github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-08 05:51:37 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

new: showing user agent while sniffing http requests

Browse source
This commit is contained in:
evilsocket 2018-01-10 14:43:38 +01:00
parent bb5b1295ed
commit 63f389643d
3 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/net_sniff_http.go
View file

@ -11,6 +11,7 @@ import (
)
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := tcp.Payload
@ -25,18 +26,25 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
return false
}
url := fmt.Sprintf("http://%s", string(m[3]))
ua := ""
mu := uaRe.FindSubmatch(data)
if len(mu) == 2 {
ua = string(mu[1])
}
url := fmt.Sprintf("%s", core.Yellow(string(m[3])))
if tcp.DstPort != 80 {
url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
}
url += fmt.Sprintf("%s", string(m[2]))
SniffPrinter("[%s] %s %s %s %s\n",
SniffPrinter("[%s] %s %s %s %s %s\n",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, vURL(string(m[1]))),
core.Yellow(url))
vURL(url),
core.Dim(ua))
return true
}

7
modules/net_sniff_parsers.go
View file

@ -5,6 +5,7 @@ import (
"github.com/evilsocket/bettercap-ng/core"
"github.com/evilsocket/bettercap-ng/log"
"github.com/evilsocket/bettercap-ng/session"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
@ -12,7 +13,11 @@ import (
type SniffPrinterType func(format string, args ...interface{}) (int, error)
var SniffPrinter = SniffPrinterType(fmt.Printf)
var SniffPrinter = SniffPrinterType(func(format string, args ...interface{}) (n int, e error) {
n, e = fmt.Printf(format, args...)
session.I.Input.Refresh()
return
})
func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP)

2
modules/net_sniff_views.go
View file

@ -49,7 +49,7 @@ func vPort(p interface{}) string {
return sp
}
var maxUrlSize = 40
var maxUrlSize = 80
func vURL(u string) string {
ul := len(u)