new: http requests which are not GETs are now properly reported

2025-08-19 21:13:18 -07:00 · 2018-02-23 12:16:43 +01:00 · 2018-02-23 12:16:43 +01:00 · c5baa7a077
commit c5baa7a077
parent 1ac5521038
3 changed files with 54 additions and 63 deletions
--- a/modules/net_sniff_http.go
+++ b/modules/net_sniff_http.go
@ -1,74 +1,38 @@
 package modules

 import (
-	"fmt"
+	"bufio"
+	"bytes"
+	"net/http"

 	"github.com/bettercap/bettercap/core"
-	"regexp"

 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 )

-var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
-var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
-var authRe = regexp.MustCompile("(?s).*Authorization: ([^\\n]+).+")
-
 func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	data := tcp.Payload
-	dataSize := len(data)
+	reader := bufio.NewReader(bytes.NewReader(data))
+	req, err := http.ReadRequest(reader)

-	if dataSize < 20 {
-		return false
+	if err == nil {
+		NewSnifferEvent(
+			pkt.Metadata().Timestamp,
+			"http",
+			ip.SrcIP.String(),
+			req.Host,
+			req,
+			"%s %s %s %s %s",
+			core.W(core.BG_RED+core.FG_BLACK, "http"),
+			vIP(ip.SrcIP),
+			core.W(core.BG_LBLUE+core.FG_BLACK, req.Method),
+			vURL(req.URL.String()),
+			core.Dim(req.UserAgent()),
+		).Push()
+
+		return true
 	}

-	m := httpRe.FindSubmatch(data)
-	if len(m) != 4 {
-		return false
-	}
-
-	method := string(m[1])
-	hostname := string(m[3])
-	path := string(m[2])
-	ua := ""
-	mu := uaRe.FindSubmatch(data)
-	if len(mu) == 2 {
-		ua = string(mu[1])
-	}
-	auth := ""
-	authDesc := ""
-	mauth := authRe.FindSubmatch(data)
-	if len(mauth) == 2 {
-		auth = string(mauth[1])
-		authDesc = fmt.Sprintf(" auth=%s", core.Red(auth))
-	}
-
-	url := fmt.Sprintf("%s", core.Yellow(hostname))
-	if tcp.DstPort != 80 {
-		url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
-	}
-	url += fmt.Sprintf("%s", path)
-
-	NewSnifferEvent(
-		pkt.Metadata().Timestamp,
-		"http",
-		ip.SrcIP.String(),
-		hostname,
-		SniffData{
-			"method": method,
-			"host":   hostname,
-			"path":   url,
-			"agent":  ua,
-			"auth":   auth,
-		},
-		"%s %s %s %s %s%s",
-		core.W(core.BG_RED+core.FG_BLACK, "http"),
-		vIP(ip.SrcIP),
-		core.W(core.BG_LBLUE+core.FG_BLACK, method),
-		vURL(url),
-		core.Dim(ua),
-		authDesc,
-	).Push()
-
-	return true
+	return false
 }