class CoreSettings(Linux):
Name = "General"
ID = "General"
ConfigRoot = "General"
Category = "General"
Icon = None
__subitem = False
conf = {}
def __init__(self, parent=0, FSettings=None):
super(CoreSettings, self).__init__()
self.parent = parent
self.conf = SettingsINI(C.CONFIG_INI)
def deleteObject(self, obj):
""" reclaim memory """
del obj
@property
def getIptablesPath(self):
return self.conf.get("iptables", "path_binary")
@property
def isSubitem(self):
return self.__subitem
def osWalkCallback(self, arg, directory, files):
pass
class TestConfigPumpkinProxy(unittest.TestCase):
def test_config_key_set(self):
self.config = SettingsINI(C.CONFIG_PP_INI)
self.result = "http://example.com/foo.js"
self.value = self.config.get("set_js_inject", "url")
self.assertEqual(self.result, self.value)
def test_get_all_configkey_list(self):
self.config = SettingsINI(C.CONFIG_PP_INI)
self.result = ["url"]
self.value = self.config.get_all_childname("set_js_inject")
self.assertEqual(self.result, self.value)
def do_list(self, args):
""" show all avaliable templates from github """
if not path.isfile(self.save_path):
print(
display_messages(
"can't find downloaded file: {}".format(self.save_path), error=True
)
)
return
config = SettingsINI(self.config_file_ini)
plugins_installed = self.config_default.get_all_childname("plugins")
self.plugins_remote = {}
for plugin in config.get_all_childname("plugins"):
self.plugins_remote[plugin] = {}
for info in config.get_all_childname("info_{}".format(plugin)):
self.plugins_remote[plugin][info] = config.get(
"info_{}".format(plugin), info
)
self.plugins_remote[plugin]["installed"] = (
setcolor("True", color="green")
if plugin in plugins_installed
else setcolor("False", color="red")
)
self.table_output = []
for plugin in self.plugins_remote:
self.table_output.append(
[
self.plugins_remote[plugin]["name"],
self.plugins_remote[plugin]["author"],
self.plugins_remote[plugin]["installed"],
self.plugins_remote[plugin]["preview"],
]
)
if len(self.table_output) > 0:
print(
display_messages(
"Available Customs CaptiveFlask:", info=True, sublime=True
)
)
display_tabulate(self.table_headers, self.table_output)
def test_read_config_SettingsINI(self):
config_file_ini = (tempfile.gettempdir() +
"/extra-captiveflask-master/config.ini")
config = SettingsINI(config_file_ini)
result = {
"example": {
"author": "mh4x0f",
"description": "Example is a simple portal default page",
"preview": "https://i.imgur.com/G0wtAme.png",
"name": "example",
"version": "1.0",
}
}
plugins = {}
for plugin in config.get_all_childname("plugins"):
plugins[plugin] = {}
for info in config.get_all_childname("info_{}".format(plugin)):
plugins[plugin][info] = config.get("info_{}".format(plugin),
info)
for plugin in plugins:
print(plugin)
self.assertEqual(result["example"], plugins["example"])
class SettingsPluginsResource(Resource):
config = None
key_name = "plugins"
def create_config(self, plugin_id):
plugin_settings_ini = C.ALL_CONFIGSINI.get(plugin_id)
if plugin_settings_ini is None:
return
self.config = SettingsINI(plugin_settings_ini)
@token_required
def get(self, plugin_id=None):
self.create_config(plugin_id)
if self.config is None:
return exception(
"Cannot found plugin {} ini file.".format(plugin_id), code=400)
data = {}
for key in self.config.get_all_childname(self.key_name):
data[key] = self.config.get(self.key_name, key)
for sub_key in self.config.get_all_childname("set_{}".format(key)):
if "set_{}".format(key) in list(data.keys()):
data["set_{}".format(key)].append({
sub_key:
self.config.get("set_{}".format(key), sub_key)
})
else:
data["set_{}".format(key)] = []
data["set_{}".format(key)].append({
sub_key:
self.config.get("set_{}".format(key), sub_key)
})
return jsonify(data)
@token_required
def post(self, plugin_id=None):
data = request.get_json(force=True)
self.create_config(plugin_id)
if self.config is None:
return exception(
"Cannot found plugin {} ini file.".format(plugin_id), code=400)
for key, value in data.items():
if str(key).startswith("set_"):
for item in value:
for sub_key, sub_value in item.items():
if not sub_key in self.config.get_all_childname(key):
return exception(
"Cannot found that attribute {} on {}!".format(
sub_key, key),
code=400,
)
self.config.set(key, sub_key, sub_value)
else:
if not key in self.config.get_all_childname(self.key_name):
return exception(
"Cannot found that attribute {} on {}!".format(
key, self.key_name),
code=400,
)
self.config.set(self.key_name, key, value)
return jsonify(data)
class Sniffkin3Core(QtCore.QThread):
_ProcssOutput = QtCore.pyqtSignal(object)
def __init__(self, interface, session):
QtCore.QThread.__init__(self)
self.interface = interface
self.session = session
self.stopped = False
self.config = SettingsINI(C.CONFIG_SK_INI)
def run(self):
self.main()
def sniffer(self, q):
while not self.stopped:
try:
sniff(
iface=self.interface,
filter="tcp and ( port 80 or port 8080)",
prn=lambda x: q.put(x),
store=0,
)
except Exception:
pass
if self.stopped:
break
def main(self):
self.plugins = {}
self.plugin_classes = default.PSniffer.__subclasses__()
for p in self.plugin_classes:
plugin_load = p()
self.plugins[plugin_load.Name] = plugin_load
self.plugins[plugin_load.Name].output = self._ProcssOutput
self.plugins[plugin_load.Name].session = self.session
print("\n[*] {} running on port 80/8080:\n".format(self.getID()))
for name in self.plugins.keys():
if self.config.get("plugins", name, format=bool):
self.plugins[name].getInstance()._activated = True
print("TCPProxy::{0:17} status:On".format(name))
print("\n")
q = queue.Queue()
sniff = Thread(target=self.sniffer, args=(q, ))
sniff.start()
while not self.stopped:
try:
pkt = q.get(timeout=0)
for Active in self.plugins.keys():
if self.plugins[Active].getInstance()._activated:
try:
self.plugins[Active].filterPackets(pkt)
except Exception:
pass
except queue.Empty:
pass
def snifferParser(self, pkt):
try:
if (pkt.haslayer(Ether) and pkt.haslayer(Raw)
and not pkt.haslayer(IP) and not pkt.haslayer(IPv6)):
return
self.dport = pkt[TCP].dport
self.sport = pkt[TCP].sport
if pkt.haslayer(TCP) and pkt.haslayer(Raw) and pkt.haslayer(IP):
self.src_ip_port = str(pkt[IP].src) + ":" + str(self.sport)
self.dst_ip_port = str(pkt[IP].dst) + ":" + str(self.dport)
if pkt.haslayer(Raw):
self.load = pkt[Raw].load
if self.load.startswith("GET"):
self.get_http_GET(self.src_ip_port, self.dst_ip_port,
self.load)
self.searchBingGET(
self.load.split("\n", 1)[0].split("&")[0])
elif self.load.startswith("POST"):
header, url = self.get_http_POST(self.load)
self.getCredentials_POST(
pkt.getlayer(Raw).load, url, header, self.dport,
self.sport)
except:
pass
def searchBingGET(self, search):
if "search?q" in search:
searched = search.split("search?q=", 1)[1]
searched = searched.replace("+", " ")
print("Search::BING { %s }" % (searched))
def getCredentials_POST(self, payload, url, header, dport, sport):
user_regex = ("([Ee]mail|%5B[Ee]mail%5D|[Uu]ser|[Uu]sername|"
"[Nn]ame|[Ll]ogin|[Ll]og|[Ll]ogin[Ii][Dd])=([^&|;]*)")
pw_regex = ("([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp][Ss][Ww]|"
"[Pp]asswrd|[Pp]assw|%5B[Pp]assword%5D)=([^&|;]*)")
username = re.findall(user_regex, payload)
password = re.findall(pw_regex, payload)
if not username == [] and not password == []:
self._ProcssOutput.emit({
"POSTCreds": {
"User": username[0][1],
"Pass": password[0][1],
"Url": url,
"destination": "{}/{}".format(sport, dport),
}
})
def get_http_POST(self, load):
dict_head = {}
try:
headers, body = load.split("\r\n\r\n", 1)
header_lines = headers.split("\r\n")
for item in header_lines:
try:
dict_head[item.split()[0]] = item.split()[1]
except Exception:
pass
if "Referer:" in dict_head.keys():
return dict_head, dict_head["Referer:"]
except ValueError:
return None, None
return dict_head, None
def getpid(self):
""" return the pid of current process in background"""
return "thread"
def getID(self):
""" return the name of process in background"""
return self.objectName()
def stop(self):
self.stopped = True
print("Thread::[{}] successfully stopped.".format(self.objectName()))