jaybeale / middler Goto Github PK

What steps will reproduce the problem?
1. Starting middler.py as root and user
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
Revision 169
Ubtunu 9.10

Please provide any additional information below.

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?
ubuntu 9.04

Please provide any additional information below.

I have noticed middler picking up what it believes to be SIP traffic when
in fact there is no SIP traffic.

Middler throws out the folloing output:

---------START------------------------------------
Started a new thread to handle connection from 192.168.10.2:30788 on port
10000!
Looking at a line that reads
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
[�����������?��LX�?���S�����r-4ǹTh�qM.���
�F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9�f�ME��
�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��VF=х��tb
��)��e1:t4:�L1:v4:UTH81:y1:re
First line was
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��


��v��[�����������?��LX�?���S�����r-4ǹTh
�qM.��F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9
�f�ME�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��
VF=х��tb��)��e1:t4:�L1:v4:UTH81:y1:re
SIP Method line:
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
[�����������?��LX�?���S�����r-4ǹTh�qM.���
�F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9�f�ME��
�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��VF=х��tb
��)��e1:t4:�L1:v4:UTH81:y1:re


Modified headers:
d1:rd2:id20:�S@y&���R��C+ZSO8�n5:nodes208:�SA���!l��>|��p�
���zr�||n����SD�L_Da��
[�����������?��LX�?���S�����r-4ǹTh�qM.���
�F�t�ۭ�S��=�l�z_�j��CGZ�LW���S����0LM���q9�f�ME��
�;�g�S�X^2ޠHR����6k�(�rM[�E��S&����>}��VF=х��tb
��)��e1:t4:�L1:v4:UTH81:y1:re


DEBUG: destination URI is 
DEBUG:  wasn't in our SIP URI -> IP:Port table.
DEBUG: Parsed destination hostname - it was 
------Thread from port 10000 out!----

I have done a quick ngrep here is the output of the traffic its picking up:

usr@endure:~/tools$ sudo ngrep -q -d wlan0 UTH81:
U 192.168.10.2:30788 -> 95.24.41.190:2048
  d1:rd2:id20:[email protected]&...R..C+ZSO8.ne1:t4:ly..1:v4:UTH81:y1:re              


U 192.168.10.2:30788 -> 95.24.41.190:2048
  d1:rd2:id20:[email protected]&...R..C+ZSO8.ne1:t4:ly..1:v4:UTH81:y1:re              


U 192.168.10.2:30788 -> 74.219.91.121:41092

d1:rd2:id20:[email protected]&...R..C+ZSO8.n5:nodes208:.SM.............`-..\...R..SNA5...%>.
y{5G..mW^Z...
  ...SH.F(..'.J..lua0.wo\(Sp< .S]/
<m#.'..Q..^...._8"#...S\V<[email protected].]]...#.S_./.ODHA3.G

,....s.M1..]*.S_./.ODHA3.G,....s.Q8.*2..S_./.ODHA3.G,....s.|zZ.&s5:token20:....8
.3.p'AO..s8..

.c6:valuesl6:...L..6:CVK...6:Ji...D6:B9.]..6:Q.].E.6:...p..6:T.G.].6:F.....ee1:t
4:....1:v4:UT
  H81:y1:re                                                               


U 192.168.10.2:30788 -> 74.219.91.121:41092

d1:rd2:id20:[email protected]&...R..C+ZSO8.n5:nodes208:.SM.............`-..\...R..SNA5...%>.
y{5G..mW^Z...
  ...SH.F(..'.J..lua0.wo\(Sp< .S]/
<m#.'..Q..^...._8"#...S\V<[email protected].]]...#.S_./.ODHA3.G

,....s.M1..]*.S_./.ODHA3.G,....s.Q8.*2..S_./.ODHA3.G,....s.|zZ.&s5:token20:....8
.3.p'AO..s8..

.c6:valuesl6:...L..6:CVK...6:Ji...D6:B9.]..6:Q.].E.6:...p..6:T.G.].6:F.....ee1:t
4:....1:v4:UT
  H81:y1:re

The host sending this is my partners Mac.

Middler is running on my ubuntu laptop.

What steps will reproduce the problem?
1. Have Middler start proxying some traffic
2. Try to kill middler with a ^C
3. If this doesn't work, you have to kill -9 the process

What is the expected output? What do you see instead?

Middler should gracefully die when you pass it a ^C

Please use labels and text to provide additional information.

I suspect it happens when middler still has threads open

./middler.py 
WARNING: No route found for IPv6 destination :: (no default route?)
==================================
The Middler - HTTP and SIP Edition
==================================


Redirecting udp port 5060 to The Middler's proxy on localhost:5060
Redirecting udp port 5061 to The Middler's proxy on localhost:5061
Redirecting udp port 10000 to The Middler's proxy on localhost:10000
Redirecting udp port 64064 to The Middler's proxy on localhost:64064
Redirecting tcp port 80 to The Middler's proxy on localhost:80
Traceback (most recent call last):
  File "./middler.py", line 140, in <module>
    server = libmiddler.proxies.http.http_proxy.ThreadedTCPServer((ml.hostname,ml.port), libmiddler.proxies.http.http_proxy.Middler_HTTP_Proxy)
  File "/usr/lib/python2.6/SocketServer.py", line 400, in __init__
    self.server_bind()
  File "/usr/lib/python2.6/SocketServer.py", line 411, in server_bind
    self.socket.bind(self.server_address)
  File "<string>", line 1, in bind
socket.error: [Errno 98] Address already in use

What steps will reproduce the problem?
1. Start tcpdump on Middler machine
2. Start proxying traffic with Middler
3. Analyze delay between Middler receiving traffic from Inet and sending a
proxied copy to the victim

What is the expected output? What do you see instead?

Middler should send traffic as soon as it receives it

Please use labels and text to provide additional information.

What steps will reproduce the problem?
1. Checkout latest SVN, run middler
2. Use IE 8
3. Visit Google

What is the expected output? What do you see instead?
I expect to see google, instead I see "you cannot connect"

What version of the product are you using? On what operating system?
IE8 on XPsp3 and Win7

Please provide any additional information below.
There are 2 problems:
1) in http_proxy a pop occurs when gzip is encountered without resetting
index thereby dropping one other element in the header
2) Google seems to be assuming I can handle the gzip data, and passing it
along even though there isn't an encoding method specified in the request

The attached patch fixed it for me.

Thanks,
Ryan

For the arp spoofing flag, could this be extended from just on and off to
use targets, and possibly files. (i.e.

-A (Choose an option, default it 1 - or full ON)
    0 OFF, no arp spoofing will be conducted.
    1 ON, arp spoofing will happen against the gateway
    2 <target> arp spoofing will happen against the specified target
    3 <file> targeted arp spoofing will happen against each of the line
separated list of hosts from a file.

Thanks,
mubix

What steps will reproduce the problem?
1. Start an arpspoof
2. Start Middler
3. go to gmail.com and do a login

What is the expected output? What do you see instead?
My javascript should be injected into the response

What version of the product are you using? On what operating system?
The last revision

Please provide any additional information below.

I'va written a JavaScript based keylogger plugin for Middler (based on your
original keylogger plugin)
It works on most of sites, but in sites that have an initial HTTPS
connection, it fails (It seems that gmail.com returns a "302 Moved
Temporarily" and then redirects to the gmail's main page)
Is there any work on keylogger plugin ?
Should I know something specific about injecting code to sites such as gmail ?

What steps will reproduce the problem?
1. setup.py build
2.
3.

What is the expected output? What do you see instead?
error: package directory 'middlerlib' does not exist


What version of the product are you using? On what operating system?
kali linux 
backtrack5r3

Please provide any additional information below.