github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-19 13:09:49 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: fixed a bug in NTLM parser which prevented the HTTP parser from being called.

Browse source
This commit is contained in:
evilsocket 2018-02-23 11:46:00 +01:00
commit 1ac5521038
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/net_sniff_ntlm.go
View file

@ -32,6 +32,8 @@ func isResponse(s string) bool {
func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := tcp.Payload data := tcp.Payload
ok := false
for _, line := range strings.Split(string(data), "\r\n") { for _, line := range strings.Split(string(data), "\r\n") {
if isNtlm(line) { if isNtlm(line) {
tokens := strings.Split(line, " ") tokens := strings.Split(line, " ")
@ -39,8 +41,10 @@ func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
continue continue
} }
if isChallenge(line) { if isChallenge(line) {
ok = true
ntlm.AddServerResponse(tcp.Ack, tokens[2]) ntlm.AddServerResponse(tcp.Ack, tokens[2])
} else if isResponse(line) { } else if isResponse(line) {
ok = true
ntlm.AddClientResponse(tcp.Seq, tokens[2], func(data packets.NTLMChallengeResponseParsed) { ntlm.AddClientResponse(tcp.Seq, tokens[2], func(data packets.NTLMChallengeResponseParsed) {
NewSnifferEvent( NewSnifferEvent(
pkt.Metadata().Timestamp, pkt.Metadata().Timestamp,
@ -60,5 +64,5 @@ func ntlmParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
} }
} }
} }
return true return ok
} }