github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-12 08:07:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Refactoring modules

Browse source
This commit is contained in:
Giuseppe Trotta 2019-02-10 23:58:08 +01:00
parent c0d3c314fc
commit ed652622e2
89 changed files with 186 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

253
modules/api_rest/api_rest_controller.go Normal file
View file

@ -0,0 +1,253 @@
package api_rest
import (
"crypto/subtle"
"encoding/json"
"net/http"
"strconv"
"strings"
"github.com/bettercap/bettercap/log"
"github.com/bettercap/bettercap/session"
"github.com/gorilla/mux"
)
type CommandRequest struct {
Command string `json:"cmd"`
}
type APIResponse struct {
Success bool `json:"success"`
Message string `json:"msg"`
}
func setAuthFailed(w http.ResponseWriter, r *http.Request) {
log.Warning("Unauthorized authentication attempt from %s", r.RemoteAddr)
w.Header().Set("WWW-Authenticate", `Basic realm="auth"`)
w.WriteHeader(401)
w.Write([]byte("Unauthorized"))
}
func toJSON(w http.ResponseWriter, o interface{}) {
w.Header().Set("Content-Type", "application/json")
if err := json.NewEncoder(w).Encode(o); err != nil {
log.Error("error while encoding object to JSON: %v", err)
}
}
func (api *RestAPI) setSecurityHeaders(w http.ResponseWriter) {
w.Header().Add("X-Frame-Options", "DENY")
w.Header().Add("X-Content-Type-Options", "nosniff")
w.Header().Add("X-XSS-Protection", "1; mode=block")
w.Header().Add("Referrer-Policy", "same-origin")
w.Header().Set("Access-Control-Allow-Origin", api.allowOrigin)
}
func (api *RestAPI) checkAuth(r *http.Request) bool {
if api.username != "" && api.password != "" {
user, pass, _ := r.BasicAuth()
// timing attack my ass
if subtle.ConstantTimeCompare([]byte(user), []byte(api.username)) != 1 {
return false
} else if subtle.ConstantTimeCompare([]byte(pass), []byte(api.password)) != 1 {
return false
}
}
return true
}
func (api *RestAPI) showSession(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I)
}
func (api *RestAPI) showBle(w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
mac := strings.ToLower(params["mac"])
if mac == "" {
toJSON(w, session.I.BLE)
} else if dev, found := session.I.BLE.Get(mac); found {
toJSON(w, dev)
} else {
http.Error(w, "Not Found", 404)
}
}
func (api *RestAPI) showEnv(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.Env)
}
func (api *RestAPI) showGateway(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.Gateway)
}
func (api *RestAPI) showInterface(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.Interface)
}
func (api *RestAPI) showModules(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.Modules)
}
func (api *RestAPI) showLan(w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
mac := strings.ToLower(params["mac"])
if mac == "" {
toJSON(w, session.I.Lan)
} else if host, found := session.I.Lan.Get(mac); found {
toJSON(w, host)
} else {
http.Error(w, "Not Found", 404)
}
}
func (api *RestAPI) showOptions(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.Options)
}
func (api *RestAPI) showPackets(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.Queue)
}
func (api *RestAPI) showStartedAt(w http.ResponseWriter, r *http.Request) {
toJSON(w, session.I.StartedAt)
}
func (api *RestAPI) showWiFi(w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
mac := strings.ToLower(params["mac"])
if mac == "" {
toJSON(w, session.I.WiFi)
} else if station, found := session.I.WiFi.Get(mac); found {
toJSON(w, station)
} else if client, found := session.I.WiFi.GetClient(mac); found {
toJSON(w, client)
} else {
http.Error(w, "Not Found", 404)
}
}
func (api *RestAPI) runSessionCommand(w http.ResponseWriter, r *http.Request) {
var err error
var cmd CommandRequest
if r.Body == nil {
http.Error(w, "Bad Request", 400)
} else if err = json.NewDecoder(r.Body).Decode(&cmd); err != nil {
http.Error(w, "Bad Request", 400)
} else if err = session.I.Run(cmd.Command); err != nil {
http.Error(w, err.Error(), 400)
} else {
toJSON(w, APIResponse{Success: true})
}
}
func (api *RestAPI) showEvents(w http.ResponseWriter, r *http.Request) {
var err error
if api.useWebsocket {
api.startStreamingEvents(w, r)
} else {
events := session.I.Events.Sorted()
nevents := len(events)
nmax := nevents
n := nmax
q := r.URL.Query()
vals := q["n"]
if len(vals) > 0 {
n, err = strconv.Atoi(q["n"][0])
if err == nil {
if n > nmax {
n = nmax
}
} else {
n = nmax
}
}
toJSON(w, events[nevents-n:])
}
}
func (api *RestAPI) clearEvents(w http.ResponseWriter, r *http.Request) {
session.I.Events.Clear()
}
func (api *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) {
api.setSecurityHeaders(w)
if !api.checkAuth(r) {
setAuthFailed(w, r)
return
} else if r.Method == "POST" {
api.runSessionCommand(w, r)
return
} else if r.Method != "GET" {
http.Error(w, "Bad Request", 400)
return
}
session.I.Lock()
defer session.I.Unlock()
path := r.URL.String()
switch {
case path == "/api/session":
api.showSession(w, r)
case path == "/api/session/env":
api.showEnv(w, r)
case path == "/api/session/gateway":
api.showGateway(w, r)
case path == "/api/session/interface":
api.showInterface(w, r)
case strings.HasPrefix(path, "/api/session/modules"):
api.showModules(w, r)
case strings.HasPrefix(path, "/api/session/lan"):
api.showLan(w, r)
case path == "/api/session/options":
api.showOptions(w, r)
case path == "/api/session/packets":
api.showPackets(w, r)
case path == "/api/session/started-at":
api.showStartedAt(w, r)
case strings.HasPrefix(path, "/api/session/ble"):
api.showBle(w, r)
case strings.HasPrefix(path, "/api/session/wifi"):
api.showWiFi(w, r)
default:
http.Error(w, "Not Found", 404)
}
}
func (api *RestAPI) eventsRoute(w http.ResponseWriter, r *http.Request) {
api.setSecurityHeaders(w)
if !api.checkAuth(r) {
setAuthFailed(w, r)
return
}
if r.Method == "GET" {
api.showEvents(w, r)
} else if r.Method == "DELETE" {
api.clearEvents(w, r)
} else {
http.Error(w, "Bad Request", 400)
}
}