Remove proxy-side TLD spoofing.

bettercap · Oct 14, 2020 · 3a2db29 · 3a2db29
1 parent 6971513
commit 3a2db29
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 55 deletions.
diff --git a/modules/http_proxy/http_proxy.go b/modules/http_proxy/http_proxy.go
@@ -54,10 +54,6 @@ func NewHttpProxy(s *session.Session) *HttpProxy {
 		"false",
 		"Enable or disable SSL stripping."))
 
-	mod.AddParam(session.NewBoolParameter("http.proxy.sslstrip.useIDN",
-		"false",
-		"Use an Internationalized Domain Name to bypass HSTS. Otherwise, double the last TLD's character"))
-
 	mod.AddHandler(session.NewModuleHandler("http.proxy on", "",
 		"Start HTTP proxy.",
 		func(args []string) error {
@@ -95,7 +91,6 @@ func (mod *HttpProxy) Configure() error {
 	var doRedirect bool
 	var scriptPath string
 	var stripSSL bool
-	var useIDN bool
 	var jsToInject string
 	var blacklist string
 	var whitelist string
@@ -114,8 +109,6 @@ func (mod *HttpProxy) Configure() error {
 		return err
 	} else if err, stripSSL = mod.BoolParam("http.proxy.sslstrip"); err != nil {
 		return err
-	} else if err, useIDN = mod.BoolParam("http.proxy.sslstrip.useIDN"); err != nil {
-		return err
 	} else if err, jsToInject = mod.StringParam("http.proxy.injectjs"); err != nil {
 		return err
 	} else if err, blacklist = mod.StringParam("http.proxy.blacklist"); err != nil {
@@ -127,7 +120,7 @@ func (mod *HttpProxy) Configure() error {
 	mod.proxy.Blacklist = str.Comma(blacklist)
 	mod.proxy.Whitelist = str.Comma(whitelist)
 
-	error := mod.proxy.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL, useIDN)
+	error := mod.proxy.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL)
 
 	// save stripper to share it with other http(s) proxies
 	mod.State.Store("stripper", mod.proxy.Stripper)

diff --git a/modules/http_proxy/http_proxy_base.go b/modules/http_proxy/http_proxy_base.go
@@ -77,7 +77,7 @@ func NewHTTPProxy(s *session.Session, tag string) *HTTPProxy {
 		Name:       "http.proxy",
 		Proxy:      goproxy.NewProxyHttpServer(),
 		Sess:       s,
-		Stripper:   NewSSLStripper(s, false, false),
+		Stripper:   NewSSLStripper(s, false),
 		isTLS:      false,
 		doRedirect: true,
 		Server:     nil,
@@ -170,7 +170,7 @@ func (p *HTTPProxy) shouldProxy(req *http.Request) bool {
 }
 
 func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
-	jsToInject string, stripSSL bool, useIDN bool) error {
+	jsToInject string, stripSSL bool) error {
 	var err error
 
 	// check if another http(s) proxy is using sslstrip and merge strippers
@@ -192,7 +192,7 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRed
 		}
 	}
 
-	p.Stripper.Enable(stripSSL, useIDN)
+	p.Stripper.Enable(stripSSL)
 	p.Address = address
 	p.doRedirect = doRedirect
 	p.jsHook = ""
@@ -297,8 +297,8 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *
 
 func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
 	certFile string,
-	keyFile string, jsToInject string, stripSSL bool, useIDN bool) (err error) {
-	if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL, useIDN); err != nil {
+	keyFile string, jsToInject string, stripSSL bool) (err error) {
+	if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL); err != nil {
 		return err
 	}
 

diff --git a/modules/http_proxy/http_proxy_base_sslstriper.go b/modules/http_proxy/http_proxy_base_sslstriper.go
@@ -30,24 +30,22 @@ var (
 
 type SSLStripper struct {
 	enabled       bool
-	useIDN        bool
 	session       *session.Session
 	cookies       *CookieTracker
 	hosts         *HostTracker
 	handle        *pcap.Handle
 	pktSourceChan chan gopacket.Packet
 }
 
-func NewSSLStripper(s *session.Session, enabled bool, useIDN bool) *SSLStripper {
+func NewSSLStripper(s *session.Session, enabled bool) *SSLStripper {
 	strip := &SSLStripper{
 		enabled: false,
-		useIDN: false,
 		cookies: NewCookieTracker(),
 		hosts:   NewHostTracker(),
 		session: s,
 		handle:  nil,
 	}
-	strip.Enable(enabled, useIDN)
+	strip.Enable(enabled)
 	return strip
 }
 
@@ -79,9 +77,8 @@ func (s *SSLStripper) onPacket(pkt gopacket.Packet) {
 	}
 }
 
-func (s *SSLStripper) Enable(enabled bool, useIDN bool) {
+func (s *SSLStripper) Enable(enabled bool) {
 	s.enabled = enabled
-	s.useIDN = useIDN
 
 	if enabled && s.handle == nil {
 		var err error
@@ -127,32 +124,8 @@ func (s *SSLStripper) isContentStrippable(res *http.Response) bool {
 	return false
 }
 
-func (s *SSLStripper) processURL(url string) string {
-	// first we remove the https schema
-	url = url[8:]
-
-	// search the first instance of "/"
-	iEndHost := strings.Index(url, "/")
-	if iEndHost == -1 {
-			iEndHost = len(url)
-	}
-	// search if port is specified
-	iPort := strings.Index(url[:iEndHost], ":")
-	if iPort == -1 {
-			iPort = iEndHost
-	}
-	if s.useIDN {
-		// add an international character to the domain name & strip HTTPS port (if any)
-		url = url[:iPort] + "ノ" + url[iEndHost:]
-	} else {
-		// double the last TLD's character & strip HTTPS port (if any)
-		url = url[:iPort] + string(url[iPort-1]) + url[iEndHost:]
-	}
-
-	// finally we add the http schema
-	url = "http://" + url
-
-	return url
+func (s *SSLStripper) stripURL(url string) string {
+	return strings.Replace(url, "https://", "http://", 1)
 }
 
 // sslstrip preprocessing, takes care of:
@@ -253,7 +226,7 @@ func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) {
 				log.Info("[%s] Got redirection from HTTP to HTTPS: %s -> %s", tui.Green("sslstrip"), tui.Yellow("http://"+origHost), tui.Bold("https://"+newHost))
 
 				// strip the URL down to an alternative HTTP version and save it to an ASCII Internationalized Domain Name
-				strippedURL := s.processURL(newURL)
+				strippedURL := s.stripURL(newURL)
 				parsed, _ := url.Parse(strippedURL)
 				hostStripped := parsed.Hostname()
 				hostStripped, _ = idna.ToASCII(hostStripped)
@@ -280,7 +253,7 @@ func (s *SSLStripper) Process(res *http.Response, ctx *goproxy.ProxyCtx) {
 			// make sure we only strip valid URLs
 			if parsed, _ := url.Parse(u); parsed != nil {
 				// strip the URL down to an alternative HTTP version
-				urls[u] = s.processURL(u)
+				urls[u] = s.stripURL(u)
 			}
 		}
 

diff --git a/modules/https_proxy/https_proxy.go b/modules/https_proxy/https_proxy.go
@@ -41,10 +41,6 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy {
 		"false",
 		"Enable or disable SSL stripping."))
 
-	mod.AddParam(session.NewBoolParameter("https.proxy.sslstrip.useIDN",
-		"false",
-		"Use an Internationalized Domain Name to bypass HSTS. Otherwise, double the last TLD's character"))
-
 	mod.AddParam(session.NewStringParameter("https.proxy.injectjs",
 		"",
 		"",
@@ -112,7 +108,6 @@ func (mod *HttpsProxy) Configure() error {
 	var certFile string
 	var keyFile string
 	var stripSSL bool
-	var useIDN bool
 	var jsToInject string
 	var whitelist string
 	var blacklist string
@@ -129,8 +124,6 @@ func (mod *HttpsProxy) Configure() error {
 		return err
 	} else if err, stripSSL = mod.BoolParam("https.proxy.sslstrip"); err != nil {
 		return err
-	} else if err, useIDN = mod.BoolParam("https.proxy.sslstrip.useIDN"); err != nil {
-		return err
 	} else if err, certFile = mod.StringParam("https.proxy.certificate"); err != nil {
 		return err
 	} else if certFile, err = fs.Expand(certFile); err != nil {
@@ -170,7 +163,7 @@ func (mod *HttpsProxy) Configure() error {
 	}
 
 	error := mod.proxy.ConfigureTLS(address, proxyPort, httpPort, doRedirect, scriptPath, certFile, keyFile, jsToInject,
-		stripSSL, useIDN)
+		stripSSL)
 
 	// save stripper to share it with other http(s) proxies
 	mod.State.Store("stripper", mod.proxy.Stripper)