Initial commit for v1.0 using mitmproxy instead of twisted

Added a plugin system to Net-Creds so you can now add your own parsers, api hook names might change between now and the offcial release (will submit a PR to the original repo once completed) The main MITM HTTP Proxy now uses mitmproxy which is a big deal, cuts the code down by an insane amount, no more twisted! yay! Basic plugin have been re-wrote for the new proxy engine Since we are using mitmproxy we have out of the box support for SSL/TLS!
2025-07-14 00:53:58 -07:00 · 2016-02-06 13:27:08 -07:00 · 2016-02-06 13:27:08 -07:00 · eea5f53be2
commit eea5f53be2
50 changed files with 5525 additions and 0 deletions
--- a/parsers/telnet.py
+++ b/parsers/telnet.py
@ -0,0 +1,38 @@
+from parsers.parser import Parser
+from collections import OrderedDict
+
+class Telnet(Parser):
+    name = 'Telnet'
+
+    telnet_stream = OrderedDict()
+
+    def TCP_parser(self, payload, src_ip_port, dst_ip_port):
+        if src_ip_port in self.telnet_stream:
+            # Do a utf decode in case the client sends telnet options before their username
+            # No one would care to see that
+            try:
+                self.telnet_stream[src_ip_port] += payload.decode('utf8')
+            except UnicodeDecodeError:
+                pass
+
+            # \r or \r\n or \n terminate commands in telnet if my pcaps are to be believed
+            if '\r' in self.telnet_stream[src_ip_port] or '\n' in self.telnet_stream[src_ip_port]:
+                telnet_split = self.telnet_stream[src_ip_port].split(' ', 1)
+                cred_type = telnet_split[0]
+                value = telnet_split[1].replace('\r\n', '').replace('\r', '').replace('\n', '')
+                # Create msg, the return variable
+                self.logger('Telnet %s: %s' % (cred_type, value))
+                del self.telnet_stream[src_ip_port]
+
+        # This part relies on the telnet packet ending in
+        # "login:", "password:", or "username:" and being <750 chars
+        # Haven't seen any false+ but this is pretty general
+        # might catch some eventually
+        # maybe use dissector.py telnet lib?
+        if len(self.telnet_stream) > 100:
+            self.telnet_stream.popitem(last=False)
+        mod_load = payload.lower().strip()
+        if mod_load.endswith('username:') or mod_load.endswith('login:'):
+            self.telnet_stream[dst_ip_port] = 'username '
+        elif mod_load.endswith('password:'):
+            self.telnet_stream[dst_ip_port] = 'password '