github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-20 05:23:19 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #41 from dimorphic/feature/sniff-truncate-urls

Browse source 
[feature] net.sniff.http truncate urls option
This commit is contained in:
Simone Margaritelli 2018-02-05 13:07:13 +01:00 committed by GitHub
commit 9ac49b4551
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 45 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/net_sniff.go
View file

@ -23,6 +23,10 @@ func NewSniffer(s *session.Session) *Sniffer {
Stats: nil, Stats: nil,
} }
sniff.AddParam(session.NewBoolParameter("net.sniff.truncate",
"true",
"If true, will truncate long request URLs so user-agent fits on same line when possible, otherwise extra verbose / full URLs."))
sniff.AddParam(session.NewBoolParameter("net.sniff.verbose", sniff.AddParam(session.NewBoolParameter("net.sniff.verbose",
"true", "true",
"If true, will print every captured packet, otherwise only selected ones.")) "If true, will print every captured packet, otherwise only selected ones."))
@ -112,7 +116,7 @@ func (s Sniffer) isLocalPacket(packet gopacket.Packet) bool {
} }
func (s *Sniffer) onPacketMatched(pkt gopacket.Packet) { func (s *Sniffer) onPacketMatched(pkt gopacket.Packet) {
if mainParser(pkt, s.Ctx.Verbose) == true { if mainParser(pkt, s.Ctx.Verbose, s.Ctx.Truncate) == true {
s.Stats.NumDumped++ s.Stats.NumDumped++
} }
} }

12
modules/net_sniff_context.go
View file

@ -16,6 +16,7 @@ import (
type SnifferContext struct { type SnifferContext struct {
Handle *pcap.Handle Handle *pcap.Handle
DumpLocal bool DumpLocal bool
Truncate bool
Verbose bool Verbose bool
Filter string Filter string
Expression string Expression string
@ -42,6 +43,10 @@ func (s *Sniffer) GetContext() (error, *SnifferContext) {
return err, ctx return err, ctx
} }
if err, ctx.Truncate = s.BoolParam("net.sniff.truncate"); err != nil {
return err, ctx
}
if err, ctx.Filter = s.StringParam("net.sniff.filter"); err != nil { if err, ctx.Filter = s.StringParam("net.sniff.filter"); err != nil {
return err, ctx return err, ctx
} else if ctx.Filter != "" { } else if ctx.Filter != "" {
@ -77,6 +82,7 @@ func NewSnifferContext() *SnifferContext {
return &SnifferContext{ return &SnifferContext{
Handle: nil, Handle: nil,
DumpLocal: false, DumpLocal: false,
Truncate: true,
Verbose: true, Verbose: true,
Filter: "", Filter: "",
Expression: "", Expression: "",
@ -99,6 +105,12 @@ func (c *SnifferContext) Log(sess *session.Session) {
log.Info("Skip local packets : %s", yes) log.Info("Skip local packets : %s", yes)
} }
if c.Truncate {
log.Info("Truncate : %s", yes)
} else {
log.Info("Truncate : %s", no)
}
if c.Verbose { if c.Verbose {
log.Info("Verbose : %s", yes) log.Info("Verbose : %s", yes)
} else { } else {

17
modules/net_sniff_http.go
View file

@ -2,9 +2,9 @@ package modules
import ( import (
"fmt" "fmt"
"regexp"
"github.com/evilsocket/bettercap-ng/core" "github.com/evilsocket/bettercap-ng/core"
"regexp"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
@ -13,7 +13,12 @@ import (
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)") var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+") var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { func httpParser(
ip *layers.IPv4,
pkt gopacket.Packet,
tcp *layers.TCP,
truncateURLs bool,
) bool {
data := tcp.Payload data := tcp.Payload
dataSize := len(data) dataSize := len(data)
@ -41,6 +46,12 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
} }
url += fmt.Sprintf("%s", path) url += fmt.Sprintf("%s", path)
// shorten / truncate long URLs if needed
formattedURL := string(url)
if truncateURLs {
formattedURL = vURL(url)
}
NewSnifferEvent( NewSnifferEvent(
pkt.Metadata().Timestamp, pkt.Metadata().Timestamp,
"http", "http",
@ -57,7 +68,7 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
core.W(core.BG_RED+core.FG_BLACK, "http"), core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP), vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, method), core.W(core.BG_LBLUE+core.FG_BLACK, method),
vURL(url), formattedURL,
core.Dim(ua), core.Dim(ua),
).Push() ).Push()

13
modules/net_sniff_parsers.go
View file

@ -10,12 +10,17 @@ import (
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
) )
func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { func tcpParser(
ip *layers.IPv4,
pkt gopacket.Packet,
verbose bool,
truncateURLs bool,
) {
tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP) tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP)
if sniParser(ip, pkt, tcp) { if sniParser(ip, pkt, tcp) {
return return
} else if httpParser(ip, pkt, tcp) { } else if httpParser(ip, pkt, tcp, truncateURLs) {
return return
} }
@ -88,7 +93,7 @@ func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
} }
} }
func mainParser(pkt gopacket.Packet, verbose bool) bool { func mainParser(pkt gopacket.Packet, verbose bool, truncateURLs bool) bool {
nlayer := pkt.NetworkLayer() nlayer := pkt.NetworkLayer()
if nlayer == nil { if nlayer == nil {
log.Debug("Missing network layer skipping packet.") log.Debug("Missing network layer skipping packet.")
@ -109,7 +114,7 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool {
} }
if tlayer.LayerType() == layers.LayerTypeTCP { if tlayer.LayerType() == layers.LayerTypeTCP {
tcpParser(ip, pkt, verbose) tcpParser(ip, pkt, verbose, truncateURLs)
} else if tlayer.LayerType() == layers.LayerTypeUDP { } else if tlayer.LayerType() == layers.LayerTypeUDP {
udpParser(ip, pkt, verbose) udpParser(ip, pkt, verbose)
} else { } else {

4
modules/net_sniff_sni.go
View file

@ -2,9 +2,9 @@ package modules
import ( import (
"fmt" "fmt"
"regexp"
"github.com/evilsocket/bettercap-ng/core" "github.com/evilsocket/bettercap-ng/core"
"regexp"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
@ -37,7 +37,7 @@ func sniParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
ip.SrcIP.String(), ip.SrcIP.String(),
domain, domain,
SniffData{ SniffData{
"Domain": domain, "host": domain,
}, },
"[%s] %s %s > %s", "[%s] %s %s > %s",
vTime(pkt.Metadata().Timestamp), vTime(pkt.Metadata().Timestamp),

4
modules/net_sniff_views.go
View file

@ -11,8 +11,10 @@ import (
"github.com/evilsocket/bettercap-ng/session" "github.com/evilsocket/bettercap-ng/session"
) )
const sniffTimeFormat = "2006-01-02 15:04:05"
func vTime(t time.Time) string { func vTime(t time.Time) string {
return t.Format("15:04:05") return t.Format(sniffTimeFormat)
} }
func vIP(ip net.IP) string { func vIP(ip net.IP) string {