new: new http auth parser

modules/net_sniff_http.go

@@ -12,6 +12,7 @@ import (
 
 var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
 var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
+var authRe = regexp.MustCompile("(?s).*Authorization: ([^\\n]+).+")
 
 func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	data := tcp.Payload
@@ -34,6 +35,13 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	if len(mu) == 2 {
 		ua = string(mu[1])
 	}
+	auth := ""
+	authDesc := ""
+	mauth := authRe.FindSubmatch(data)
+	if len(mauth) == 2 {
+		auth = string(mauth[1])
+		authDesc = fmt.Sprintf(" auth=%s", core.Red(auth))
+	}
 
 	url := fmt.Sprintf("%s", core.Yellow(hostname))
 	if tcp.DstPort != 80 {
@@ -51,13 +59,15 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 			"host":   hostname,
 			"path":   url,
 			"agent":  ua,
+			"auth":   auth,
 		},
-		"%s %s %s %s %s",
+		"%s %s %s %s %s%s",
 		core.W(core.BG_RED+core.FG_BLACK, "http"),
 		vIP(ip.SrcIP),
 		core.W(core.BG_LBLUE+core.FG_BLACK, method),
 		vURL(url),
 		core.Dim(ua),
+		authDesc,
 	).Push()
 
 	return true