From 873112c8e7a87daec9aed10e037041faca0eb805 Mon Sep 17 00:00:00 2001 From: byt3bl33d3r Date: Sun, 15 Mar 2015 20:22:31 +0100 Subject: [PATCH] - Fixed a bug when ARP spoofing via arp replies - Amended license --- README.md | 4 ++-- libs/banners.py | 18 ++++++++++++++++++ libs/beefapi.py | 19 +++++++++++++++++++ libs/msfrpc.py | 23 ++++++++++++++++++----- libs/sslstrip/ClientRequest.py | 2 +- libs/sslstrip/CookieCleaner.py | 2 +- libs/sslstrip/DnsCache.py | 18 ++++++++++++++++++ libs/sslstrip/SSLServerConnection.py | 2 +- libs/sslstrip/ServerConnection.py | 2 +- libs/sslstrip/ServerConnectionFactory.py | 2 +- libs/sslstrip/StrippingProxy.py | 2 +- libs/sslstrip/URLMonitor.py | 4 ++-- mitmf.py | 20 +++++++++++++++++++- plugins/Spoof.py | 8 ++++---- 14 files changed, 106 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 4887d84b..8466e2b6 100644 --- a/README.md +++ b/README.md @@ -54,9 +54,9 @@ Changelog - FilePwn plugin re-written to backdoor executables and zip files on the fly by using [the-backdoor-factory](https://github.com/secretsquirrel/the-backdoor-factory) and code from [BDFProxy](https://github.com/secretsquirrel/BDFProxy) -- Added msfrpc.py for interfacing with Metasploits rpc server +- Added [msfrpc.py](https://github.com/byt3bl33d3r/msfrpc/blob/master/python-msfrpc/msfrpc.py) for interfacing with Metasploits rpc server -- Added beefapi.py for interfacing with BeEF's RESTfulAPI +- Added [beefapi.py](https://github.com/byt3bl33d3r/beefapi) for interfacing with BeEF's RESTfulAPI - Addition of the app-cache poisoning attack by [Krzysztof Kotowicz](https://github.com/koto/sslstrip) (blogpost explaining the attack here http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html) diff --git a/libs/banners.py b/libs/banners.py index c8d42bc0..323624fc 100644 --- a/libs/banners.py +++ b/libs/banners.py @@ -1,6 +1,24 @@ #! /usr/bin/env python2.7 # -*- coding: utf-8 -*- +# Copyright (c) 2014-2016 Marcello Salvati +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# + import random banner1 = """ diff --git a/libs/beefapi.py b/libs/beefapi.py index d648e551..cc8960e6 100644 --- a/libs/beefapi.py +++ b/libs/beefapi.py @@ -1,4 +1,23 @@ #!/usr/bin/env python2.7 + +# Copyright (c) 2014-2016 Marcello Salvati +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# + import requests import json from random import sample diff --git a/libs/msfrpc.py b/libs/msfrpc.py index d4f69664..59913ec5 100644 --- a/libs/msfrpc.py +++ b/libs/msfrpc.py @@ -1,11 +1,24 @@ #! /usr/bin/env python2.7 + # MSF-RPC - A Python library to facilitate MSG-RPC communication with Metasploit -# Ryan Linn - RLinn@trustwave.com, Marcello Salvati - byt3bl33d3r@gmail.com -# Copyright (C) 2011 Trustwave -# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. -# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# You should have received a copy of the GNU General Public License along with this program. If not, see . +# Copyright (c) 2014-2016 Ryan Linn - RLinn@trustwave.com, Marcello Salvati - byt3bl33d3r@gmail.com +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# import requests import msgpack diff --git a/libs/sslstrip/ClientRequest.py b/libs/sslstrip/ClientRequest.py index 6c7410ea..58891eb3 100644 --- a/libs/sslstrip/ClientRequest.py +++ b/libs/sslstrip/ClientRequest.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2009 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as diff --git a/libs/sslstrip/CookieCleaner.py b/libs/sslstrip/CookieCleaner.py index 591584a0..997041ab 100644 --- a/libs/sslstrip/CookieCleaner.py +++ b/libs/sslstrip/CookieCleaner.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2011 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as diff --git a/libs/sslstrip/DnsCache.py b/libs/sslstrip/DnsCache.py index 6df81b87..906a6e57 100644 --- a/libs/sslstrip/DnsCache.py +++ b/libs/sslstrip/DnsCache.py @@ -1,3 +1,21 @@ +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# + import logging class DnsCache: diff --git a/libs/sslstrip/SSLServerConnection.py b/libs/sslstrip/SSLServerConnection.py index 5eeab59f..c03556ca 100644 --- a/libs/sslstrip/SSLServerConnection.py +++ b/libs/sslstrip/SSLServerConnection.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2009 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as diff --git a/libs/sslstrip/ServerConnection.py b/libs/sslstrip/ServerConnection.py index 69d937de..8110256e 100644 --- a/libs/sslstrip/ServerConnection.py +++ b/libs/sslstrip/ServerConnection.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2009 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as diff --git a/libs/sslstrip/ServerConnectionFactory.py b/libs/sslstrip/ServerConnectionFactory.py index f694fc0c..d6eb18e8 100644 --- a/libs/sslstrip/ServerConnectionFactory.py +++ b/libs/sslstrip/ServerConnectionFactory.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2009 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as diff --git a/libs/sslstrip/StrippingProxy.py b/libs/sslstrip/StrippingProxy.py index 8a626dfa..f9e707ec 100644 --- a/libs/sslstrip/StrippingProxy.py +++ b/libs/sslstrip/StrippingProxy.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2009 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as diff --git a/libs/sslstrip/URLMonitor.py b/libs/sslstrip/URLMonitor.py index 59f751ad..969db047 100644 --- a/libs/sslstrip/URLMonitor.py +++ b/libs/sslstrip/URLMonitor.py @@ -1,4 +1,4 @@ -# Copyright (c) 2004-2009 Moxie Marlinspike +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as @@ -78,7 +78,7 @@ def addSecureLink(self, client, url): method = url[0:methodIndex] pathIndex = url.find("/", methodIndex) - if (pathIndex == -1): + if pathIndex is -1: pathIndex = len(url) url += "/" diff --git a/mitmf.py b/mitmf.py index 32555773..4bf22f1e 100755 --- a/mitmf.py +++ b/mitmf.py @@ -1,5 +1,23 @@ #!/usr/bin/env python2.7 +# Copyright (c) 2014-2016 Moxie Marlinspike, Marcello Salvati +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# + from twisted.web import http from twisted.internet import reactor @@ -152,7 +170,7 @@ p.initialize(args) load.append(p) except Exception, e: - print "[-] Error loading plugin: " + str(e) + print "[-] Error loading plugin %s: %s" % (p.name, str(e)) #Plugins are ready to go, start MITMf if args.disproxy: diff --git a/plugins/Spoof.py b/plugins/Spoof.py index eb74fe7d..c7d9ef65 100644 --- a/plugins/Spoof.py +++ b/plugins/Spoof.py @@ -117,7 +117,7 @@ def add_options(self, options): options.add_argument('--shellshock', type=str, metavar='PAYLOAD', dest='shellshock', default=None, help='Trigger the Shellshock vuln when spoofing DHCP, and execute specified command') options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP') options.add_argument('--target', dest='target', default=None, help='Specify a host to poison [default: subnet]') - options.add_argument('--arpmode', dest='arpmode', default='req', choices=["req", "rep"], help=' ARP Spoofing mode: requests (req) or replies (rep) [default: req]') + options.add_argument('--arpmode',type=str, dest='arpmode', default='req', choices=["req", "rep"], help=' ARP Spoofing mode: requests (req) or replies (rep) [default: req]') #options.add_argument('--summary', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning') #added by alexander.georgiev@daloo.de @@ -314,7 +314,7 @@ def __init__(self, gateway, interface, mac): self.arpmode = 'req' self.debug = False self.send = True - self.arp_inter = 2 + self.arp_inter = 3 def start(self): if self.gatewaymac is None: @@ -325,10 +325,10 @@ def start(self): if self.targetmac is None: sys.exit("[-] Error: Could not resolve target's MAC address") - if self.arpmode is 'req': + if self.arpmode == 'req': pkt = self.build_arp_req() - elif self.arpmode is 'rep': + elif self.arpmode == 'rep': pkt = self.build_arp_rep() t = threading.Thread(name='arp_spoof', target=self.send_arps, args=(pkt, self.interface, self.debug,))