mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-03-12 04:35:49 -07:00
eea5f53be2
Added a plugin system to Net-Creds so you can now add your own parsers, api hook names might change between now and the offcial release (will submit a PR to the original repo once completed) The main MITM HTTP Proxy now uses mitmproxy which is a big deal, cuts the code down by an insane amount, no more twisted! yay! Basic plugin have been re-wrote for the new proxy engine Since we are using mitmproxy we have out of the box support for SSL/TLS!
31 lines
1.1 KiB
Python
31 lines
1.1 KiB
Python
from parsers.parser import Parser
|
|
import re
|
|
|
|
class FTP(Parser):
|
|
name = 'FTP'
|
|
|
|
ftp_user_re = re.compile(r'USER (.+)\r\n')
|
|
ftp_pw_re = re.compile(r'PASS (.+)\r\n')
|
|
|
|
def TCP_Parser(self, payload, src_ip_port, dest_ip_port):
|
|
# Sometimes FTP packets double up on the authentication lines
|
|
# We just want the lastest one. Ex: "USER danmcinerney\r\nUSER danmcinerney\r\n"
|
|
num = payload.lower().count('USER')
|
|
if num > 1:
|
|
lines = payload.count('\r\n')
|
|
if lines > 1:
|
|
payload = payload.split('\r\n')[-2] # -1 is ''
|
|
|
|
# FTP and POP potentially use idential client > server auth pkts
|
|
ftp_user = self.ftp_user_re.match(payload)
|
|
ftp_pass = self.ftp_pass_re.match(payload)
|
|
|
|
if ftp_user:
|
|
self.logger('FTP User: {}'.format(ftp_user.group(1).strip()))
|
|
if dst_ip_port[-3:] != ':21':
|
|
self.logger('Nonstandard FTP port, confirm the service that is running on it')
|
|
|
|
elif ftp_pass:
|
|
self.logger('FTP Pass: {}'.format(ftp_pass.group(1).strip()))
|
|
if dst_ip_port[-3:] != ':21':
|
|
self.logger('Nonstandard FTP port, confirm the service that is running on it') |