''' IEnterceptor is intended to allow us to intercept all URL and post data going through Internet Explorer by eavesdropping at the COM layer. This is really nice and easy in Python. We're trying to capture enough information to generate a "smack" input file for the Oedipus Web Scanner in a situation where a local proxy doesn't work (i.e. target is using NTLM auth) This requires win32all support (included in ActiveState python) and Windows You can get the Oedipus Web Scanner from http://oedipus.rubyforge.org Usage: run the script from the command line. An instance of IE will be spawned and navigation events in the Window will be output to stdout in "smack" format. Redirect stdout to a file, or cut and paste as needed. Flags: -t for specifying a regex to filter events by a particular host (i.e. http/https or specific host) -v for debugging output This tool is released under the Reciprocal Public License This open source license is available for review at http://www.opensource.org/licenses/rpl.php Justin Clarke - justin at justinclarke.com version 280206 ''' import win32com.client # win32 COM client support import pythoncom import re import getopt import sys optArg = defaultNamedNotOptArg = pythoncom.Missing quitFlag=1 verbose=0 host='' hostregex = r'(http|https)\:\/\/.*?\/' lasthost = '' class IEEvents: def OnBeforeNavigate2(self, pDisp=optArg, URL=optArg, Flags=optArg, TargetFrameName=optArg, PostData=optArg, Headers=optArg, Cancel=optArg): '''This event handler will kick off before a navigate. i.e. when someone enters a URL, or clicks a form''' global hostregex, lasthost, host if not re.search(host, URL): return 0 inputstring='' foo = re.search(hostregex, URL) if re.search(r'javascript:', URL): # ignore javascript execution return try: if foo.group()!=lasthost: # if this is a different host or protocol than the last request lasthost = foo.group(0) print "# "+foo.group(0) # print host comment except: print "# "+URL bar = re.sub(hostregex,'',URL) # get rid of the http(s) and hostname if PostData: inputstring="POST /"+bar+"?"+PostData # URL+?+QS data+?+post data or URL+?+post data else: inputstring="GET /"+bar print inputstring if verbose: print "[pDisp = %s\nURL = %s\nFlags = %s\nTargetFrameName = %s\nPost data = %s\nHeaders = %s\nCancel = %s]" % (pDisp,URL,Flags,TargetFrameName,PostData,Headers,Cancel) def OnQuit(self, Cancel=optArg): '''This event handler kicks off when you close the Internet Explorer instance. We can get this to gracefully handle browser close in order to close the IEnterceptor''' global quitFlag quitFlag=0 class IEnterceptor: def __init__(self): '''Open internet explorer. This is the IE instance you want to do testing in. That will save us from having to locate which instance is the appropriate one (do this next version?)''' self.ie = win32com.client.DispatchWithEvents("InternetExplorer.Application", IEEvents) self.ie.Visible = 1 def usage(): print ''' |,---. | | ||--- ,---.|--- ,---.,---.,---.,---.,---.|--- ,---.,---. || | || |---'| | |---'| || | || ``---'` '`---'`---'` `---'`---'|---'`---'`---'` | Usage: %s [-v] [-h] [-t host] -h help - you're looking at it -v verbose -t host to test (ignores other hosts - use to specify http/https)''' % sys.argv[0] if (__name__=='__main__'): try: opts, args = getopt.getopt(sys.argv[1:], "vht:") except: usage() for o,a in opts: if o == "-v": verbose = 1 if o == "-h": usage() sys.exit(0) if o == "-t": host = a myIE = IEnterceptor() while quitFlag: pythoncom.PumpWaitingMessages()