new: new teamviewer packet parser for net.sniff

2025-08-20 05:23:19 -07:00 · 2019-01-29 15:31:27 +01:00 · 2019-01-29 15:31:27 +01:00 · db7d6b64f0
commit db7d6b64f0
parent 0d7eb43ee5
3 changed files with 163 additions and 0 deletions
--- a/modules/net_sniff_tcp.go
+++ b/modules/net_sniff_tcp.go
@ -14,6 +14,7 @@ var tcpParsers = []func(*layers.IPv4, gopacket.Packet, *layers.TCP) bool{
 	ntlmParser,
 	httpParser,
 	ftpParser,
+	teamViewerParser,
 }

 func onTCP(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
--- a/modules/net_sniff_teamviewer.go
+++ b/modules/net_sniff_teamviewer.go
@ -0,0 +1,32 @@
+package modules
+
+import (
+	"github.com/bettercap/bettercap/packets"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/evilsocket/islazy/tui"
+)
+
+func teamViewerParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
+	if tcp.SrcPort == packets.TeamViewerPort || tcp.DstPort == packets.TeamViewerPort {
+		if tv := packets.ParseTeamViewer(tcp.Payload); tv != nil {
+			NewSnifferEvent(
+				pkt.Metadata().Timestamp,
+				"teamviewer",
+				ip.SrcIP.String(),
+				ip.DstIP.String(),
+				nil,
+				"%s %s %s > %s",
+				tui.Wrap(tui.BACKYELLOW+tui.FOREWHITE, "teamviewer"),
+				vIP(ip.SrcIP),
+				tui.Yellow(tv.Command),
+				vIP(ip.DstIP),
+			).Push()
+			return true
+		}
+	}
+
+	return false
+}