From d21793fc8faee2531453b8cab7f8fbcc9cda62c7 Mon Sep 17 00:00:00 2001 From: Stephan Neuhaus Date: Fri, 1 Nov 2019 10:55:45 +0100 Subject: [PATCH 1/3] Vew HTTP Basic authnoriyation credentials when sniffing --- modules/events_stream/events_view_http.go | 7 ++-- modules/net_sniff/net_sniff_http.go | 46 ++++++++++++++++------- 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/modules/events_stream/events_view_http.go b/modules/events_stream/events_view_http.go index af32a727..ef7cf78e 100644 --- a/modules/events_stream/events_view_http.go +++ b/modules/events_stream/events_view_http.go @@ -6,11 +6,12 @@ import ( "encoding/hex" "encoding/json" "fmt" - "github.com/bettercap/bettercap/modules/net_sniff" "net/url" "regexp" "strings" + "github.com/bettercap/bettercap/modules/net_sniff" + "github.com/bettercap/bettercap/session" "github.com/evilsocket/islazy/tui" @@ -130,14 +131,14 @@ func (mod *EventsStream) dumpRaw(body []byte) string { func (mod *EventsStream) viewHttpRequest(e session.Event) { se := e.Data.(net_sniff.SnifferEvent) - req := se.Data.(net_sniff.HTTPRequest) fmt.Fprintf(mod.output, "[%s] [%s] %s\n", e.Time.Format(mod.timeFormat), tui.Green(e.Tag), se.Message) - if mod.shouldDumpHttpRequest(req) { + if se.Data != nil && mod.shouldDumpHttpRequest(se.Data.(net_sniff.HTTPRequest)) { + req := se.Data.(net_sniff.HTTPRequest) dump := fmt.Sprintf("%s %s %s\n", tui.Bold(req.Method), req.URL, tui.Dim(req.Proto)) dump += fmt.Sprintf("%s: %s\n", tui.Blue("Host"), tui.Yellow(req.Host)) for name, values := range req.Headers { diff --git a/modules/net_sniff/net_sniff_http.go b/modules/net_sniff/net_sniff_http.go index 82e9d038..2f3aee67 100644 --- a/modules/net_sniff/net_sniff_http.go +++ b/modules/net_sniff/net_sniff_http.go @@ -119,19 +119,39 @@ func toSerializableResponse(res *http.Response) HTTPResponse { func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { data := tcp.Payload if req, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(data))); err == nil { - NewSnifferEvent( - pkt.Metadata().Timestamp, - "http.request", - ip.SrcIP.String(), - req.Host, - toSerializableRequest(req), - "%s %s %s %s%s", - tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"), - vIP(ip.SrcIP), - tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method), - tui.Yellow(req.Host), - vURL(req.URL.String()), - ).Push() + if user, pass, ok := req.BasicAuth(); ok { + NewSnifferEvent( + pkt.Metadata().Timestamp, + "http.request", + ip.SrcIP.String(), + req.Host, + toSerializableRequest(req), + "%s %s %s %s%s - %s %s, %s %s", + tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"), + vIP(ip.SrcIP), + tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method), + tui.Yellow(req.Host), + vURL(req.URL.String()), + tui.Bold("USER"), + tui.Red(user), + tui.Bold("PASS"), + tui.Red(pass), + ).Push() + } else { + NewSnifferEvent( + pkt.Metadata().Timestamp, + "http.request", + ip.SrcIP.String(), + req.Host, + toSerializableRequest(req), + "%s %s %s %s%s", + tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"), + vIP(ip.SrcIP), + tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method), + tui.Yellow(req.Host), + vURL(req.URL.String()), + ).Push() + } return true } else if res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(data)), nil); err == nil { From 76c1e41f70c4a07a6318c54c249399e58e9da3bc Mon Sep 17 00:00:00 2001 From: Stephan Neuhaus Date: Fri, 1 Nov 2019 10:59:00 +0100 Subject: [PATCH 2/3] Undid changes in events_view_http.go --- modules/events_stream/events_view_http.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/events_stream/events_view_http.go b/modules/events_stream/events_view_http.go index ef7cf78e..9dfb0b90 100644 --- a/modules/events_stream/events_view_http.go +++ b/modules/events_stream/events_view_http.go @@ -131,14 +131,14 @@ func (mod *EventsStream) dumpRaw(body []byte) string { func (mod *EventsStream) viewHttpRequest(e session.Event) { se := e.Data.(net_sniff.SnifferEvent) + req := se.Data.(net_sniff.HTTPRequest) fmt.Fprintf(mod.output, "[%s] [%s] %s\n", e.Time.Format(mod.timeFormat), tui.Green(e.Tag), se.Message) - if se.Data != nil && mod.shouldDumpHttpRequest(se.Data.(net_sniff.HTTPRequest)) { - req := se.Data.(net_sniff.HTTPRequest) + if mod.shouldDumpHttpRequest(se.Data.(net_sniff.HTTPRequest)) { dump := fmt.Sprintf("%s %s %s\n", tui.Bold(req.Method), req.URL, tui.Dim(req.Proto)) dump += fmt.Sprintf("%s: %s\n", tui.Blue("Host"), tui.Yellow(req.Host)) for name, values := range req.Headers { From 00778f1c8085158cb97d6fa279924df24e124833 Mon Sep 17 00:00:00 2001 From: Stephan Neuhaus Date: Fri, 1 Nov 2019 10:55:45 +0100 Subject: [PATCH 3/3] View HTTP Basic authorization credentials when sniffing Undid changes in events_view_http.go Undid more changed to events_view_http.go Undid more changed to events_view_http.go --- modules/events_stream/events_view_http.go | 2 +- modules/net_sniff/net_sniff_http.go | 46 ++++++++++++++++------- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/modules/events_stream/events_view_http.go b/modules/events_stream/events_view_http.go index af32a727..e7e4a9da 100644 --- a/modules/events_stream/events_view_http.go +++ b/modules/events_stream/events_view_http.go @@ -6,11 +6,11 @@ import ( "encoding/hex" "encoding/json" "fmt" - "github.com/bettercap/bettercap/modules/net_sniff" "net/url" "regexp" "strings" + "github.com/bettercap/bettercap/modules/net_sniff" "github.com/bettercap/bettercap/session" "github.com/evilsocket/islazy/tui" diff --git a/modules/net_sniff/net_sniff_http.go b/modules/net_sniff/net_sniff_http.go index 82e9d038..2f3aee67 100644 --- a/modules/net_sniff/net_sniff_http.go +++ b/modules/net_sniff/net_sniff_http.go @@ -119,19 +119,39 @@ func toSerializableResponse(res *http.Response) HTTPResponse { func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool { data := tcp.Payload if req, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(data))); err == nil { - NewSnifferEvent( - pkt.Metadata().Timestamp, - "http.request", - ip.SrcIP.String(), - req.Host, - toSerializableRequest(req), - "%s %s %s %s%s", - tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"), - vIP(ip.SrcIP), - tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method), - tui.Yellow(req.Host), - vURL(req.URL.String()), - ).Push() + if user, pass, ok := req.BasicAuth(); ok { + NewSnifferEvent( + pkt.Metadata().Timestamp, + "http.request", + ip.SrcIP.String(), + req.Host, + toSerializableRequest(req), + "%s %s %s %s%s - %s %s, %s %s", + tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"), + vIP(ip.SrcIP), + tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method), + tui.Yellow(req.Host), + vURL(req.URL.String()), + tui.Bold("USER"), + tui.Red(user), + tui.Bold("PASS"), + tui.Red(pass), + ).Push() + } else { + NewSnifferEvent( + pkt.Metadata().Timestamp, + "http.request", + ip.SrcIP.String(), + req.Host, + toSerializableRequest(req), + "%s %s %s %s%s", + tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"), + vIP(ip.SrcIP), + tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method), + tui.Yellow(req.Host), + vURL(req.URL.String()), + ).Push() + } return true } else if res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(data)), nil); err == nil {