new: http requests which are not GETs are now properly reported

modules/events_view.go

@@ -2,7 +2,8 @@ package modules
 
 import (
 	"fmt"
-	// "sort"
+	"io/ioutil"
+	"net/http"
 	"strings"
 
 	"github.com/bettercap/bettercap/core"
@@ -88,10 +89,36 @@ func (s EventsStream) viewModuleEvent(e session.Event) {
 
 func (s EventsStream) viewSnifferEvent(e session.Event) {
 	se := e.Data.(SnifferEvent)
-	fmt.Printf("[%s] [%s] %s\n",
+	misc := ""
+
+	if e.Tag == "net.sniff.leak.http" {
+		req := se.Data.(*http.Request)
+		if req.Method != "GET" {
+			misc += "\n\n"
+			misc += fmt.Sprintf("  Method: %s\n", core.Yellow(req.Method))
+			misc += fmt.Sprintf("  URL: %s\n", core.Yellow(req.URL.String()))
+			misc += fmt.Sprintf("  Headers:\n")
+			for name, values := range req.Header {
+				misc += fmt.Sprintf("    %s => %s\n", core.Green(name), strings.Join(values, ", "))
+			}
+
+			if err := req.ParseForm(); err == nil {
+				misc += "  \n  Form:\n\n"
+				for key, values := range req.Form {
+					misc += fmt.Sprintf("    %s => %s\n", core.Green(key), core.Bold(strings.Join(values, ", ")))
+				}
+			} else if req.Body != nil {
+				b, _ := ioutil.ReadAll(req.Body)
+				misc += fmt.Sprintf("  \n  %s:\n\n    %s\n", core.Bold("Body"), string(b))
+			}
+		}
+	}
+
+	fmt.Printf("[%s] [%s] %s %s\n",
 		e.Time.Format(eventTimeFormat),
 		core.Green(e.Tag),
-		se.Message)
+		se.Message,
+		misc)
 }
 
 func (s EventsStream) viewSynScanEvent(e session.Event) {

modules/net_sniff_event.go

@@ -14,11 +14,11 @@ type SnifferEvent struct {
 	Protocol    string
 	Source      string
 	Destination string
-	Data        SniffData
+	Data        interface{}
 	Message     string
 }
 
-func NewSnifferEvent(t time.Time, proto string, src string, dst string, data SniffData, format string, args ...interface{}) SnifferEvent {
+func NewSnifferEvent(t time.Time, proto string, src string, dst string, data interface{}, format string, args ...interface{}) SnifferEvent {
 	return SnifferEvent{
 		PacketTime:  t,
 		Protocol:    proto,

modules/net_sniff_http.go

@@ -1,74 +1,38 @@
 package modules
 
 import (
-	"fmt"
+	"bufio"
+	"bytes"
+	"net/http"
 
 	"github.com/bettercap/bettercap/core"
-	"regexp"
 
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 )
 
-var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
-var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
-var authRe = regexp.MustCompile("(?s).*Authorization: ([^\\n]+).+")
-
 func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	data := tcp.Payload
-	dataSize := len(data)
-
-	if dataSize < 20 {
-		return false
-	}
-
-	m := httpRe.FindSubmatch(data)
-	if len(m) != 4 {
-		return false
-	}
-
-	method := string(m[1])
-	hostname := string(m[3])
-	path := string(m[2])
-	ua := ""
-	mu := uaRe.FindSubmatch(data)
-	if len(mu) == 2 {
-		ua = string(mu[1])
-	}
-	auth := ""
-	authDesc := ""
-	mauth := authRe.FindSubmatch(data)
-	if len(mauth) == 2 {
-		auth = string(mauth[1])
-		authDesc = fmt.Sprintf(" auth=%s", core.Red(auth))
-	}
-
-	url := fmt.Sprintf("%s", core.Yellow(hostname))
-	if tcp.DstPort != 80 {
-		url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
-	}
-	url += fmt.Sprintf("%s", path)
+	reader := bufio.NewReader(bytes.NewReader(data))
+	req, err := http.ReadRequest(reader)
 
+	if err == nil {
 		NewSnifferEvent(
 			pkt.Metadata().Timestamp,
 			"http",
 			ip.SrcIP.String(),
-		hostname,
-		SniffData{
-			"method": method,
-			"host":   hostname,
-			"path":   url,
-			"agent":  ua,
-			"auth":   auth,
-		},
-		"%s %s %s %s %s%s",
+			req.Host,
+			req,
+			"%s %s %s %s %s",
 			core.W(core.BG_RED+core.FG_BLACK, "http"),
 			vIP(ip.SrcIP),
-		core.W(core.BG_LBLUE+core.FG_BLACK, method),
-		vURL(url),
-		core.Dim(ua),
-		authDesc,
+			core.W(core.BG_LBLUE+core.FG_BLACK, req.Method),
+			vURL(req.URL.String()),
+			core.Dim(req.UserAgent()),
 		).Push()
 
 		return true
 	}
+
+	return false
+}