github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-06 13:02:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix sslstrip & some related issues in http(s).proxy and dns.spoof

Browse source
This commit is contained in:
Petitoto 2020-04-20 13:35:32 +01:00
parent 318029c022
commit 40c7203d1f
7 changed files with 220 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/https_proxy/https_proxy.go
View file

@ -17,7 +17,7 @@ type HttpsProxy struct {
func NewHttpsProxy(s *session.Session) *HttpsProxy {
mod := &HttpsProxy{
SessionModule: session.NewSessionModule("https.proxy", s),
proxy: http_proxy.NewHTTPProxy(s),
proxy: http_proxy.NewHTTPProxy(s, "https.proxy"),
}
mod.AddParam(session.NewIntParameter("https.port",
@ -41,6 +41,10 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy {
"false",
"Enable or disable SSL stripping."))
mod.AddParam(session.NewBoolParameter("https.proxy.sslstrip.useIDN",
"false",
"Use an Internationalized Domain Name to bypass HSTS. Otherwise, double the last TLD's character"))
mod.AddParam(session.NewStringParameter("https.proxy.injectjs",
"",
"",
@ -81,6 +85,8 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy {
return mod.Stop()
}))
mod.InitState("stripper")
return mod
}
@ -106,6 +112,7 @@ func (mod *HttpsProxy) Configure() error {
var certFile string
var keyFile string
var stripSSL bool
var useIDN bool
var jsToInject string
var whitelist string
var blacklist string
@ -122,6 +129,8 @@ func (mod *HttpsProxy) Configure() error {
return err
} else if err, stripSSL = mod.BoolParam("https.proxy.sslstrip"); err != nil {
return err
} else if err, useIDN = mod.BoolParam("https.proxy.sslstrip.useIDN"); err != nil {
return err
} else if err, certFile = mod.StringParam("https.proxy.certificate"); err != nil {
return err
} else if certFile, err = fs.Expand(certFile); err != nil {
@ -160,8 +169,13 @@ func (mod *HttpsProxy) Configure() error {
mod.Info("loading proxy certification authority TLS certificate from %s", certFile)
}
return mod.proxy.ConfigureTLS(address, proxyPort, httpPort, doRedirect, scriptPath, certFile, keyFile, jsToInject,
stripSSL)
error := mod.proxy.ConfigureTLS(address, proxyPort, httpPort, doRedirect, scriptPath, certFile, keyFile, jsToInject,
stripSSL, useIDN)
// save stripper to share it with other http(s) proxies
mod.State.Store("stripper", mod.proxy.Stripper)
return error
}
func (mod *HttpsProxy) Start() error {
@ -175,6 +189,7 @@ func (mod *HttpsProxy) Start() error {
}
func (mod *HttpsProxy) Stop() error {
mod.State.Store("stripper", nil)
return mod.SetRunning(false, func() {
mod.proxy.Stop()
})