Skip to content

Update hstshijack #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 30 commits into
base: master
Choose a base branch
from
Open

Update hstshijack #78

wants to merge 30 commits into from

Conversation

buffermet
Copy link
Member

@buffermet buffermet commented May 11, 2025
edited
Loading

Depends on bettercap/bettercap#1195

Changes:

  • Implemented cookie domain spoofing.
  • Implemented cookie downgrade attack (for downgrading HTTPS).
  • Implemented req/res body regex replacement JSON config file.
  • Implemented req/res header regex replacement JSON config file.
  • Implemented req URL regex replacement JSON config file.
  • DOM spoofing is done with MutationObserver instead of a loop.
  • hijack.js payload now hijacks document.cookie getter and setter.
  • hijack.js payload now hijacks Element.innerHTML setter.
  • hijack.js payload now hijacks Element.outerHTML setter.
  • hijack.js payload now hijacks HTMLLinkElement.href setter.
  • hijack.js payload now hijacks HTMLScriptElement.nonce setter.
  • hijack.js payload now hijacks HTMLScriptElement.src setter.
  • HTTP proxy module now spoofs preflight response headers.
  • HTTP proxy module no longer hardcodes CSP headers, only removes them.
  • DNS proxy module drops AAAA queries by default.
  • Fixed bug in HTTP proxy module where HTTPS scheme was not properly restored in request headers for the requested hostname.
  • Fixed bug where spaces were removed from file paths in environment variables.
  • Fixed bug where Access-Control-Allow-Origin response header was incorrectly spoofed.
  • Reduced a great deal of overhead in the HTTP proxy module by precompiling regex selectors where possible.
  • Changed indentation from spaces to tabs.
  • Cleaned up caplet folder structure.

To do:

  • Improve res/req header & body spoofing by assembling string slices using match length and indices.
  • Refactor res body spoofing so we can target every mimetype/extension/... from the res.Body.json config.
  • Implement configurable sync/async SSL discovery mechanism for requested hostnames that we don't know yet.
  • Complete optionality of cookie downgrade attack in the DOM (hijack.js payload).
  • Extend whitelisting to also stop sending spoofed DNS responses to whitelisted clients for whitelisted hostnames in DNS proxy module. Don't do this because it blocks the HTTPS redirect.
  • Allow the option to set global variable names across multiple JS payloads that get obfuscated by the HTTP proxy module.

buffermet added 30 commits April 23, 2025 19:09
@buffermet
backup
11505d1
@buffermet
Update README.md
f3f75b5
@buffermet
Update README.md
9b29d81
@buffermet
Update README.md
22c54c7
@buffermet
Update README.md
1c625d6
@buffermet
Update README.md
7f06b02
@buffermet
Rename hstshijack.js to http.proxy.js
8b76a6a
@buffermet
Update hstshijack.cap
8c0be60
@buffermet
Update README.md
c61368e
@buffermet
Implement req URL regex replacements, fix bug where spaces were strip…
d7e4cad 
…ped from paths.
@buffermet
Make DNS proxying dynamic.
9e856ae
@buffermet
Fix whitespace removal.
68f7eea
@buffermet
Rename req.body.json to req.Body.json
f0f36d9
@buffermet
Rename req.headers.json to req.Headers.json
4e0f9d5
@buffermet
Rename req.url.json to req.URL.json
7250997
@buffermet
Rename res.body.json to res.Body.json
ba2019b
@buffermet
Rename res.headers.json to res.Headers.json
7588392
@buffermet
wu wei
f126226
@buffermet
Fix env var.
174373d
@buffermet
Reduce overhead.
0ceee97
@buffermet
Change indentation to tabs.
9a3d92c
@buffermet
Change indentation to tabs.
b4d9c79
@buffermet
Change indentation to tabs.
996898d
@buffermet
Change indentation to tabs.
0db1ed6
@buffermet
Add 'port' property to URL regex replacement config.
3157efd
@buffermet
Update README.md
cd5fd07
@buffermet
Drop AAAA queries.
659b936
@buffermet
Simplify AAAA query filtering.
c8a6a63
@buffermet
Make MutationObserver aggressive, silence errors.
5451be9
@buffermet
Fix indentation.
42bf301
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@buffermet