github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-19 04:59:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

new: added net.sniff FTP credentials parser (closes #424)

Browse source
This commit is contained in:
evilsocket 2019-01-29 13:02:14 +01:00
commit 36a6bb87ce
No known key found for this signature in database
GPG key ID: 1564D7F30393A456
2 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

42
modules/net_sniff_ftp.go Normal file
View file

@ -0,0 +1,42 @@
package modules
import (
"regexp"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/evilsocket/islazy/str"
"github.com/evilsocket/islazy/tui"
)
var (
ftpRe = regexp.MustCompile(`^(USER|PASS) (.+)[\n\r]+$`)
)
func ftpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := string(tcp.Payload)
if matches := ftpRe.FindAllStringSubmatch(data, -1); matches != nil {
what := str.Trim(matches[0][1])
cred := str.Trim(matches[0][2])
NewSnifferEvent(
pkt.Metadata().Timestamp,
"ftp",
ip.SrcIP.String(),
ip.DstIP.String(),
nil,
"%s %s > %s:%s - %s %s",
tui.Wrap(tui.BACKYELLOW+tui.FOREWHITE, "ftp"),
vIP(ip.SrcIP),
vIP(ip.DstIP),
vPort(tcp.DstPort),
tui.Bold(what),
tui.Yellow(cred),
).Push()
return true
}
return false
}

2
modules/net_sniff_parsers.go
View file

@ -21,6 +21,8 @@ func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
return return
} else if httpParser(ip, pkt, tcp) { } else if httpParser(ip, pkt, tcp) {
return return
} else if ftpParser(ip, pkt, tcp) {
return
} else if verbose { } else if verbose {
NewSnifferEvent( NewSnifferEvent(
pkt.Metadata().Timestamp, pkt.Metadata().Timestamp,