github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-20 05:23:19 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: slightly better handling of http->http redirections while sslstrip is enabled (ref #154)

Browse source
This commit is contained in:
evilsocket 2018-03-27 14:46:10 +02:00
commit ea31346e3e
No known key found for this signature in database
GPG key ID: 1564D7F30393A456
1 changed files with 54 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

54
modules/http_proxy_base_sslstriper.go
View file

@ -5,6 +5,7 @@ import (
"io/ioutil" "io/ioutil"
"net" "net"
"net/http" "net/http"
"net/url"
"regexp" "regexp"
"strings" "strings"
@ -20,6 +21,7 @@ import (
) )
var ( var (
maxRedirs = 5
httpsLinksParser = regexp.MustCompile(`https://[^"'/]+`) httpsLinksParser = regexp.MustCompile(`https://[^"'/]+`)
subdomains = map[string]string{ subdomains = map[string]string{
"www": "wwwww", "www": "wwwww",
@ -36,6 +38,7 @@ type SSLStripper struct {
hosts *HostTracker hosts *HostTracker
handle *pcap.Handle handle *pcap.Handle
pktSourceChan chan gopacket.Packet pktSourceChan chan gopacket.Packet
redirs map[string]int
} }
func NewSSLStripper(s *session.Session, enabled bool) *SSLStripper { func NewSSLStripper(s *session.Session, enabled bool) *SSLStripper {
@ -45,6 +48,7 @@ func NewSSLStripper(s *session.Session, enabled bool) *SSLStripper {
hosts: NewHostTracker(), hosts: NewHostTracker(),
session: s, session: s,
handle: nil, handle: nil,
redirs: make(map[string]int),
} }
strip.Enable(enabled) strip.Enable(enabled)
return strip return strip
@ -291,6 +295,27 @@ func (s *SSLStripper) Preprocess(req *http.Request, ctx *goproxy.ProxyCtx) (redi
return return
} }
func (s *SSLStripper) isMaxRedirs(hostname string) bool {
// did we already track redirections for this host?
if nredirs, found := s.redirs[hostname]; found == true {
// reached the threshold?
if nredirs >= maxRedirs {
log.Warning("[%s] Hit max redirections for %s, serving HTTPS.", core.Green("sslstrip"), hostname)
// reset
delete(s.redirs, hostname)
return true
} else {
// increment
s.redirs[hostname]++
}
} else {
// start tracking redirections
s.redirs[hostname] = 1
}
return false
}
func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) { func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) {
if s.enabled == false { if s.enabled == false {
return return
@ -298,6 +323,35 @@ func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) {
return return
} }
// is the server redirecting us?
if res.StatusCode != 200 {
// extract Location header
if location, err := res.Location(); location != nil && err == nil {
orig := res.Request.URL
origHost := orig.Hostname()
newHost := location.Host
newURL := location.String()
// are we getting redirected from http to https?
if orig.Scheme == "http" && location.Scheme == "https" {
log.Info("[%s] Got redirection from HTTPS to HTTP: %s -> %s", core.Green("sslstrip"), core.Yellow("http://"+origHost), core.Bold("https://"+newHost))
// if we still did not reach max redirections, strip the URL down to
// an alternative HTTP version
if s.isMaxRedirs(origHost) {
strippedURL := s.processURL(newURL)
u, _ := url.Parse(strippedURL)
hostStripped := u.Hostname()
s.hosts.Track(origHost, hostStripped)
res.Header.Set("Location", strippedURL)
}
}
}
}
// process response headers // process response headers
s.stripResponseHeaders(res) s.stripResponseHeaders(res)