new: net.sniff now supports ipv6

2025-08-14 10:46:57 -07:00 · 2021-04-03 19:20:12 +02:00 · 2021-04-03 19:20:12 +02:00 · cbc1432358
commit cbc1432358
parent bef4c6abaa
13 changed files with 122 additions and 83 deletions
--- a/modules/net_sniff/net_sniff_http.go
+++ b/modules/net_sniff/net_sniff_http.go
@ -5,6 +5,7 @@ import (
 	"bytes"
 	"compress/gzip"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"strings"

@ -116,19 +117,19 @@ func toSerializableResponse(res *http.Response) HTTPResponse {
 	}
 }

-func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
+func httpParser(srcIP, dstIP net.IP, payload []byte, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	data := tcp.Payload
 	if req, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(data))); err == nil {
 		if user, pass, ok := req.BasicAuth(); ok {
 			NewSnifferEvent(
 				pkt.Metadata().Timestamp,
 				"http.request",
-				ip.SrcIP.String(),
+				srcIP.String(),
 				req.Host,
 				toSerializableRequest(req),
 				"%s %s %s %s%s - %s %s, %s %s",
 				tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"),
-				vIP(ip.SrcIP),
+				vIP(srcIP),
 				tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method),
 				tui.Yellow(req.Host),
 				vURL(req.URL.String()),
@ -141,12 +142,12 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 			NewSnifferEvent(
 				pkt.Metadata().Timestamp,
 				"http.request",
-				ip.SrcIP.String(),
+				srcIP.String(),
 				req.Host,
 				toSerializableRequest(req),
 				"%s %s %s %s%s",
 				tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"),
-				vIP(ip.SrcIP),
+				vIP(srcIP),
 				tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method),
 				tui.Yellow(req.Host),
 				vURL(req.URL.String()),
@ -159,15 +160,15 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 		NewSnifferEvent(
 			pkt.Metadata().Timestamp,
 			"http.response",
-			ip.SrcIP.String(),
-			ip.DstIP.String(),
+			srcIP.String(),
+			dstIP.String(),
 			sres,
 			"%s %s:%d %s -> %s (%s %s)",
 			tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"),
-			vIP(ip.SrcIP),
+			vIP(srcIP),
 			tcp.SrcPort,
 			tui.Bold(res.Status),
-			vIP(ip.DstIP),
+			vIP(dstIP),
 			tui.Dim(humanize.Bytes(uint64(len(sres.Body)))),
 			tui.Yellow(sres.ContentType),
 		).Push()