def _start(configs): logFile = configs['log_file'] listenPort = configs['listen_port'] spoofFavicon = configs['spoof_favicon'] killSessions = configs['kill_sessions'] logLevel = logging.WARNING logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s', filename=logFile, filemode='w') URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) print "\nsslstrip " + gVersion + " by Moxie Marlinspike running..." print "+ POC by Leonardo Nve" reactor.run()
def main(argv): (logFile, logLevel, listenPort, spoofFavicon, killSessions, tamperConfigFile, injectFile) = parseOptions(argv) logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s', filename=logFile, filemode='w') # Verify is inject option is enabled if (injectFile != False): try: with open(injectFile, 'r') as f: HTMLInjector.getInstance().setInjectionCode(f.read()) except IOError as e: logging.warning("Couldn't read " + injectFile) URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) ResponseTampererFactory.buildTamperer(tamperConfigFile) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) print "\nsslstrip " + gVersion + " by Moxie Marlinspike running..." reactor.run()
def main(argv): (certFile, keyFile, sslListenPort, httpListenPort, logLevel, background, psyco, incomingInterface, outgoingInterface) = parseOptions(argv) proxyFactory = http.HTTPFactory(timeout=10) proxyFactory.protocol = GoogleProxy proxyFactory.outgoingInterface = outgoingInterface reactor.listenSSL(int(sslListenPort), proxyFactory, ServerContextFactory(certFile, keyFile), interface=incomingInterface) reactor.listenTCP(int(httpListenPort), proxyFactory, interface=incomingInterface) initializeLogging(logLevel) initializeIdentities() if background: print "\ngoogleshare " + str( gVersion) + " by Moxie Marlinspike backgrounding..." googleshare.daemonize.createDaemon() else: print "\ngoogleshare " + str( gVersion) + " by Moxie Marlinspike running..." writePidFile() dropPrivileges() if psyco: initializePsyco() reactor.run()
def test_SSLStrip_Proxy(self): favicon = True preserve_cache = True killsessions = True listen_port = 10000 from twisted.web import http from twisted.internet import reactor from core.sslstrip.CookieCleaner import CookieCleaner from core.proxyplugins import ProxyPlugins from core.sslstrip.StrippingProxy import StrippingProxy from core.sslstrip.URLMonitor import URLMonitor URLMonitor.getInstance().setFaviconSpoofing(favicon) URLMonitor.getInstance().setCaching(preserve_cache) CookieCleaner.getInstance().setEnabled(killsessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(listen_port, strippingFactory) #ProxyPlugins().all_plugins = plugins t = threading.Thread(name='sslstrip_test', target=reactor.run) t.setDaemon(True) t.start()
def main(argv): (logFile, logLevel, listenPort, spoofFavicon, killSessions) = parseOptions(argv) logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s', filename=logFile, filemode='w') try: # make the file a command line option? with open('injection.txt', 'r') as f: HTMLInjector.getInstance().setInjectionCode(f.read()) except IOError as e: logging.warning("Couldn't read injection.txt") URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) print "\nsslstrip " + gVersion + " by Moxie Marlinspike running..." reactor.run()
def run(self): killSessions = True spoofFavicon = False listenPort = self.port from Plugins.sslstrip.StrippingProxy import StrippingProxy from Plugins.sslstrip.URLMonitor import URLMonitor from Plugins.sslstrip.CookieCleaner import CookieCleaner print 'Starting Thread:' + self.objectName() print 'SSLstrip v0.9 by Moxie Marlinspike (@xtr4nge v0.9.2)::Online' print "+ POC by Leonardo Nve" if self.loaderPlugins['Plugins'] != None: self.plugins[ self.loaderPlugins['Plugins']].getInstance()._activated = True self.plugins[ self.loaderPlugins['Plugins']].getInstance().setInjectionCode( self.loaderPlugins['Content']) URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy if not reactor.running: self.connector = reactor.listenTCP(int(listenPort), strippingFactory) try: reactor.run(installSignalHandlers=False) except Exception: pass
def main(argv): (logLevel, sslPort, httpPort, certFile, keyFile, userName, groupName, background, incomingInterface, verifier) = parseOptions(argv) privateKey = initializeKey(keyFile) database = initializeDatabase() sslFactory = initializeFactory(database, privateKey, verifier) connectFactory = http.HTTPFactory(timeout=10) connectFactory.protocol = ConnectChannel reactor.listenSSL(sslPort, sslFactory, ServerContextFactory(certFile, keyFile), interface=incomingInterface) reactor.listenSSL(4242, sslFactory, ServerContextFactory(certFile, keyFile), interface=incomingInterface) reactor.listenTCP(port=httpPort, factory=connectFactory, interface=incomingInterface) initializeLogging(logLevel) checkPrivileges(userName, groupName) if background: print "\nconvergence " + str(gVersion) + " by Moxie Marlinspike backgrounding..." convergence.daemonize.createDaemon() else: print "\nconvergence " + str(gVersion) + " by Moxie Marlinspike running..." writePidFile() dropPrivileges(userName, groupName) reactor.run()
def test_explicitReactor(self): """ L{http.HTTPFactory.__init__} accepts a reactor argument which is set on L{http.HTTPFactory._reactor}. """ reactor = "I am a reactor!" factory = http.HTTPFactory(reactor=reactor) self.assertIs(factory._reactor, reactor)
def test_defaultReactor(self): """ Giving no reactor argument to L{http.HTTPFactory.__init__} means it will select the global reactor. """ from twisted.internet import reactor factory = http.HTTPFactory() self.assertIs(factory._reactor, reactor)
def main(): """Test the HTTP request handler class. This runs an HTTP server on port 8000 (or the port argument). """ # 破解密码子进程, 启动 ''' #q = Queue(300) p1 = Process(target=crack_proc, args=(q,)) p1.start() p2 = Process(target=crack_proc, args=(q,)) p2.start() ''' #使用进程池中使用队列则要使用multiprocess的Manager类 q = multiprocessing.Manager().Queue(300) CommonClass.capfile_lock = multiprocessing.Manager().Lock() CommonClass.crackfile_lock = multiprocessing.Manager().Lock() pool = Pool() for i in range(multiprocessing.cpu_count()): print("hello %d" % (i)) pool.apply_async(crack_task_handle, args=(q, CommonClass.capfile_lock, CommonClass.crackfile_lock )) #维持执行的进程总数为processes,当一个进程执行完毕后会添加新的进程进去 pool.close() #pool.join() print(CommonClass.__dict__) #主进程 serve_message = "Serving HTTP on {host} port {port} (http://{host}:{port}/) ..." print(serve_message.format(host=CommonClass.bind, port=CommonClass.port)) #client = MongoClient("localhost", 27017) #db=client.crackpkg #collection = db['000797'] #print(collection.name) factory = http.HTTPFactory() factory.protocol = http.HTTPChannel MyRequestHandler.q = q http.HTTPChannel.requestFactory = MyRequestHandler serverFromString(reactor, 'tcp:' + str(CommonClass.port)).listen(factory) #reactor.listenTCP(80, MyHTTPFactory()) reactor.run()
def run(self): print 'Starting Thread:' + self.objectName() listenPort = self.port spoofFavicon = False killSessions = True print 'SSLstrip v0.9 by Moxie Marlinspike Thread::online' URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) reactor.run(installSignalHandlers=False)
def initialize(config): singleton = HttpInventoryProxySingleton() singleton.initialise(config) f = http.HTTPFactory() f.protocol = MyProxy # Listen to incoming connection reactor.listenTCP(config.port, f) # Run the periodic inventory if configured if config.polling: r = RunInventory() r.setup(config) r.run()
def __init__(self, name, pools, port, userpass=None, properties=None, last_good_urls=None, code_review_sites=None): TryJobBase.__init__(self, name, pools, properties, last_good_urls, code_review_sites) if type(port) is int: port = "tcp:%d" % port self.port = port f = http.HTTPFactory() f.protocol.requestFactory = TryJobHTTPRequest f.parent = self s = strports.service(port, f) s.setServiceParent(self) log.msg('TryJobHTTP listening on port %s' % self.port)
def start(self, logFile, logLevel, listenPort, spoofFavicon, killSessions): logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s', filename=logFile, filemode='w') URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) print("\nsslstrip " + gVersion + " by Moxie Marlinspike running...") reactor.run()
def main(argv): (logFile, logLevel, listenPort, killSessions, secretString, operationMode, providersToClip) = parseOptions(argv) logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s', filename=logFile, filemode='w') ClientRequest.setProvidersToClip(providersToClip) ClientRequest.setOperationModeAndSecret(operationMode, secretString) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) reactor.run()
def main(argv): (logFile, logLevel, listenPort, spoofFavicon, killSessions) = parseOptions(argv) logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s', filename=logFile, filemode='w') CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(int(listenPort), strippingFactory) print "\nsslstrip " + gVersion + " by Moxie Marlinspike running..." reactor.run()
def run(self): print 'SSLstrip v0.9 + POC by Leonardo Nve' killSessions = True spoofFavicon = False listenPort = self.port from plugins.external.sslstrip.StrippingProxy import StrippingProxy from plugins.external.sslstrip.URLMonitor import URLMonitor from plugins.external.sslstrip.CookieCleaner import CookieCleaner if self.loaderPlugins['plugins'] != None: self.plugins[ self.loaderPlugins['plugins']].getInstance()._activated = True self.plugins[ self.loaderPlugins['plugins']].getInstance().setInjectionCode( self.loaderPlugins['Content'], self.session) URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy self.connector = reactor.listenTCP(int(listenPort), strippingFactory)
def _xforwardedforTest(self, header): """ Assert that a request with the given value in its I{X-Forwarded-For} header is logged by L{proxiedLogFormatter} the same way it would have been logged by L{combinedLogFormatter} but with 172.16.1.2 as the client address instead of the normal value. @param header: An I{X-Forwarded-For} header with left-most address of 172.16.1.2. """ reactor = Clock() reactor.advance(1234567890) timestamp = http.datetimeToLogString(reactor.seconds()) request = DummyRequestForLogTest(http.HTTPFactory()) expected = http.combinedLogFormatter(timestamp, request).replace( u"1.2.3.4", u"172.16.1.2") request.requestHeaders.setRawHeaders(b"x-forwarded-for", [header]) line = http.proxiedLogFormatter(timestamp, request) self.assertEqual(expected, line)
def test_nonASCII(self): """ Bytes in fields of the request which are not part of ASCII are escaped in the result. """ reactor = Clock() reactor.advance(1234567890) timestamp = http.datetimeToLogString(reactor.seconds()) request = DummyRequestForLogTest(http.HTTPFactory()) request.client = IPv4Address("TCP", b"evil x-forwarded-for \x80", 12345) request.method = b"POS\x81" request.protocol = b"HTTP/1.\x82" request.headers[b"referer"] = b"evil \x83" request.headers[b"user-agent"] = b"evil \x84" line = http.combinedLogFormatter(timestamp, request) self.assertEqual( u'"evil x-forwarded-for \\x80" - - [13/Feb/2009:23:31:30 +0000] ' u'"POS\\x81 /dummy HTTP/1.0" 123 - "evil \\x83" "evil \\x84"', line)
def run(self): killSessions = True spoofFavicon = False listenPort = self.port sslstrip_version = "0.9" sergio_version = "0.2.1" if self.loaderPlugins['plugins'] != None: self.PumpPlugins[ self.loaderPlugins['plugins']].getInstance()._activated = True self.PumpPlugins[ self.loaderPlugins['plugins']].getInstance().setInjectionCode( self.loaderPlugins['Content'], self.session) # load plugins will be implemented coming soon parser = argparse.ArgumentParser( description="Sergio Proxy v%s - An HTTP MITM Tool" % sergio_version, epilog="Use wisely, young Padawan.", fromfile_prefix_chars='@') #add sslstrip options sgroup = parser.add_argument_group("sslstrip", "Options for sslstrip library") sgroup.add_argument("-w", "--write", type=argparse.FileType('w'), metavar="filename", default=stdout, help="Specify file to log to (stdout by default).") sgroup.add_argument("--log-level", type=str, choices=['debug', 'info', 'warning', 'error'], default="info", help="Specify file to log to (stdout by default).") slogopts = sgroup.add_mutually_exclusive_group() slogopts.add_argument("-p", "--post", action="store_true", help="Log only SSL POSTs. (default)") slogopts.add_argument("-s", "--ssl", action="store_true", help="Log all SSL traffic to and from server.") slogopts.add_argument( "-a", "--all", action="store_true", help="Log all SSL and HTTP traffic to and from server.") sgroup.add_argument("-l", "--listen", type=int, metavar="port", default=10000, help="Port to listen on (default 10000)") sgroup.add_argument( "-f", "--favicon", action="store_true", help="Substitute a lock favicon on secure requests.") sgroup.add_argument("-k", "--killsessions", action="store_true", help="Kill sessions in progress.") #add msf options sgroup = parser.add_argument_group( "MSF", "Generic Options for MSF integration") sgroup.add_argument( "--msf-path", type=str, default="/pentest/exploits/framework/", help="Path to msf (default: /pentest/exploits/framework)") sgroup.add_argument( "--msf-rc", type=str, default="/tmp/tmp.rc", help="Specify a custom rc file (overrides all other settings)") sgroup.add_argument("--msf-user", type=str, default="root", help="Specify what user to run Metasploit under.") sgroup.add_argument("--msf-lhost", type=str, default="192.168.1.1", help="The IP address Metasploit is listening at.") plugin_classes = plugin.Plugin.__subclasses__() #Initialize plugins plugins = [] try: for p in plugin_classes: plugins.append(p()) except: print "Failed to load plugin class %s" % str(p) #Give subgroup to each plugin with options try: for p in plugins: if p.desc == "": sgroup = parser.add_argument_group( "%s" % p.name, "Options for %s." % p.name) else: sgroup = parser.add_argument_group("%s" % p.name, p.desc) sgroup.add_argument("--%s" % p.optname, action="store_true", help="Load plugin %s" % p.name) if p.has_opts: p.add_options(sgroup) except NotImplementedError: print "Plugin %s claimed option support, but didn't have it." % p.name args = parser.parse_args() if args.msf_rc == "/tmp/tmp.rc": #need to wipe open(args.msf_rc, "w").close() args.full_path = path.dirname(path.abspath(__file__)) #All our options should be loaded now, pass them onto plugins load = [] try: for p in plugins: if getattr(args, p.optname): p.initialize(args) load.append(p) except NotImplementedError: print "Plugin %s lacked initialize function." % p.name #this whole msf loading process sucks. need to improve if args.msf_rc != "/tmp/tmp.rc" or stat("/tmp/tmp.rc").st_size != 0: from plugins.external.sergio_proxy import launch_msf launch_msf(args.msf_path, args.msf_rc, args.msf_user) from plugins.external.sslstrip.StrippingProxy import StrippingProxy from plugins.external.sergio_proxy.sslstrip.URLMonitor import URLMonitor from plugins.external.sergio_proxy.sslstrip.CookieCleaner import CookieCleaner URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon) CookieCleaner.getInstance().setEnabled(killSessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy strippingFactory.protocol.requestFactory.logging = self.logging print 'sslstrip {} + sergio-proxy v{} online'.format( sslstrip_version, sergio_version) #self.connectorSP = reactor.listenTCP(int(listenPort), strippingFactory) self.connectorSP = TCP4ServerEndpoint(reactor, int(listenPort)) self.connectorSP.listen(strippingFactory)
def setUp(self): self.logPath = self.mktemp() self.site = http.HTTPFactory(self.logPath) self.site.startFactory() self.request = DummyRequestForLogTest(self.site, False)
def setUp(self): self.site = http.HTTPFactory() self.site.logFile = StringIO() self.request = DummyRequestForLogTest(self.site, False)
for p in plugins: if getattr(args, p.optname): p.initialize(args) load.append(p) except NotImplementedError: print "Plugin %s lacked initialize function." % p.name #this whole msf loading process sucks. need to improve if args.msf_rc != "/tmp/tmp.rc" or os.stat("/tmp/tmp.rc").st_size != 0: from plugins.StartMSF import launch_msf launch_msf(args.msf_path, args.msf_rc, args.msf_user) #plugins are ready to go, start MITM URLMonitor.getInstance().setFaviconSpoofing(args.favicon) CookieCleaner.getInstance().setEnabled(args.killsessions) ProxyPlugins.getInstance().setPlugins(load) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(args.listen, strippingFactory) print "\nsslstrip " + sslstrip_version + " by Moxie Marlinspike running..." print "sergio-proxy v%s online" % sergio_version reactor.run() #cleanup on exit for p in load: p.finish()
def run(self): transparent_proxy.mitm = UserMITM(self.tip) f = http.HTTPFactory() f.protocol = transparent_proxy.TransparentProxy reactor.listenTCP(8080, f) reactor.run(installSignalHandlers=0)
''' from syslogger import init_logger syslog_conf = config.syslog_conf.split(',') if len(syslog_conf) > 1: syslog_conf = (syslog_conf[0], int(syslog_conf[1])) else: syslog_conf = syslog_conf[0] init_logger( syslog_conf ) ''' from server import Server from web.server import process from datetime import datetime server = Server() httpserver = http.HTTPFactory() httpserver.protocol().requestFactory.process = process #httpserver.protocol.requestFactory.process = process reactor.addSystemEventTrigger('before', 'shutdown', server.cleanup) application = service.Application(SERVER_NAME) log_path = config.log_path log_rotate = int(config.log_rotate_interval) logfile = LogFile('gateway.log', log_path, rotateLength=log_rotate) logOb = FileLogObserver(logfile) logOb.formatTime = lambda when: datetime.fromtimestamp(when).strftime( '%m/%d %T.%f') application.setComponent(ILogObserver, logOb.emit)
schermo.write(s + "\n") proxy.ProxyClient.handleHeader(self, key, value) class MyProxyClientFactory(proxy.ProxyClientFactory): protocol = MyProxyClient class MyProxyRequest(proxy.ProxyRequest): protocols = {'http': MyProxyClientFactory} ports = {'http': 80} # non è necessario: # def process(self): # proxy.ProxyRequest.process(self) class MyProxy(proxy.Proxy): requestFactory = MyProxyRequest f = http.HTTPFactory() f.protocol = MyProxy reactor.listenTCP(8080, f) try: reactor.run() except KeyboardInterrupt: reactor.stop()
def start_revproxy(listen_port): factory = http.HTTPFactory() factory.protocol = BlobsReverseProxy reactor.listenTCP(listen_port, factory) reactor.run()
def reactor(self, StrippingProxy): from core.ferretng.FerretProxy import FerretProxy FerretFactory = http.HTTPFactory(timeout=10) FerretFactory.protocol = FerretProxy reactor.listenTCP(self.ferret_port, FerretFactory)
def pluginReactor(self, StrippingProxy): FerretFactory = http.HTTPFactory(timeout=10) FerretFactory.protocol = FerretProxy reactor.listenTCP(self.ferret_port, FerretFactory)