mirror of
https://github.com/bettercap/bettercap
synced 2025-08-20 21:43:18 -07:00
Fix sslstrip & some related issues in http(s).proxy and dns.spoof
This commit is contained in:
Petitoto
parent
318029c022
commit
40c7203d1f
7 changed files with 220 additions and 218 deletions
|
|
@ -45,14 +45,14 @@ type HTTPProxy struct {
|
|||
KeyFile string
|
||||
Blacklist []string
|
||||
Whitelist []string
|
||||
Sess *session.Session
|
||||
Stripper *SSLStripper
|
||||
|
||||
jsHook string
|
||||
isTLS bool
|
||||
isRunning bool
|
||||
doRedirect bool
|
||||
stripper *SSLStripper
|
||||
sniListener net.Listener
|
||||
sess *session.Session
|
||||
tag string
|
||||
}
|
||||
|
||||
|
|
@ -72,18 +72,18 @@ func (l dummyLogger) Printf(format string, v ...interface{}) {
|
|||
l.p.Debug("[goproxy.log] %s", str.Trim(fmt.Sprintf(format, v...)))
|
||||
}
|
||||
|
||||
func NewHTTPProxy(s *session.Session) *HTTPProxy {
|
||||
func NewHTTPProxy(s *session.Session, tag string) *HTTPProxy {
|
||||
p := &HTTPProxy{
|
||||
Name: "http.proxy",
|
||||
Proxy: goproxy.NewProxyHttpServer(),
|
||||
sess: s,
|
||||
stripper: NewSSLStripper(s, false),
|
||||
Sess: s,
|
||||
Stripper: NewSSLStripper(s, false, false),
|
||||
isTLS: false,
|
||||
doRedirect: true,
|
||||
Server: nil,
|
||||
Blacklist: make([]string, 0),
|
||||
Whitelist: make([]string, 0),
|
||||
tag: session.AsTag("http.proxy"),
|
||||
tag: session.AsTag(tag),
|
||||
}
|
||||
|
||||
p.Proxy.Verbose = false
|
||||
|
|
@ -107,23 +107,23 @@ func NewHTTPProxy(s *session.Session) *HTTPProxy {
|
|||
}
|
||||
|
||||
func (p *HTTPProxy) Debug(format string, args ...interface{}) {
|
||||
p.sess.Events.Log(log.DEBUG, p.tag+format, args...)
|
||||
p.Sess.Events.Log(log.DEBUG, p.tag+format, args...)
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) Info(format string, args ...interface{}) {
|
||||
p.sess.Events.Log(log.INFO, p.tag+format, args...)
|
||||
p.Sess.Events.Log(log.INFO, p.tag+format, args...)
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) Warning(format string, args ...interface{}) {
|
||||
p.sess.Events.Log(log.WARNING, p.tag+format, args...)
|
||||
p.Sess.Events.Log(log.WARNING, p.tag+format, args...)
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) Error(format string, args ...interface{}) {
|
||||
p.sess.Events.Log(log.ERROR, p.tag+format, args...)
|
||||
p.Sess.Events.Log(log.ERROR, p.tag+format, args...)
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) Fatal(format string, args ...interface{}) {
|
||||
p.sess.Events.Log(log.FATAL, p.tag+format, args...)
|
||||
p.Sess.Events.Log(log.FATAL, p.tag+format, args...)
|
||||
}
|
||||
|
||||
func (p *HTTPProxy) doProxy(req *http.Request) bool {
|
||||
|
|
@ -170,12 +170,32 @@ func (p *HTTPProxy) shouldProxy(req *http.Request) bool {
|
|||
}
|
||||
|
||||
func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
|
||||
jsToInject string, stripSSL bool) error {
|
||||
jsToInject string, stripSSL bool, useIDN bool) error {
|
||||
var err error
|
||||
|
||||
p.stripper.Enable(stripSSL)
|
||||
// check if another http(s) proxy is using sslstrip and merge strippers
|
||||
if stripSSL {
|
||||
for _, mname := range []string{"http.proxy", "https.proxy"}{
|
||||
err, m := p.Sess.Module(mname)
|
||||
if err == nil && m.Running() {
|
||||
var mextra interface{}
|
||||
var mstripper *SSLStripper
|
||||
mextra = m.Extra()
|
||||
mextramap := mextra.(map[string]interface{})
|
||||
mstripper = mextramap["stripper"].(*SSLStripper)
|
||||
if mstripper != nil && mstripper.Enabled() {
|
||||
p.Info("found another proxy using sslstrip -> merging strippers...")
|
||||
p.Stripper = mstripper
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
p.Stripper.Enable(stripSSL, useIDN)
|
||||
p.Address = address
|
||||
p.doRedirect = doRedirect
|
||||
p.jsHook = ""
|
||||
|
||||
if strings.HasPrefix(jsToInject, "http://") || strings.HasPrefix(jsToInject, "https://") {
|
||||
p.jsHook = fmt.Sprintf("<script src=\"%s\" type=\"text/javascript\"></script></head>", jsToInject)
|
||||
|
|
@ -195,7 +215,7 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRed
|
|||
}
|
||||
|
||||
if scriptPath != "" {
|
||||
if err, p.Script = LoadHttpProxyScript(scriptPath, p.sess); err != nil {
|
||||
if err, p.Script = LoadHttpProxyScript(scriptPath, p.Sess); err != nil {
|
||||
return err
|
||||
} else {
|
||||
p.Debug("proxy script %s loaded.", scriptPath)
|
||||
|
|
@ -210,18 +230,18 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRed
|
|||
}
|
||||
|
||||
if p.doRedirect {
|
||||
if !p.sess.Firewall.IsForwardingEnabled() {
|
||||
if !p.Sess.Firewall.IsForwardingEnabled() {
|
||||
p.Info("enabling forwarding.")
|
||||
p.sess.Firewall.EnableForwarding(true)
|
||||
p.Sess.Firewall.EnableForwarding(true)
|
||||
}
|
||||
|
||||
p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
|
||||
p.Redirection = firewall.NewRedirection(p.Sess.Interface.Name(),
|
||||
"TCP",
|
||||
httpPort,
|
||||
p.Address,
|
||||
proxyPort)
|
||||
|
||||
if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
|
||||
if err := p.Sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -230,7 +250,7 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRed
|
|||
p.Warning("port redirection disabled, the proxy must be set manually to work")
|
||||
}
|
||||
|
||||
p.sess.UnkCmdCallback = func(cmd string) bool {
|
||||
p.Sess.UnkCmdCallback = func(cmd string) bool {
|
||||
if p.Script != nil {
|
||||
return p.Script.OnCommand(cmd)
|
||||
}
|
||||
|
|
@ -277,14 +297,13 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *
|
|||
|
||||
func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
|
||||
certFile string,
|
||||
keyFile string, jsToInject string, stripSSL bool) (err error) {
|
||||
if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL); err != nil {
|
||||
keyFile string, jsToInject string, stripSSL bool, useIDN bool) (err error) {
|
||||
if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL, useIDN); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
p.isTLS = true
|
||||
p.Name = "https.proxy"
|
||||
p.tag = session.AsTag("https.proxy")
|
||||
p.CertFile = certFile
|
||||
p.KeyFile = keyFile
|
||||
|
||||
|
|
@ -393,7 +412,7 @@ func (p *HTTPProxy) Start() {
|
|||
var err error
|
||||
|
||||
strip := tui.Yellow("enabled")
|
||||
if !p.stripper.Enabled() {
|
||||
if !p.Stripper.Enabled() {
|
||||
strip = tui.Dim("disabled")
|
||||
}
|
||||
|
||||
|
|
@ -414,13 +433,13 @@ func (p *HTTPProxy) Start() {
|
|||
func (p *HTTPProxy) Stop() error {
|
||||
if p.doRedirect && p.Redirection != nil {
|
||||
p.Debug("disabling redirection %s", p.Redirection.String())
|
||||
if err := p.sess.Firewall.EnableRedirection(p.Redirection, false); err != nil {
|
||||
if err := p.Sess.Firewall.EnableRedirection(p.Redirection, false); err != nil {
|
||||
return err
|
||||
}
|
||||
p.Redirection = nil
|
||||
}
|
||||
|
||||
p.sess.UnkCmdCallback = nil
|
||||
p.Sess.UnkCmdCallback = nil
|
||||
|
||||
if p.isTLS {
|
||||
p.isRunning = false
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue