var stripSSL bool - var useIDN bool var jsToInject string var blacklist string var whitelist string @@ -114,8 +109,6 @@ func (mod *HttpProxy) Configure() error { return err } else if err, stripSSL = mod.BoolParam("http.proxy.sslstrip"); err != nil { return err - } else if err, useIDN = mod.BoolParam("http.proxy.sslstrip.useIDN"); err != nil { - return err } else if err, jsToInject = mod.StringParam("http.proxy.injectjs"); err != nil { return err } else if err, blacklist = mod.StringParam("http.proxy.blacklist"); err != nil { @@ -127,7 +120,7 @@ func (mod *HttpProxy) Configure() error { mod.proxy.Blacklist = str.Comma(blacklist) mod.proxy.Whitelist = str.Comma(whitelist) - error := mod.proxy.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL, useIDN) + error := mod.proxy.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL) // save stripper to share it with other http(s) proxies mod.State.Store("stripper", mod.proxy.Stripper) diff --git a/modules/http_proxy/http_proxy_base.go b/modules/http_proxy/http_proxy_base.go index b810f864..8f207d22 100644 --- a/modules/http_proxy/http_proxy_base.go +++ b/modules/http_proxy/http_proxy_base.go @@ -77,7 +77,7 @@ func NewHTTPProxy(s *session.Session, tag string) *HTTPProxy { Name: "http.proxy", Proxy: goproxy.NewProxyHttpServer(), Sess: s, - Stripper: NewSSLStripper(s, false, false), + Stripper: NewSSLStripper(s, false), isTLS: false, doRedirect: true, Server: nil, @@ -170,7 +170,7 @@ func (p *HTTPProxy) shouldProxy(req *http.Request) bool { } func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string, - jsToInject string, stripSSL bool, useIDN bool) error { + jsToInject string, stripSSL bool) error { var err error // check if another http(s) proxy is using sslstrip and merge strippers @@ -192,7 +192,7 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRed } } - p.Stripper.Enable(stripSSL, useIDN) + p.Stripper.Enable(stripSSL) p.Address = address p.doRedirect = doRedirect p.jsHook = "" @@ -297,8 +297,8 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx * func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string, certFile string, - keyFile string, jsToInject string, stripSSL bool, useIDN bool) (err error) { - if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL, useIDN); err != nil { + keyFile string, jsToInject string, stripSSL bool) (err error) { + if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL); err != nil { return err } diff --git a/modules/http_proxy/http_proxy_base_sslstriper.go b/modules/http_proxy/http_proxy_base_sslstriper.go index 39cedbf2..2a99ac01 100644 --- a/modules/http_proxy/http_proxy_base_sslstriper.go +++ b/modules/http_proxy/http_proxy_base_sslstriper.go @@ -30,7 +30,6 @@ var ( type SSLStripper struct { enabled bool - useIDN bool session *session.Session cookies *CookieTracker hosts *HostTracker @@ -38,16 +37,15 @@ type SSLStripper struct { pktSourceChan chan gopacket.Packet } -func NewSSLStripper(s *session.Session, enabled bool, useIDN bool) *SSLStripper { +func NewSSLStripper(s *session.Session, enabled bool) *SSLStripper { strip := &SSLStripper{ enabled: false, - useIDN: false, cookies: NewCookieTracker(), hosts: NewHostTracker(), session: s, handle: nil, } - strip.Enable(enabled, useIDN) + strip.Enable(enabled) return strip } @@ -79,9 +77,8 @@ func (s *SSLStripper) onPacket(pkt gopacket.Packet) { } } -func (s *SSLStripper) Enable(enabled bool, useIDN bool) { +func (s *SSLStripper) Enable(enabled bool) { s.enabled = enabled - s.useIDN = useIDN if enabled && s.handle == nil { var err error @@ -127,32 +124,8 @@ func (s *SSLStripper) isContentStrippable(res *http.Response) bool { return false } -func (s *SSLStripper) processURL(url string) string { - // first we remove the https schema - url = url[8:] - - // search the first instance of "/" - iEndHost := strings.Index(url, "/") - if iEndHost == -1 { - iEndHost = len(url) - } - // search if port is specified - iPort := strings.Index(url[:iEndHost], ":") - if iPort == -1 { - iPort = iEndHost - } - if s.useIDN { - // add an international character to the domain name & strip HTTPS port (if any) - url = url[:iPort] + "ノ" + url[iEndHost:] - } else { - // double the last TLD's character & strip HTTPS port (if any) - url = url[:iPort] + string(url[iPort-1]) + url[iEndHost:] - } - - // finally we add the http schema - url = "http://" + url - - return url +func (s *SSLStripper) stripURL(url string) string { + return strings.Replace(url, "https://", "http://", 1) } // sslstrip preprocessing, takes care of: @@ -253,7 +226,7 @@ func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) { log.Info("[%s] Got redirection from HTTP to HTTPS: %s -> %s", tui.Green("sslstrip"), tui.Yellow("http://"+origHost), tui.Bold("https://"+newHost)) // strip the URL down to an alternative HTTP version and save it to an ASCII Internationalized Domain Name - strippedURL := s.processURL(newURL) + strippedURL := s.stripURL(newURL) parsed, _ := url.Parse(strippedURL) hostStripped := parsed.Hostname() hostStripped, _ = idna.ToASCII(hostStripped) @@ -280,7 +253,7 @@ func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) { // make sure we only strip valid URLs if parsed, _ := url.Parse(u); parsed != nil { // strip the URL down to an alternative HTTP version - urls[u] = s.processURL(u) + urls[u] = s.stripURL(u) } } diff --git a/modules/https_proxy/https_proxy.go b/modules/https_proxy/https_proxy.go index fbf3df74..06bc1e0f 100644 --- a/modules/https_proxy/https_proxy.go +++ b/modules/https_proxy/https_proxy.go @@ -41,10 +41,6 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy { "false", "Enable or disable SSL stripping.")) - mod.AddParam(session.NewBoolParameter("https.proxy.sslstrip.useIDN", - "false", - "Use an Internationalized Domain Name to bypass HSTS. Otherwise, double the last TLD's character")) - mod.AddParam(session.NewStringParameter("https.proxy.injectjs", "", "", @@ -112,7 +108,6 @@ func (mod *HttpsProxy) Configure() error { var certFile string var keyFile string var stripSSL bool - var useIDN bool var jsToInject string var whitelist string var blacklist string @@ -129,8 +124,6 @@ func (mod *HttpsProxy) Configure() error { return err } else if err, stripSSL = mod.BoolParam("https.proxy.sslstrip"); err != nil { return err - } else if err, useIDN = mod.BoolParam("https.proxy.sslstrip.useIDN"); err != nil { - return err } else if err, certFile = mod.StringParam("https.proxy.certificate"); err != nil { return err } else if certFile, err = fs.Expand(certFile); err != nil { @@ -170,7 +163,7 @@ func (mod *HttpsProxy) Configure() error { } error := mod.proxy.ConfigureTLS(address, proxyPort, httpPort, doRedirect, scriptPath, certFile, keyFile, jsToInject, - stripSSL, useIDN) + stripSSL) // save stripper to share it with other http(s) proxies mod.State.Store("stripper", mod.proxy.Stripper)