github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-10 15:23:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

new: showing user agent while sniffing http requests

Browse source
This commit is contained in:
evilsocket 2018-01-10 14:43:38 +01:00
parent bb5b1295ed
commit 63f389643d
3 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/net_sniff_http.go
View file

@ -11,6 +11,7 @@ import (
) )
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)") var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := tcp.Payload data := tcp.Payload
@ -25,18 +26,25 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
return false return false
} }
url := fmt.Sprintf("http://%s", string(m[3])) ua := ""
mu := uaRe.FindSubmatch(data)
if len(mu) == 2 {
ua = string(mu[1])
}
url := fmt.Sprintf("%s", core.Yellow(string(m[3])))
if tcp.DstPort != 80 { if tcp.DstPort != 80 {
url += fmt.Sprintf(":%s", vPort(tcp.DstPort)) url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
} }
url += fmt.Sprintf("%s", string(m[2])) url += fmt.Sprintf("%s", string(m[2]))
SniffPrinter("[%s] %s %s %s %s\n", SniffPrinter("[%s] %s %s %s %s %s\n",
vTime(pkt.Metadata().Timestamp), vTime(pkt.Metadata().Timestamp),
core.W(core.BG_RED+core.FG_BLACK, "http"), core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP), vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, vURL(string(m[1]))), core.W(core.BG_LBLUE+core.FG_BLACK, vURL(string(m[1]))),
core.Yellow(url)) vURL(url),
core.Dim(ua))
return true return true
} }

7
modules/net_sniff_parsers.go
View file

@ -5,6 +5,7 @@ import (
"github.com/evilsocket/bettercap-ng/core" "github.com/evilsocket/bettercap-ng/core"
"github.com/evilsocket/bettercap-ng/log" "github.com/evilsocket/bettercap-ng/log"
"github.com/evilsocket/bettercap-ng/session"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
@ -12,7 +13,11 @@ import (
type SniffPrinterType func(format string, args ...interface{}) (int, error) type SniffPrinterType func(format string, args ...interface{}) (int, error)
var SniffPrinter = SniffPrinterType(fmt.Printf) var SniffPrinter = SniffPrinterType(func(format string, args ...interface{}) (n int, e error) {
n, e = fmt.Printf(format, args...)
session.I.Input.Refresh()
return
})
func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP) tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP)

2
modules/net_sniff_views.go
View file

@ -49,7 +49,7 @@ func vPort(p interface{}) string {
return sp return sp
} }
var maxUrlSize = 40 var maxUrlSize = 80
func vURL(u string) string { func vURL(u string) string {
ul := len(u) ul := len(u)