new: added new http.proxy.redirect and https.proxy.redirect parameter…

…s to optionally disable iptables port redirection
bettercap · Jan 23, 2020 · bb1f6cd · bb1f6cd
1 parent 9bf0139
commit bb1f6cd
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 28 deletions.
diff --git a/modules/http_proxy/http_proxy.go b/modules/http_proxy/http_proxy.go
@@ -30,6 +30,10 @@ func NewHttpProxy(s *session.Session) *HttpProxy {
  "8080",
  "Port to bind the HTTP proxy to."))
 
+ mod.AddParam(session.NewBoolParameter("http.proxy.redirect",
+ "true",
+ "Enable or disable port redirection with iptables."))
+
  mod.AddParam(session.NewStringParameter("http.proxy.script",
  "",
  "",
@@ -82,6 +86,7 @@ func (mod *HttpProxy) Configure() error {
  var address string
  var proxyPort int
  var httpPort int
+ var doRedirect bool
  var scriptPath string
  var stripSSL bool
  var jsToInject string
@@ -96,6 +101,8 @@ func (mod *HttpProxy) Configure() error {
  return err
  } else if err, httpPort = mod.IntParam("http.port"); err != nil {
  return err
+ } else if err, doRedirect = mod.BoolParam("http.proxy.redirect"); err != nil {
+ return err
  } else if err, scriptPath = mod.StringParam("http.proxy.script"); err != nil {
  return err
  } else if err, stripSSL = mod.BoolParam("http.proxy.sslstrip"); err != nil {
@@ -111,7 +118,7 @@ func (mod *HttpProxy) Configure() error {
  mod.proxy.Blacklist = str.Comma(blacklist)
  mod.proxy.Whitelist = str.Comma(whitelist)
 
- return mod.proxy.Configure(address, proxyPort, httpPort, scriptPath, jsToInject, stripSSL)
+ return mod.proxy.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL)
 }
 
 func (mod *HttpProxy) Start() error {

diff --git a/modules/http_proxy/http_proxy_base.go b/modules/http_proxy/http_proxy_base.go
@@ -49,6 +49,7 @@ type HTTPProxy struct {
  jsHook string
  isTLS bool
  isRunning bool
+ doRedirect bool
  stripper *SSLStripper
  sniListener net.Listener
  sess *session.Session
@@ -73,15 +74,16 @@ func (l dummyLogger) Printf(format string, v ...interface{}) {
 
 func NewHTTPProxy(s *session.Session) *HTTPProxy {
  p := &HTTPProxy{
- Name: "http.proxy",
- Proxy: goproxy.NewProxyHttpServer(),
- sess: s,
- stripper: NewSSLStripper(s, false),
- isTLS: false,
- Server: nil,
- Blacklist: make([]string, 0),
- Whitelist: make([]string, 0),
- tag: session.AsTag("http.proxy"),
+ Name: "http.proxy",
+ Proxy: goproxy.NewProxyHttpServer(),
+ sess: s,
+ stripper: NewSSLStripper(s, false),
+ isTLS: false,
+ doRedirect: true,
+ Server: nil,
+ Blacklist: make([]string, 0),
+ Whitelist: make([]string, 0),
+ tag: session.AsTag("http.proxy"),
  }
 
  p.Proxy.Verbose = false
@@ -167,11 +169,13 @@ func (p *HTTPProxy) shouldProxy(req *http.Request) bool {
  return true
 }
 
-func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scriptPath string, jsToInject string, stripSSL bool) error {
+func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
+ jsToInject string, stripSSL bool) error {
  var err error
 
  p.stripper.Enable(stripSSL)
  p.Address = address
+ p.doRedirect = doRedirect
 
  if strings.HasPrefix(jsToInject, "http://") || strings.HasPrefix(jsToInject, "https://") {
  p.jsHook = fmt.Sprintf("<script src=\"%s\" type=\"text/javascript\"></script></head>", jsToInject)
@@ -205,22 +209,26 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scrip
  WriteTimeout: httpWriteTimeout,
  }
 
- if !p.sess.Firewall.IsForwardingEnabled() {
- p.Info("enabling forwarding.")
- p.sess.Firewall.EnableForwarding(true)
- }
+ if p.doRedirect {
+ if !p.sess.Firewall.IsForwardingEnabled() {
+ p.Info("enabling forwarding.")
+ p.sess.Firewall.EnableForwarding(true)
+ }
 
- p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
- "TCP",
- httpPort,
- p.Address,
- proxyPort)
+  p.Redirection = firewall.NewRedirection(p.sess.Interface.Name(),
+  "TCP",
+  httpPort,
+  p.Address,
+  proxyPort)
 
- if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
- return err
- }
+  if err := p.sess.Firewall.EnableRedirection(p.Redirection, true); err != nil {
+  return err
+  }
 
- p.Debug("applied redirection %s", p.Redirection.String())
+ p.Debug("applied redirection %s", p.Redirection.String())
+ } else {
+ p.Warning("port redirection disabled, the proxy must be set manually to work")
+ }
 
  p.sess.UnkCmdCallback = func(cmd string) bool {
  if p.Script != nil {
@@ -267,8 +275,10 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *
  }
 }
 
-func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, scriptPath string, certFile string, keyFile string, jsToInject string, stripSSL bool) (err error) {
- if p.Configure(address, proxyPort, httpPort, scriptPath, jsToInject, stripSSL); err != nil {
+func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
+ certFile string,
+ keyFile string, jsToInject string, stripSSL bool) (err error) {
+ if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL); err != nil {
  return err
  }
 
@@ -402,7 +412,7 @@ func (p *HTTPProxy) Start() {
 }
 
 func (p *HTTPProxy) Stop() error {
- if p.Redirection != nil {
+ if p.doRedirect && p.Redirection != nil {
  p.Debug("disabling redirection %s", p.Redirection.String())
  if err := p.sess.Firewall.EnableRedirection(p.Redirection, false); err != nil {
  return err

diff --git a/modules/https_proxy/https_proxy.go b/modules/https_proxy/https_proxy.go
@@ -33,6 +33,10 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy {
  "8083",
  "Port to bind the HTTPS proxy to."))
 
+ mod.AddParam(session.NewBoolParameter("https.proxy.redirect",
+ "true",
+ "Enable or disable port redirection with iptables."))
+
  mod.AddParam(session.NewBoolParameter("https.proxy.sslstrip",
  "false",
  "Enable or disable SSL stripping."))
@@ -97,6 +101,7 @@ func (mod *HttpsProxy) Configure() error {
  var address string
  var proxyPort int
  var httpPort int
+ var doRedirect bool
  var scriptPath string
  var certFile string
  var keyFile string
@@ -113,6 +118,8 @@ func (mod *HttpsProxy) Configure() error {
  return err
  } else if err, httpPort = mod.IntParam("https.port"); err != nil {
  return err
+ } else if err, doRedirect = mod.BoolParam("https.proxy.redirect"); err != nil {
+ return err
  } else if err, stripSSL = mod.BoolParam("https.proxy.sslstrip"); err != nil {
  return err
  } else if err, certFile = mod.StringParam("https.proxy.certificate"); err != nil {
@@ -153,7 +160,8 @@ func (mod *HttpsProxy) Configure() error {
  mod.Info("loading proxy certification authority TLS certificate from %s", certFile)
  }
 
- return mod.proxy.ConfigureTLS(address, proxyPort, httpPort, scriptPath, certFile, keyFile, jsToInject, stripSSL)
+ return mod.proxy.ConfigureTLS(address, proxyPort, httpPort, doRedirect, scriptPath, certFile, keyFile, jsToInject,
+ stripSSL)
 }
 
 func (mod *HttpsProxy) Start() error {