From ee8fe972e045919dc620b1210f8cc2224f1cfe13 Mon Sep 17 00:00:00 2001 From: evilsocket Date: Thu, 14 Mar 2019 18:33:26 +0100 Subject: [PATCH] new: hid.sniff will now hexdump sniffed payloads (closes #490) --- modules/hid/hid.go | 4 +++- modules/hid/hid_inject.go | 2 +- modules/hid/hid_recon.go | 6 ++++-- modules/hid/hid_sniff.go | 18 +++++++++++++++--- 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/modules/hid/hid.go b/modules/hid/hid.go index cadb19c0..e0c9b6a4 100644 --- a/modules/hid/hid.go +++ b/modules/hid/hid.go @@ -32,6 +32,7 @@ type HIDRecon struct { sniffType string pingPayload []byte inSniffMode bool + sniffSilent bool inPromMode bool inInjectMode bool keyLayout string @@ -58,6 +59,7 @@ func NewHIDRecon(s *session.Session) *HIDRecon { inSniffMode: false, inPromMode: false, inInjectMode: false, + sniffSilent: true, pingPayload: []byte{0x0f, 0x0f, 0x0f, 0x0f}, keyLayout: "US", scriptPath: "", @@ -85,7 +87,7 @@ func NewHIDRecon(s *session.Session) *HIDRecon { sniff := session.NewModuleHandler("hid.sniff ADDRESS", `(?i)^hid\.sniff ([a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}|clear)$`, "Start sniffing a specific ADDRESS in order to collect payloads, use 'clear' to stop collecting.", func(args []string) error { - return mod.setSniffMode(args[0]) + return mod.setSniffMode(args[0], false) }) sniff.Complete("hid.sniff", s.HIDCompleter) diff --git a/modules/hid/hid_inject.go b/modules/hid/hid_inject.go index 4a0c2ca9..d947c856 100644 --- a/modules/hid/hid_inject.go +++ b/modules/hid/hid_inject.go @@ -18,7 +18,7 @@ func (mod *HIDRecon) isInjecting() bool { } func (mod *HIDRecon) setInjectionMode(address string) error { - if err := mod.setSniffMode(address); err != nil { + if err := mod.setSniffMode(address, true); err != nil { return err } else if address == "clear" { mod.inInjectMode = false diff --git a/modules/hid/hid_recon.go b/modules/hid/hid_recon.go index 1d081903..0447b377 100644 --- a/modules/hid/hid_recon.go +++ b/modules/hid/hid_recon.go @@ -42,11 +42,13 @@ func (mod *HIDRecon) onDeviceDetected(buf []byte) { if isNew, dev := mod.Session.HID.AddIfNew(addr, mod.channel, payload); isNew { // sniff for a while in order to detect the device type go func() { - if err := mod.setSniffMode(dev.Address); err == nil { + prevSilent := mod.sniffSilent + + if err := mod.setSniffMode(dev.Address, true); err == nil { mod.Debug("detecting device type ...") defer func() { mod.sniffLock.Unlock() - mod.setSniffMode("clear") + mod.setSniffMode("clear", prevSilent) }() // make sure nobody can sniff to another // address until we're not done here... diff --git a/modules/hid/hid_sniff.go b/modules/hid/hid_sniff.go index bc77886e..81c19718 100644 --- a/modules/hid/hid_sniff.go +++ b/modules/hid/hid_sniff.go @@ -3,12 +3,15 @@ package hid import ( + "encoding/hex" "fmt" "time" "github.com/bettercap/bettercap/network" "github.com/bettercap/nrf24" + + "github.com/evilsocket/islazy/str" "github.com/evilsocket/islazy/tui" ) @@ -16,7 +19,7 @@ func (mod *HIDRecon) isSniffing() bool { return mod.sniffAddrRaw != nil } -func (mod *HIDRecon) setSniffMode(mode string) error { +func (mod *HIDRecon) setSniffMode(mode string, silent bool) error { if !mod.Running() { return fmt.Errorf("please turn hid.recon on") } @@ -24,11 +27,13 @@ func (mod *HIDRecon) setSniffMode(mode string) error { mod.sniffLock.Lock() defer mod.sniffLock.Unlock() + mod.sniffSilent = silent mod.inSniffMode = false if mode == "clear" { mod.Debug("restoring recon mode") mod.sniffAddrRaw = nil mod.sniffAddr = "" + mod.sniffSilent = true } else { if err, raw := nrf24.ConvertAddress(mode); err != nil { return err @@ -73,13 +78,20 @@ func (mod *HIDRecon) doPing() { func (mod *HIDRecon) onSniffedBuffer(buf []byte) { if sz := len(buf); sz > 0 && buf[0] == 0x00 { buf = buf[1:] - mod.Debug("sniffed payload %x for %s", buf, mod.sniffAddr) + lf := mod.Info + if mod.sniffSilent { + lf = mod.Debug + } + lf("payload for %s : %s", tui.Bold(mod.sniffAddr), str.Trim(hex.Dump(buf))) if dev, found := mod.Session.HID.Get(mod.sniffAddr); found { dev.LastSeen = time.Now() dev.AddPayload(buf) dev.AddChannel(mod.channel) } else { - mod.Warning("got a payload for unknown device %s", mod.sniffAddr) + if lf = mod.Warning; mod.sniffSilent == false { + lf = mod.Debug + } + lf("got a payload for unknown device %s", mod.sniffAddr) } } }