diff --git a/modules/events_view.go b/modules/events_view.go index 86d4ea19..4429688d 100644 --- a/modules/events_view.go +++ b/modules/events_view.go @@ -2,7 +2,8 @@ package modules import ( "fmt" - // "sort" + "io/ioutil" + "net/http" "strings" "github.com/bettercap/bettercap/core" @@ -88,10 +89,36 @@ func (s EventsStream) viewModuleEvent(e session.Event) { func (s EventsStream) viewSnifferEvent(e session.Event) { se := e.Data.(SnifferEvent) - fmt.Printf("[%s] [%s] %s\n", + misc := "" + + if e.Tag == "net.sniff.leak.http" { + req := se.Data.(*http.Request) + if req.Method != "GET" { + misc += "\n\n" + misc += fmt.Sprintf(" Method: %s\n", core.Yellow(req.Method)) + misc += fmt.Sprintf(" URL: %s\n", core.Yellow(req.URL.String())) + misc += fmt.Sprintf(" Headers:\n") + for name, values := range req.Header { + misc += fmt.Sprintf(" %s => %s\n", core.Green(name), strings.Join(values, ", ")) + } + + if err := req.ParseForm(); err == nil { + misc += " \n Form:\n\n" + for key, values := range req.Form { + misc += fmt.Sprintf(" %s => %s\n", core.Green(key), core.Bold(strings.Join(values, ", "))) + } + } else if req.Body != nil { + b, _ := ioutil.ReadAll(req.Body) + misc += fmt.Sprintf(" \n %s:\n\n %s\n", core.Bold("Body"), string(b)) + } + } + } + + fmt.Printf("[%s] [%s] %s %s\n", e.Time.Format(eventTimeFormat), core.Green(e.Tag), - se.Message) + se.Message, + misc) } func (s EventsStream) viewSynScanEvent(e session.Event) { diff --git a/modules/net_sniff_event.go b/modules/net_sniff_event.go index b4c28fef..ed84dac1 100644 --- a/modules/net_sniff_event.go +++ b/modules/net_sniff_event.go @@ -14,11 +14,11 @@ type SnifferEvent struct { Protocol string Source string Destination string - Data SniffData + Data interface{} Message string } -func NewSnifferEvent(t time.Time, proto string, src string, dst string, data SniffData, format string, args ...interface{}) SnifferEvent { +func NewSnifferEvent(t time.Time, proto string, src string, dst string, data interface{}, format string, args ...interface{}) SnifferEvent { return SnifferEvent{ PacketTime: t, Protocol: proto, diff --git a/modules/net_sniff_http.go b/modules/net_sniff_http.go index 8eb5e77d..edcc3658 100644 --- a/modules/net_sniff_http.go +++ b/modules/net_sniff_http.go @@ -1,74 +1,38 @@ package modules import ( - "fmt" + "bufio" + "bytes" + "net/http" "github.com/bettercap/bettercap/core" - "regexp" "github.com/google/gopacket" "github.com/google/gopacket/layers" ) -var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)") -var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+") -var authRe = regexp.MustCompile("(?s).*Authorization: ([^\\n]+).+") - func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { data := tcp.Payload - dataSize := len(data) + reader := bufio.NewReader(bytes.NewReader(data)) + req, err := http.ReadRequest(reader) - if dataSize < 20 { - return false + if err == nil { + NewSnifferEvent( + pkt.Metadata().Timestamp, + "http", + ip.SrcIP.String(), + req.Host, + req, + "%s %s %s %s %s", + core.W(core.BG_RED+core.FG_BLACK, "http"), + vIP(ip.SrcIP), + core.W(core.BG_LBLUE+core.FG_BLACK, req.Method), + vURL(req.URL.String()), + core.Dim(req.UserAgent()), + ).Push() + + return true } - m := httpRe.FindSubmatch(data) - if len(m) != 4 { - return false - } - - method := string(m[1]) - hostname := string(m[3]) - path := string(m[2]) - ua := "" - mu := uaRe.FindSubmatch(data) - if len(mu) == 2 { - ua = string(mu[1]) - } - auth := "" - authDesc := "" - mauth := authRe.FindSubmatch(data) - if len(mauth) == 2 { - auth = string(mauth[1]) - authDesc = fmt.Sprintf(" auth=%s", core.Red(auth)) - } - - url := fmt.Sprintf("%s", core.Yellow(hostname)) - if tcp.DstPort != 80 { - url += fmt.Sprintf(":%s", vPort(tcp.DstPort)) - } - url += fmt.Sprintf("%s", path) - - NewSnifferEvent( - pkt.Metadata().Timestamp, - "http", - ip.SrcIP.String(), - hostname, - SniffData{ - "method": method, - "host": hostname, - "path": url, - "agent": ua, - "auth": auth, - }, - "%s %s %s %s %s%s", - core.W(core.BG_RED+core.FG_BLACK, "http"), - vIP(ip.SrcIP), - core.W(core.BG_LBLUE+core.FG_BLACK, method), - vURL(url), - core.Dim(ua), - authDesc, - ).Push() - - return true + return false }