From 1da54080b9f37c0f2e3b98b38ce527bfc2da5b3a Mon Sep 17 00:00:00 2001
From: evilsocket <evilsocket@gmail.com>
Date: Thu, 13 Sep 2018 12:51:48 +0200
Subject: [PATCH] new: new upnp discovery response parser

---
 modules/net_sniff_parsers.go |  2 ++
 modules/net_sniff_upnp.go    | 37 ++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 modules/net_sniff_upnp.go

diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go
index 84387174..a3ee7e51 100644
--- a/modules/net_sniff_parsers.go
+++ b/modules/net_sniff_parsers.go
@@ -49,6 +49,8 @@ func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
 		return
 	} else if krb5Parser(ip, pkt, udp) {
 		return
+	} else if upnpParser(ip, pkt, udp) {
+		return
 	} else if verbose {
 		NewSnifferEvent(
 			pkt.Metadata().Timestamp,
diff --git a/modules/net_sniff_upnp.go b/modules/net_sniff_upnp.go
new file mode 100644
index 00000000..9dc243fb
--- /dev/null
+++ b/modules/net_sniff_upnp.go
@@ -0,0 +1,37 @@
+package modules
+
+import (
+	"fmt"
+
+	"github.com/bettercap/bettercap/core"
+	"github.com/bettercap/bettercap/packets"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+)
+
+func upnpParser(ip *layers.IPv4, pkt gopacket.Packet, udp *layers.UDP) bool {
+	if data := packets.UPNPGetMeta(pkt); data != nil && len(data) > 0 {
+		s := ""
+		for name, value := range data {
+			s += fmt.Sprintf("%s:%s ", core.Blue(name), core.Yellow(value))
+		}
+
+		NewSnifferEvent(
+			pkt.Metadata().Timestamp,
+			"upnp",
+			ip.SrcIP.String(),
+			ip.DstIP.String(),
+			nil,
+			"%s %s -> %s : %s",
+			core.W(core.BG_RED+core.FG_BLACK, "upnp"),
+			vIP(ip.SrcIP),
+			vIP(ip.DstIP),
+			core.Trim(s),
+		).Push()
+
+		return true
+	}
+
+	return false
+}