github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-22 14:24:38 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated logs for rdp proxy

Browse source
This commit is contained in:
Pourliver 2019-05-08 14:57:37 -04:00
commit f5fd205f7b
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/rdp_proxy/rdp_proxy_linux_amd64.go
View file

@ -47,7 +47,7 @@ func NewRdpProxy(s *session.Session) *RdpProxy {
port: 3389, port: 3389,
startPort: 40000, startPort: 40000,
cmd: "pyrdp-mitm.py", cmd: "pyrdp-mitm.py",
regexp: "(?i)(cookie:|mstshash=|username|password|clipboard data)", regexp: "(?i)(cookie:|mstshash=|clipboard data|client info|username|password)",
active: make(map[string]exec.Cmd), active: make(map[string]exec.Cmd),
} }
@ -67,7 +67,7 @@ mod.AddParam(session.NewIntParameter("rdp.proxy.start", "40000", "Starting port
mod.AddParam(session.NewStringParameter("rdp.proxy.command", "pyrdp-mitm.py", "", "The PyRDP base command to launch the man-in-the-middle.")) mod.AddParam(session.NewStringParameter("rdp.proxy.command", "pyrdp-mitm.py", "", "The PyRDP base command to launch the man-in-the-middle."))
mod.AddParam(session.NewStringParameter("rdp.proxy.out", "./", "", "The output directory for PyRDP artifacts.")) mod.AddParam(session.NewStringParameter("rdp.proxy.out", "./", "", "The output directory for PyRDP artifacts."))
mod.AddParam(session.NewStringParameter("rdp.proxy.targets", session.ParamSubnet, "", "Comma separated list of IP addresses to proxy to, also supports nmap style IP ranges.")) mod.AddParam(session.NewStringParameter("rdp.proxy.targets", session.ParamSubnet, "", "Comma separated list of IP addresses to proxy to, also supports nmap style IP ranges."))
mod.AddParam(session.NewStringParameter("rdp.proxy.regexp", "(?i)(cookie:|mstshash=|username|password|clipboard data)", "", "Print PyRDP logs matching this regular expression.")) mod.AddParam(session.NewStringParameter("rdp.proxy.regexp", "(?i)(cookie:|mstshash=|clipboard data|client info|username|password)", "", "Print PyRDP logs matching this regular expression."))
return mod return mod
} }
@ -227,10 +227,9 @@ func (mod *RdpProxy) handleRdpConnection(payload *nfqueue.Payload) int {
src, sport := p.NetworkLayer().NetworkFlow().Src(), p.TransportLayer().TransportFlow().Src() src, sport := p.NetworkLayer().NetworkFlow().Src(), p.TransportLayer().TransportFlow().Src()
dst, dport := p.NetworkLayer().NetworkFlow().Dst(), p.TransportLayer().TransportFlow().Dst() dst, dport := p.NetworkLayer().NetworkFlow().Dst(), p.TransportLayer().TransportFlow().Dst()
if mod.isTarget(dst.String()) {
// TODO: Don't log here and connect a pipe to the process instead.
ips := fmt.Sprintf("[%v:%v -> %v:%v]", src, sport, dst, dport) ips := fmt.Sprintf("[%v:%v -> %v:%v]", src, sport, dst, dport)
mod.Info("CONNECT %v", ips)
if mod.isTarget(dst.String()) {
target := fmt.Sprintf("%v:%v", dst, dport) target := fmt.Sprintf("%v:%v", dst, dport)
// 2. Check if the destination IP already has a PyRDP session active, if so, do nothing. // 2. Check if the destination IP already has a PyRDP session active, if so, do nothing.
@ -260,7 +259,7 @@ func (mod *RdpProxy) handleRdpConnection(payload *nfqueue.Payload) int {
mod.startPort += 1 mod.startPort += 1
} }
} else { } else {
mod.Info("Non-target, won't intercept [%s:%v -> %v:%v]", src, sport, dst, dport) mod.Info("Non-target, won't intercept %s", ips)
// Add an exception in the firewall to avoid intercepting packets to this destination and port // Add an exception in the firewall to avoid intercepting packets to this destination and port
mod.doReturn(dst.String(), dport, true) mod.doReturn(dst.String(), dport, true)