search

moxie0 / sslstrip

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
http://www.thoughtcrime.org/software/sslstrip/
GNU General Public License v3.0
1.91k stars 428 forks source link

Fix runtime errors #4

Closed PaulMcMillan closed 7 years ago

PaulMcMillan commented 12 years ago

Fix runtime errors caused by aborted connections. Fixes #3.

moxie0 commented 12 years ago

What worries me is that catching something as generic as RuntimeException can mask actual problems. I know people think it's annoying when stack traces get printed to the console, but I'm not sure that it's doing any actual harm?

PaulMcMillan commented 12 years ago

Yeah, they aren't actually doing any harm other than making it harder to scroll through the output.

The only thing that this patch will catch is an exception in self.finish(), which is already throwing the RuntimeError sometimes anyway. If it throws anything more specific, it won't get caught by this change. I guess the only case that this will mask a different problem is if self.finish() somehow throws a RuntimeError for some other reason that is unexpected, and we notice it in the midst of all these expected errors.

We can't easily change the error that twisted returns, so it seems like this is the best option, unless we do something similar to the first version of the patch that didn't work quite correctly.

sol-vin commented 11 years ago

I'm having this problem without someone aborting the connection. The connection goes through fine on the victim end but, they can still escape into https from http.

Traceback (most recent call last): File "./sslstrip.py", line 105, in main reactor.run() File "/pentest/web/sslstrip/twisted/internet/base.py", line 1169, in run self.mainLoop() File "/pentest/web/sslstrip/twisted/internet/base.py", line 1181, in mainLoop self.doIteration(t) File "/pentest/web/sslstrip/twisted/internet/pollreactor.py", line 167, in doPoll log.callWithLogger(selectable, _drdw, selectable, fd, event) --- --- File "/pentest/web/sslstrip/twisted/python/log.py", line 84, in callWithLogger return callWithContext({"system": lp}, func, _args, _kw) File "/pentest/web/sslstrip/twisted/python/log.py", line 69, in callWithContext return context.call({ILogContext: newCtx}, func, _args, _kw) File "/pentest/web/sslstrip/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, _args, _kw) File "/pentest/web/sslstrip/twisted/python/context.py", line 81, in callWithContext return func(args,kw) File "/pentest/web/sslstrip/twisted/internet/posixbase.py", line 599, in _doReadOrWrite self._disconnectSelectable(selectable, why, inRead) File "/pentest/web/sslstrip/twisted/internet/posixbase.py", line 263, in _disconnectSelectable selectable.connectionLost(f) File "/pentest/web/sslstrip/twisted/internet/tcp.py", line 433, in connectionLost Connection.connectionLost(self, reason) File "/pentest/web/sslstrip/twisted/internet/tcp.py", line 277, in connectionLost protocol.connectionLost(reason) File "/pentest/web/sslstrip/twisted/web/http.py", line 455, in connectionLost self.handleResponseEnd() File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 119, in handleResponseEnd HTTPClient.handleResponseEnd(self) File "/pentest/web/sslstrip/twisted/web/http.py", line 466, in handleResponseEnd self.handleResponse(b) File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 133, in handleResponse self.client.write(data) File "/pentest/web/sslstrip/twisted/web/http.py", line 898, in write raise RuntimeError('Request.write called on a request after ' exceptions.RuntimeError: Request.write called on a request after Request.finish was called.