From fc3e54a84cdf776955c211f0df9cfd6baa57d8d3 Mon Sep 17 00:00:00 2001 From: eenblam Date: Mon, 10 Sep 2018 12:34:06 -0700 Subject: [PATCH 1/3] Handle panic from type cast --- modules/net_sniff_parsers.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go index 58ed68fe..88030c31 100644 --- a/modules/net_sniff_parsers.go +++ b/modules/net_sniff_parsers.go @@ -97,7 +97,11 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool { return false } - ip := nlayer.(*layers.IPv4) + ip, ok := nlayer.(*layers.IPv4) + if !ok { + log.Debug("Could not extract network layer, skipping packet") + return false + } tlayer := pkt.TransportLayer() if tlayer == nil { From 3558170cdd7ccbdd020e0089c623c3318b561a93 Mon Sep 17 00:00:00 2001 From: eenblam Date: Mon, 10 Sep 2018 13:13:01 -0700 Subject: [PATCH 2/3] Don't drop ICMPv4 packets in sniffer Fixes https://github.com/bettercap/caplets/issues/11 insofar as the packets are now logged, but it doesn't provide useful interpretation of the payload yet. --- modules/net_sniff_parsers.go | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go index 88030c31..309dba18 100644 --- a/modules/net_sniff_parsers.go +++ b/modules/net_sniff_parsers.go @@ -69,6 +69,31 @@ func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { } } +// icmpParser logs ICMPv4 events when verbose, and does nothing otherwise. +// +// A useful improvement would be to log the ICMP code +// and add meaningful interpretation of the payload based on code. +func icmpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { + if verbose { + icmp := pkt.Layer(layers.LayerTypeICMPv4) + layerType := icmp.LayerType().String() + NewSnifferEvent( + pkt.Metadata().Timestamp, + layerType, + vIP(ip.SrcIP), + vIP(ip.DstIP), + SniffData{ + "Size": len(ip.Payload), + }, + "%s %s > %s %s", + core.W(core.BG_DGRAY+core.FG_WHITE, layerType), + vIP(ip.SrcIP), + vIP(ip.DstIP), + core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))), + ).Push() + } +} + func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { if verbose { NewSnifferEvent( @@ -105,8 +130,14 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool { tlayer := pkt.TransportLayer() if tlayer == nil { - log.Debug("Missing transport layer skipping packet.") - return false + _, icmpOk := pkt.Layer(layers.LayerTypeICMPv4).(*layers.ICMPv4) + if icmpOk { + icmpParser(ip, pkt, verbose) + return true + } else { + log.Debug("Missing transport layer skipping packet.") + return false + } } if tlayer.LayerType() == layers.LayerTypeTCP { From cd210d8bd8c9a51d18048fe5a401d56dd4772271 Mon Sep 17 00:00:00 2001 From: eenblam Date: Mon, 10 Sep 2018 13:21:46 -0700 Subject: [PATCH 3/3] Handle more potential panics in parser functions --- modules/net_sniff_parsers.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go index 309dba18..275f8bc3 100644 --- a/modules/net_sniff_parsers.go +++ b/modules/net_sniff_parsers.go @@ -12,7 +12,11 @@ import ( ) func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { - tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP) + tcp, tcpOk := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP) + if !tcpOk { + log.Debug("Could not parse TCP layer, skipping packet") + return + } if sniParser(ip, pkt, tcp) { return @@ -41,7 +45,11 @@ func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { } func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { - udp := pkt.Layer(layers.LayerTypeUDP).(*layers.UDP) + udp, udpOk := pkt.Layer(layers.LayerTypeUDP).(*layers.UDP) + if !udpOk { + log.Debug("Could not parse UDP layer, skipping packet") + return + } if dnsParser(ip, pkt, udp) { return @@ -122,8 +130,8 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool { return false } - ip, ok := nlayer.(*layers.IPv4) - if !ok { + ip, ipOk := nlayer.(*layers.IPv4) + if !ipOk { log.Debug("Could not extract network layer, skipping packet") return false }