github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-16 10:03:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

new: implemented basic https proxy (fixes #3)

Browse source
This commit is contained in:
evilsocket 2018-01-14 16:13:47 +01:00
parent c582782dc7
commit 6c4a13b5bc
5 changed files with 187 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
caplets/http-req-dump.cap
View file

@ -14,8 +14,10 @@ set net.sniff.local true
set net.sniff.filter tcp port 443 set net.sniff.filter tcp port 443
net.sniff on net.sniff on
set https.proxy.script caplets/http-req-dump.js
set http.proxy.script caplets/http-req-dump.js set http.proxy.script caplets/http-req-dump.js
clear clear
http.proxy on http.proxy on
https.proxy on
arp.spoof on arp.spoof on

2
main.go
View file

@ -31,7 +31,7 @@ func main() {
sess.Register(modules.NewSniffer(sess)) sess.Register(modules.NewSniffer(sess))
sess.Register(modules.NewHttpServer(sess)) sess.Register(modules.NewHttpServer(sess))
sess.Register(modules.NewHttpProxy(sess)) sess.Register(modules.NewHttpProxy(sess))
// sess.Register(modules.NewHttpsProxy(sess)) sess.Register(modules.NewHttpsProxy(sess))
sess.Register(modules.NewRestAPI(sess)) sess.Register(modules.NewRestAPI(sess))
if err = sess.Start(); err != nil { if err = sess.Start(); err != nil {

4
modules/api_rest.go
View file

@ -127,13 +127,13 @@ func (api *RestAPI) Configure() error {
} }
if core.Exists(api.certFile) == false || core.Exists(api.keyFile) == false { if core.Exists(api.certFile) == false || core.Exists(api.keyFile) == false {
log.Info("Generating RSA key to %s", api.keyFile) log.Info("Generating TLS key to %s", api.keyFile)
log.Info("Generating TLS certificate to %s", api.certFile) log.Info("Generating TLS certificate to %s", api.certFile)
if err := tls.Generate(api.certFile, api.keyFile); err != nil { if err := tls.Generate(api.certFile, api.keyFile); err != nil {
return err return err
} }
} else { } else {
log.Info("Loading RSA key from %s", api.keyFile) log.Info("Loading TLS key from %s", api.keyFile)
log.Info("Loading TLS certificate from %s", api.certFile) log.Info("Loading TLS certificate from %s", api.certFile)
} }

46
modules/http_proxy_base.go
View file

@ -20,19 +20,22 @@ type HTTPProxy struct {
Redirection *firewall.Redirection Redirection *firewall.Redirection
Proxy *goproxy.ProxyHttpServer Proxy *goproxy.ProxyHttpServer
Script *ProxyScript Script *ProxyScript
CertFile string
KeyFile string
s *session.Session isTLS bool
sess *session.Session
} }
func NewHTTPProxy(s *session.Session) *HTTPProxy { func NewHTTPProxy(s *session.Session) *HTTPProxy {
p := &HTTPProxy{ p := &HTTPProxy{
Proxy: goproxy.NewProxyHttpServer(), Proxy: goproxy.NewProxyHttpServer(),
s: s, sess: s,
isTLS: false,
} }
p.Proxy.NonproxyHandler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { p.Proxy.NonproxyHandler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if p.doProxy(req) == true { if p.doProxy(req) == true {
req.URL.Scheme = "http"
req.URL.Host = req.Host req.URL.Host = req.Host
p.Proxy.ServeHTTP(w, req) p.Proxy.ServeHTTP(w, req)
} }
@ -65,7 +68,7 @@ func NewHTTPProxy(s *session.Session) *HTTPProxy {
} }
func (p *HTTPProxy) logAction(req *http.Request, jsres *JSResponse) { func (p *HTTPProxy) logAction(req *http.Request, jsres *JSResponse) {
p.s.Events.Add("http.proxy.spoofed-response", struct { p.sess.Events.Add("http.proxy.spoofed-response", struct {
To string To string
Method string Method string
Host string Host string
@ -107,7 +110,7 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scrip
p.Address = address p.Address = address
if scriptPath != "" { if scriptPath != "" {
if err, p.Script = LoadProxyScript(scriptPath, p.s); err != nil { if err, p.Script = LoadProxyScript(scriptPath, p.sess); err != nil {
return err return err
} else { } else {
log.Debug("Proxy script %s loaded.", scriptPath) log.Debug("Proxy script %s loaded.", scriptPath)
@ -119,18 +122,18 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scrip
Handler: p.Proxy, Handler: p.Proxy,
} }
if p.s.Firewall.IsForwardingEnabled() == false { if p.sess.Firewall.IsForwardingEnabled() == false {
log.Info("Enabling forwarding.") log.Info("Enabling forwarding.")
p.s.Firewall.EnableForwarding(true) p.sess.Firewall.EnableForwarding(true)
} }
p.Redirection = firewall.NewRedirection(p.s.Interface.Name(), p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
"TCP", "TCP",
httpPort, httpPort,
p.Address, p.Address,
proxyPort) proxyPort)
if err := p.s.Firewall.EnableRedirection(p.Redirection, true); err != nil { if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
return err return err
} }
@ -139,9 +142,30 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scrip
return nil return nil
} }
func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, scriptPath string, certFile string, keyFile string) error {
err := p.Configure(address, proxyPort, httpPort, scriptPath)
if err != nil {
return err
}
p.isTLS = true
p.CertFile = certFile
p.KeyFile = keyFile
return nil
}
func (p *HTTPProxy) Start() { func (p *HTTPProxy) Start() {
go func() { go func() {
if err := p.Server.ListenAndServe(); err != nil { var err error
if p.isTLS == true {
err = p.Server.ListenAndServeTLS(p.CertFile, p.KeyFile)
} else {
err = p.Server.ListenAndServe()
}
if err != nil {
log.Warning("%s", err) log.Warning("%s", err)
} }
}() }()
@ -150,7 +174,7 @@ func (p *HTTPProxy) Start() {
func (p *HTTPProxy) Stop() error { func (p *HTTPProxy) Stop() error {
if p.Redirection != nil { if p.Redirection != nil {
log.Debug("Disabling redirection %s", p.Redirection.String()) log.Debug("Disabling redirection %s", p.Redirection.String())
if err := p.s.Firewall.EnableRedirection(p.Redirection, false); err != nil { if err := p.sess.Firewall.EnableRedirection(p.Redirection, false); err != nil {
return err return err
} }
p.Redirection = nil p.Redirection = nil

147
modules/https_proxy.go Normal file
View file

@ -0,0 +1,147 @@
package modules
import (
"github.com/evilsocket/bettercap-ng/core"
"github.com/evilsocket/bettercap-ng/log"
"github.com/evilsocket/bettercap-ng/session"
"github.com/evilsocket/bettercap-ng/tls"
)
type HttpsProxy struct {
session.SessionModule
proxy *HTTPProxy
}
func NewHttpsProxy(s *session.Session) *HttpsProxy {
p := &HttpsProxy{
SessionModule: session.NewSessionModule("https.proxy", s),
proxy: NewHTTPProxy(s),
}
p.AddParam(session.NewIntParameter("https.port",
"443",
"HTTPS port to redirect when the proxy is activated."))
p.AddParam(session.NewStringParameter("https.proxy.address",
session.ParamIfaceAddress,
session.IPv4Validator,
"Address to bind the HTTPS proxy to."))
p.AddParam(session.NewIntParameter("https.proxy.port",
"8083",
"Port to bind the HTTPS proxy to."))
p.AddParam(session.NewStringParameter("https.proxy.certificate",
"~/.bcap-https.proxy.certificate.pem",
"",
"HTTPS proxy TLS certificate."))
p.AddParam(session.NewStringParameter("https.proxy.key",
"~/.bcap-https.proxy.key.pem",
"",
"HTTPS proxy TLS key"))
p.AddParam(session.NewStringParameter("https.proxy.script",
"",
"",
"Path of a proxy JS script."))
p.AddHandler(session.NewModuleHandler("https.proxy on", "",
"Start HTTPS proxy.",
func(args []string) error {
return p.Start()
}))
p.AddHandler(session.NewModuleHandler("https.proxy off", "",
"Stop HTTPS proxy.",
func(args []string) error {
return p.Stop()
}))
return p
}
func (p *HttpsProxy) Name() string {
return "https.proxy"
}
func (p *HttpsProxy) Description() string {
return "A full featured HTTPS proxy that can be used to inject malicious contents into webpages, all HTTPS traffic will be redirected to it."
}
func (p *HttpsProxy) Author() string {
return "Simone Margaritelli <evilsocket@protonmail.com>"
}
func (p *HttpsProxy) Configure() error {
var err error
var address string
var proxyPort int
var httpPort int
var scriptPath string
var certFile string
var keyFile string
if err, address = p.StringParam("https.proxy.address"); err != nil {
return err
}
if err, proxyPort = p.IntParam("https.proxy.port"); err != nil {
return err
}
if err, httpPort = p.IntParam("https.port"); err != nil {
return err
}
if err, certFile = p.StringParam("https.proxy.certificate"); err != nil {
return err
} else if certFile, err = core.ExpandPath(certFile); err != nil {
return err
}
if err, keyFile = p.StringParam("https.proxy.key"); err != nil {
return err
} else if keyFile, err = core.ExpandPath(keyFile); err != nil {
return err
}
if err, scriptPath = p.StringParam("https.proxy.script"); err != nil {
return err
}
if core.Exists(certFile) == false || core.Exists(keyFile) == false {
log.Info("Generating proxy TLS key to %s", keyFile)
log.Info("Generating proxy TLS certificate to %s", certFile)
if err := tls.Generate(certFile, keyFile); err != nil {
return err
}
} else {
log.Info("Loading proxy TLS key from %s", keyFile)
log.Info("Loading proxy TLS certificate from %s", certFile)
}
return p.proxy.ConfigureTLS(address, proxyPort, httpPort, scriptPath, certFile, keyFile)
}
func (p *HttpsProxy) Start() error {
if p.Running() == true {
return session.ErrAlreadyStarted
} else if err := p.Configure(); err != nil {
return err
}
p.SetRunning(true)
p.proxy.Start()
return nil
}
func (p *HttpsProxy) Stop() error {
if p.Running() == false {
return session.ErrAlreadyStopped
}
p.SetRunning(false)
return p.proxy.Stop()
}