github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-07 21:42:06 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

new: implemented api.rest module and GET /api/session route (ref #5).

Browse source
This commit is contained in:
evilsocket 2018-01-08 04:03:09 +01:00
parent aa25dae73c
commit c2826c9094
8 changed files with 232 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Makefile
View file

@ -35,7 +35,6 @@ deps:
@go get github.com/op/go-logging @go get github.com/op/go-logging
@go get github.com/robertkrimen/otto @go get github.com/robertkrimen/otto
clean: clean:
@rm -rf $(TARGET) net/oui_compiled.go @rm -rf $(TARGET) net/oui_compiled.go

8
caplets/rest-api.cap Normal file
View file

@ -0,0 +1,8 @@
# change these!
set api.rest.username bcap
set api.rest.password bcap
net.probe on
net.recon on
api.rest on

1
main.go
View file

@ -28,6 +28,7 @@ func main() {
sess.Register(session_modules.NewArpSpoofer(sess)) sess.Register(session_modules.NewArpSpoofer(sess))
sess.Register(session_modules.NewSniffer(sess)) sess.Register(session_modules.NewSniffer(sess))
sess.Register(session_modules.NewHttpProxy(sess)) sess.Register(session_modules.NewHttpProxy(sess))
sess.Register(session_modules.NewRestAPI(sess))
if err = sess.Start(); err != nil { if err = sess.Start(); err != nil {
log.Fatal(err) log.Fatal(err)

20
session/environment.go
View file

@ -8,30 +8,26 @@ import (
) )
type Environment struct { type Environment struct {
Padding int Padding int `json:"-"`
storage map[string]string Storage map[string]string `json:"storage"`
lock *sync.Mutex lock *sync.Mutex
} }
func NewEnvironment() *Environment { func NewEnvironment() *Environment {
env := &Environment{ env := &Environment{
Padding: 0, Padding: 0,
storage: make(map[string]string), Storage: make(map[string]string),
lock: &sync.Mutex{}, lock: &sync.Mutex{},
} }
return env return env
} }
func (env *Environment) Storage() *map[string]string {
return &env.storage
}
func (env *Environment) Has(name string) bool { func (env *Environment) Has(name string) bool {
env.lock.Lock() env.lock.Lock()
defer env.lock.Unlock() defer env.lock.Unlock()
_, found := env.storage[name] _, found := env.Storage[name]
return found return found
} }
@ -40,8 +36,8 @@ func (env *Environment) Set(name, value string) string {
env.lock.Lock() env.lock.Lock()
defer env.lock.Unlock() defer env.lock.Unlock()
old, _ := env.storage[name] old, _ := env.Storage[name]
env.storage[name] = value env.Storage[name] = value
width := len(name) width := len(name)
if width > env.Padding { if width > env.Padding {
@ -55,7 +51,7 @@ func (env *Environment) Get(name string) (bool, string) {
env.lock.Lock() env.lock.Lock()
defer env.lock.Unlock() defer env.lock.Unlock()
if value, found := env.storage[name]; found == true { if value, found := env.Storage[name]; found == true {
return true, value return true, value
} }
@ -79,7 +75,7 @@ func (env *Environment) Sorted() []string {
defer env.lock.Unlock() defer env.lock.Unlock()
var keys []string var keys []string
for k := range env.storage { for k := range env.Storage {
keys = append(keys, k) keys = append(keys, k)
} }
sort.Strings(keys) sort.Strings(keys)

197
session/modules/api_rest.go Normal file
View file

@ -0,0 +1,197 @@
package session_modules
import (
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"strings"
"github.com/evilsocket/bettercap-ng/core"
"github.com/evilsocket/bettercap-ng/session"
)
type RestAPI struct {
session.SessionModule
server *http.Server
username string
password string
}
func NewRestAPI(s *session.Session) *RestAPI {
api := &RestAPI{
SessionModule: session.NewSessionModule(s),
server: &http.Server{},
username: "",
password: "",
}
api.AddParam(session.NewStringParameter("api.rest.address",
"<interface address>",
`^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$`,
"Address to bind the API REST server to."))
api.AddParam(session.NewIntParameter("api.rest.port",
"8081",
"Port to bind the API REST server to."))
api.AddParam(session.NewStringParameter("api.rest.username",
"",
"",
"API authentication username."))
api.AddParam(session.NewStringParameter("api.rest.password",
"",
"",
"API authentication password."))
api.AddHandler(session.NewModuleHandler("api.rest on", "",
"Start REST API server.",
func(args []string) error {
return api.Start()
}))
api.AddHandler(session.NewModuleHandler("api.rest off", "",
"Stop REST API server.",
func(args []string) error {
return api.Stop()
}))
http.HandleFunc("/api/session", api.getSession)
return api
}
func (api *RestAPI) getSession(w http.ResponseWriter, r *http.Request) {
if api.checkAuth(w, r) == false {
return
}
js, err := json.Marshal(api.Session)
if err != nil {
log.Errorf("Error while returning session: %s", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(js)
}
func (api RestAPI) checkAuth(w http.ResponseWriter, r *http.Request) bool {
if api.Authenticated(w, r) == false {
log.Warningf("Unauthenticated access!")
http.Error(w, "Not authorized", 401)
return false
}
return true
}
func (api RestAPI) Authenticated(w http.ResponseWriter, r *http.Request) bool {
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
parts := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
if len(parts) != 2 {
return false
}
b, err := base64.StdEncoding.DecodeString(parts[1])
if err != nil {
return false
}
pair := strings.SplitN(string(b), ":", 2)
if len(pair) != 2 {
return false
}
if pair[0] != api.username || pair[1] != api.password {
return false
}
return true
}
func (api RestAPI) Name() string {
return "REST API"
}
func (api RestAPI) Description() string {
return "Expose a RESTful API."
}
func (api RestAPI) Author() string {
return "Simone Margaritelli <evilsocket@protonmail.com>"
}
func (api RestAPI) OnSessionStarted(s *session.Session) {
// refresh the address after session has been created
s.Env.Set("api.rest.address", s.Interface.IpAddress)
}
func (api RestAPI) OnSessionEnded(s *session.Session) {
if api.Running() {
api.Stop()
}
}
func (api *RestAPI) Start() error {
var address string
var port int
if err, v := api.Param("api.rest.address").Get(api.Session); err != nil {
return err
} else {
address = v.(string)
}
if err, v := api.Param("api.rest.port").Get(api.Session); err != nil {
return err
} else {
port = v.(int)
}
if err, v := api.Param("api.rest.username").Get(api.Session); err != nil {
return err
} else {
api.username = v.(string)
if api.username == "" {
return fmt.Errorf("api.rest.username is empty.")
}
}
if err, v := api.Param("api.rest.password").Get(api.Session); err != nil {
return err
} else {
api.password = v.(string)
if api.password == "" {
return fmt.Errorf("api.rest.password is empty.")
}
}
if api.Running() == false {
api.SetRunning(true)
api.server.Addr = fmt.Sprintf("%s:%d", address, port)
go func() {
fmt.Printf("[%s] starting on http://%s/ ...\n", core.Green("api"), api.server.Addr)
err := api.server.ListenAndServe()
if err != nil {
fmt.Printf("[%s] %s\n", core.Green("api"), err)
}
}()
return nil
} else {
return fmt.Errorf("REST API server already started.")
}
}
func (api *RestAPI) Stop() error {
if api.Running() == true {
api.SetRunning(false)
return api.server.Shutdown(nil)
} else {
return fmt.Errorf("REST API server already stopped.")
}
}

8
session/modules/http_proxy.go
View file

@ -49,15 +49,15 @@ func NewHttpProxy(s *session.Session) *HttpProxy {
"80", "80",
"HTTP port to redirect when the proxy is activated.")) "HTTP port to redirect when the proxy is activated."))
p.AddParam(session.NewIntParameter("http.proxy.port",
"8080",
"Port to bind the HTTP proxy to."))
p.AddParam(session.NewStringParameter("http.proxy.address", p.AddParam(session.NewStringParameter("http.proxy.address",
"<interface address>", "<interface address>",
`^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$`, `^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$`,
"Address to bind the HTTP proxy to.")) "Address to bind the HTTP proxy to."))
p.AddParam(session.NewIntParameter("http.proxy.port",
"8080",
"Port to bind the HTTP proxy to."))
p.AddParam(session.NewStringParameter("http.proxy.script", p.AddParam(session.NewStringParameter("http.proxy.script",
"", "",
"", "",

2
session/modules/http_proxy_script.go
View file

@ -49,7 +49,7 @@ func LoadProxyScript(path string, sess *session.Session) (err error, s *ProxyScr
} }
// define session pointer // define session pointer
err = s.VM.Set("env", *sess.Env.Storage()) err = s.VM.Set("env", sess.Env.Storage)
if err != nil { if err != nil {
log.Errorf("Error while defining environment: %s", err) log.Errorf("Error while defining environment: %s", err)
return return

26
session/session.go
View file

@ -22,20 +22,20 @@ import (
) )
type Session struct { type Session struct {
Options core.Options Options core.Options `json:"options"`
Interface *net.Endpoint Interface *net.Endpoint `json:"interface"`
Gateway *net.Endpoint Gateway *net.Endpoint `json:"gateway"`
Firewall firewall.FirewallManager Firewall firewall.FirewallManager `json:"-"`
Env *Environment Env *Environment `json:"env"`
Targets *Targets Targets *Targets `json:"targets"`
Queue *packets.Queue Queue *packets.Queue `json:"-"`
Input *readline.Instance Input *readline.Instance `json:"-"`
Active bool Active bool `json:"active"`
// Watcher *discovery.Watcher // Watcher *discovery.Watcher
CoreHandlers []CommandHandler CoreHandlers []CommandHandler `json:"-"`
Modules []Module Modules []Module `json:"-"`
HelpPadding int HelpPadding int `json:"-"`
} }
func New() (*Session, error) { func New() (*Session, error) {
@ -175,7 +175,7 @@ func (s *Session) registerCoreHandlers() {
prev_ns = ns prev_ns = ns
} }
fmt.Printf(" %"+strconv.Itoa(s.Env.Padding)+"s: '%s'\n", k, s.Env.storage[k]) fmt.Printf(" %"+strconv.Itoa(s.Env.Padding)+"s: '%s'\n", k, s.Env.Storage[k])
} }
fmt.Println() fmt.Println()
} else if found, value := s.Env.Get(key); found == true { } else if found, value := s.Env.Get(key); found == true {