github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-15 09:33:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

new: http requests which are not GETs are now properly reported

Browse source
This commit is contained in:
evilsocket 2018-02-23 12:16:43 +01:00
parent 1ac5521038
commit c5baa7a077
3 changed files with 54 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

33
modules/events_view.go
View file

@ -2,7 +2,8 @@ package modules
import ( import (
"fmt" "fmt"
// "sort" "io/ioutil"
"net/http"
"strings" "strings"
"github.com/bettercap/bettercap/core" "github.com/bettercap/bettercap/core"
@ -88,10 +89,36 @@ func (s EventsStream) viewModuleEvent(e session.Event) {
func (s EventsStream) viewSnifferEvent(e session.Event) { func (s EventsStream) viewSnifferEvent(e session.Event) {
se := e.Data.(SnifferEvent) se := e.Data.(SnifferEvent)
fmt.Printf("[%s] [%s] %s\n", misc := ""
if e.Tag == "net.sniff.leak.http" {
req := se.Data.(*http.Request)
if req.Method != "GET" {
misc += "\n\n"
misc += fmt.Sprintf(" Method: %s\n", core.Yellow(req.Method))
misc += fmt.Sprintf(" URL: %s\n", core.Yellow(req.URL.String()))
misc += fmt.Sprintf(" Headers:\n")
for name, values := range req.Header {
misc += fmt.Sprintf(" %s => %s\n", core.Green(name), strings.Join(values, ", "))
}
if err := req.ParseForm(); err == nil {
misc += " \n Form:\n\n"
for key, values := range req.Form {
misc += fmt.Sprintf(" %s => %s\n", core.Green(key), core.Bold(strings.Join(values, ", ")))
}
} else if req.Body != nil {
b, _ := ioutil.ReadAll(req.Body)
misc += fmt.Sprintf(" \n %s:\n\n %s\n", core.Bold("Body"), string(b))
}
}
}
fmt.Printf("[%s] [%s] %s %s\n",
e.Time.Format(eventTimeFormat), e.Time.Format(eventTimeFormat),
core.Green(e.Tag), core.Green(e.Tag),
se.Message) se.Message,
misc)
} }
func (s EventsStream) viewSynScanEvent(e session.Event) { func (s EventsStream) viewSynScanEvent(e session.Event) {

4
modules/net_sniff_event.go
View file

@ -14,11 +14,11 @@ type SnifferEvent struct {
Protocol string Protocol string
Source string Source string
Destination string Destination string
Data SniffData Data interface{}
Message string Message string
} }
func NewSnifferEvent(t time.Time, proto string, src string, dst string, data SniffData, format string, args ...interface{}) SnifferEvent { func NewSnifferEvent(t time.Time, proto string, src string, dst string, data interface{}, format string, args ...interface{}) SnifferEvent {
return SnifferEvent{ return SnifferEvent{
PacketTime: t, PacketTime: t,
Protocol: proto, Protocol: proto,

80
modules/net_sniff_http.go
View file

@ -1,74 +1,38 @@
package modules package modules
import ( import (
"fmt" "bufio"
"bytes"
"net/http"
"github.com/bettercap/bettercap/core" "github.com/bettercap/bettercap/core"
"regexp"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
) )
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
var authRe = regexp.MustCompile("(?s).*Authorization: ([^\\n]+).+")
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := tcp.Payload data := tcp.Payload
dataSize := len(data) reader := bufio.NewReader(bytes.NewReader(data))
req, err := http.ReadRequest(reader)
if dataSize < 20 { if err == nil {
return false NewSnifferEvent(
pkt.Metadata().Timestamp,
"http",
ip.SrcIP.String(),
req.Host,
req,
"%s %s %s %s %s",
core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, req.Method),
vURL(req.URL.String()),
core.Dim(req.UserAgent()),
).Push()
return true
} }
m := httpRe.FindSubmatch(data) return false
if len(m) != 4 {
return false
}
method := string(m[1])
hostname := string(m[3])
path := string(m[2])
ua := ""
mu := uaRe.FindSubmatch(data)
if len(mu) == 2 {
ua = string(mu[1])
}
auth := ""
authDesc := ""
mauth := authRe.FindSubmatch(data)
if len(mauth) == 2 {
auth = string(mauth[1])
authDesc = fmt.Sprintf(" auth=%s", core.Red(auth))
}
url := fmt.Sprintf("%s", core.Yellow(hostname))
if tcp.DstPort != 80 {
url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
}
url += fmt.Sprintf("%s", path)
NewSnifferEvent(
pkt.Metadata().Timestamp,
"http",
ip.SrcIP.String(),
hostname,
SniffData{
"method": method,
"host": hostname,
"path": url,
"agent": ua,
"auth": auth,
},
"%s %s %s %s %s%s",
core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, method),
vURL(url),
core.Dim(ua),
authDesc,
).Push()
return true
} }