mirror of
https://github.com/bettercap/bettercap
synced 2025-08-19 13:09:49 -07:00
[net.sniff] Add net.sniff.truncate param (default bool true) in order to toggle shortening / truncating (...) of long URLs in HTTP requests on demand
This commit is contained in:
Sabin Tudor
parent
366978e303
commit
839d5da9f2
4 changed files with 40 additions and 8 deletions
|
|
@ -23,6 +23,10 @@ func NewSniffer(s *session.Session) *Sniffer {
|
|||
Stats: nil,
|
||||
}
|
||||
|
||||
sniff.AddParam(session.NewBoolParameter("net.sniff.truncate",
|
||||
"true",
|
||||
"If true, will truncate long request URLs so user-agent fits on same line when possible, otherwise extra verbose / full URLs."))
|
||||
|
||||
sniff.AddParam(session.NewBoolParameter("net.sniff.verbose",
|
||||
"true",
|
||||
"If true, will print every captured packet, otherwise only selected ones."))
|
||||
|
|
@ -112,7 +116,7 @@ func (s Sniffer) isLocalPacket(packet gopacket.Packet) bool {
|
|||
}
|
||||
|
||||
func (s *Sniffer) onPacketMatched(pkt gopacket.Packet) {
|
||||
if mainParser(pkt, s.Ctx.Verbose) == true {
|
||||
if mainParser(pkt, s.Ctx.Verbose, s.Ctx.Truncate) == true {
|
||||
s.Stats.NumDumped++
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
type SnifferContext struct {
|
||||
Handle *pcap.Handle
|
||||
DumpLocal bool
|
||||
Truncate bool
|
||||
Verbose bool
|
||||
Filter string
|
||||
Expression string
|
||||
|
|
@ -42,6 +43,10 @@ func (s *Sniffer) GetContext() (error, *SnifferContext) {
|
|||
return err, ctx
|
||||
}
|
||||
|
||||
if err, ctx.Truncate = s.BoolParam("net.sniff.truncate"); err != nil {
|
||||
return err, ctx
|
||||
}
|
||||
|
||||
if err, ctx.Filter = s.StringParam("net.sniff.filter"); err != nil {
|
||||
return err, ctx
|
||||
} else if ctx.Filter != "" {
|
||||
|
|
@ -77,6 +82,7 @@ func NewSnifferContext() *SnifferContext {
|
|||
return &SnifferContext{
|
||||
Handle: nil,
|
||||
DumpLocal: false,
|
||||
Truncate: true,
|
||||
Verbose: true,
|
||||
Filter: "",
|
||||
Expression: "",
|
||||
|
|
@ -99,6 +105,12 @@ func (c *SnifferContext) Log(sess *session.Session) {
|
|||
log.Info("Skip local packets : %s", yes)
|
||||
}
|
||||
|
||||
if c.Truncate {
|
||||
log.Info("Truncate : %s", yes)
|
||||
} else {
|
||||
log.Info("Truncate : %s", no)
|
||||
}
|
||||
|
||||
if c.Verbose {
|
||||
log.Info("Verbose : %s", yes)
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@ package modules
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
|
||||
"github.com/evilsocket/bettercap-ng/core"
|
||||
"regexp"
|
||||
|
||||
"github.com/google/gopacket"
|
||||
"github.com/google/gopacket/layers"
|
||||
|
|
@ -13,7 +13,12 @@ import (
|
|||
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
|
||||
var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
|
||||
|
||||
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
|
||||
func httpParser(
|
||||
ip *layers.IPv4,
|
||||
pkt gopacket.Packet,
|
||||
tcp *layers.TCP,
|
||||
truncateURLs bool,
|
||||
) bool {
|
||||
data := tcp.Payload
|
||||
dataSize := len(data)
|
||||
|
||||
|
|
@ -41,6 +46,12 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
|
|||
}
|
||||
url += fmt.Sprintf("%s", path)
|
||||
|
||||
// shorten / truncate long URLs if needed
|
||||
formattedURL := string(url)
|
||||
if truncateURLs {
|
||||
formattedURL = vURL(url)
|
||||
}
|
||||
|
||||
NewSnifferEvent(
|
||||
pkt.Metadata().Timestamp,
|
||||
"http",
|
||||
|
|
@ -57,7 +68,7 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
|
|||
core.W(core.BG_RED+core.FG_BLACK, "http"),
|
||||
vIP(ip.SrcIP),
|
||||
core.W(core.BG_LBLUE+core.FG_BLACK, method),
|
||||
vURL(url),
|
||||
formattedURL,
|
||||
core.Dim(ua),
|
||||
).Push()
|
||||
|
||||
|
|
|
|||
|
|
@ -10,12 +10,17 @@ import (
|
|||
"github.com/google/gopacket/layers"
|
||||
)
|
||||
|
||||
func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
|
||||
func tcpParser(
|
||||
ip *layers.IPv4,
|
||||
pkt gopacket.Packet,
|
||||
verbose bool,
|
||||
truncateURLs bool,
|
||||
) {
|
||||
tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP)
|
||||
|
||||
if sniParser(ip, pkt, tcp) {
|
||||
return
|
||||
} else if httpParser(ip, pkt, tcp) {
|
||||
} else if httpParser(ip, pkt, tcp, truncateURLs) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -88,7 +93,7 @@ func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
|
|||
}
|
||||
}
|
||||
|
||||
func mainParser(pkt gopacket.Packet, verbose bool) bool {
|
||||
func mainParser(pkt gopacket.Packet, verbose bool, truncateURLs bool) bool {
|
||||
nlayer := pkt.NetworkLayer()
|
||||
if nlayer == nil {
|
||||
log.Debug("Missing network layer skipping packet.")
|
||||
|
|
@ -109,7 +114,7 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool {
|
|||
}
|
||||
|
||||
if tlayer.LayerType() == layers.LayerTypeTCP {
|
||||
tcpParser(ip, pkt, verbose)
|
||||
tcpParser(ip, pkt, verbose, truncateURLs)
|
||||
} else if tlayer.LayerType() == layers.LayerTypeUDP {
|
||||
udpParser(ip, pkt, verbose)
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue