Mole : A Framework For Identifying & Exploiting Out-Of-Band Application Vulnerabilities

Mole is a framework for identifying and exploiting out-of-band (OOB) vulnerabilities.

Installation & Setup

Mole Install

  • Python >= 3.6

virtualenv -p /usr/bin/python3 venv
source venv/bin/activate
./venv/bin/pip3 install -r requirements.txt
git submodule update --init --recursive

  • Set an API key in config.yml (must be the same for the client and server)

DNS Configuration

You’ll need to configure the DNS records in your registrar to point to your mole server. Minimally, you’ll need an A record for the name server and an NS record configured.

Mole can be configured to host other configuration options.

  • Mailgun (Optional)

Mailgun requires DNS entries to enable the service: https://help.mailgun.com/hc/en-us/articles/203637190-How-Do-I-Add-or-Delete-a-Domain-

  • TLS

Currently Mole does not support TLS natively. To implement TLS, use a reverse proxy such as nginx to terminate the TLS connection and forward traffic to the Mole server.

Burp Suite Extension

The Burp Suite Extension requires a separate Python 2.7 virtual environment due to the latest version of Jython only supporting 2.7. Below are the instructions for setting up the virtual environment and configuring the Extension.

  • Create a new python2.7 virtualenv for burp/jython

virtualenv -p /usr/bin/python2.7 burp_venv

  • Load the venv, source

./burp_venv/bin/activate

  • Install the required packages

./burp_venv/bin/pip -r requirements

  • Configure the Python Environment by downloading and selecting the jython-standalone jar.
  • Set the “Folder for loading modules” to the full path to burp_venv/lib/python2.7/site-packages that was created in steps 1-3.
  • Click Add
  • Set the Extension type to Python and select the mole_burp_extension.py file from the mole project directory.
  • Click Next and if all goes well, there will be no errors on the load screen.

Configuration

Token

  • domain – Your custom domain
  • length – Length of the tokens (default 5)
  • The token character set is ascii upper & lower, and digits. The length can be modified to meet needs such as constrained space for a payload. The number of tokens per length is listed below.
    • 1 – 62
    • 2 – 3844
    • 3 – 238328
    • 4 – 14776336
    • 5 – 916132832
  • ssl – Configure payloads for https vs http
    • “server` – domain or IP of the Mole token server
  • default_tags – list of default tags to add to all tokens. Useful for per-project/client tokens.

Server

  • api_key – API key used to authenticate requests to the mole API
  • dns_addr – IP address used to respond to DNS queries
  • db_connSQLAlchemy database URL. Default is a SQLite db in the root directory sqlite:///mole.db
  • static_responses – list of DNS static response key/value pairs
  • web_port – configure the listening web port
  • dns_port -configure the listening dns port

Notifications

All notifications have an enabled flag that determines whether or not to trigger the notification on an interaction. Each notification plugin has its own configuration items.

  • mailgun – configure domain, to, from, and api_key to enable mailgun email notifications
  • slacktoken and channel
  • webhook – generic POST webhook

Issues/Bugs

I’m sure there are many, please create a new issue and fill out the template as best as you can for quick triage.

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

2 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

2 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

2 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

3 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

6 hours ago