def replace_redirect(self, response): """Handle sslstrip for HTTP redirects. This does SSLstrip on the Location header. """ resp = util.http.parse_response(response) headers = dict(resp.getheaders()) location = headers["location"] callback = self.build_report_callback(location) new_location = "http://" + location[8:] new_location = ClientReportDetection.add_callback_url( callback, new_location, timeout=5) headers["location"] = new_location self.log(logging.DEBUG, "Replacing redirect to %s with %s" % (location, new_location)) version = "HTTP/1.0" if resp.version == 10 else "HTTP/1.1" message = ("{version} {status} OK\r\n" + "\r\n".join( ["%s: %s" % (k, v) for k, v in headers.items()]) + "\r\n\r\n") data = message.format(version=version, status=resp.status) # Handle any extra data in response after the HTTP response total_consumed = response.index( "\r\n\r\n") + 4 + int(headers.get("content-length", 0)) if total_consumed < len(response): data += response[total_consumed:] return data
def replace_ok(self, response): """Handle sslstrip on HTTP responses that contain data. This goes through and replaces URLs in the response content. """ resp = util.http.parse_response(response) headers = dict(resp.getheaders()) old_length = int(headers.get("content-length", 0)) contents = resp.read(old_length) new_contents = "" prev = 0 # Not perfect but hopefully close enough. urls = re.finditer( "https://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+", contents) for match in urls: url = match.group(0) callback = self.build_report_callback(url) # strip the https url = "http://" + url[8:] new_url = ClientReportDetection.add_callback_url( callback, url, timeout=20) new_contents += contents[prev:match.start()] + new_url prev = match.end() self.log( logging.DEBUG, "Replacing %s with %s" % (match.group(0), new_url)) new_contents += contents[prev:] headers["content-length"] = len(new_contents) version = "HTTP/1.0" if resp.version == 10 else "HTTP/1.1" message = ("{version} 200 OK\r\n" + "\r\n".join( ["%s: %s" % (k, v) for k, v in headers.items()]) + "\r\n\r\n" + "{data}") data = message.format(version=version, data=new_contents) # Handle any extra data in response after the HTTP response total_consumed = response.index("\r\n\r\n") + 4 + old_length if total_consumed < len(response): data += response[total_consumed:] return data
def build_payload(self): url = ClientReportDetection.add_callback_url( self.on_report, self.base_url) return self.base_payload % (url)