github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-20 13:33:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

new: any.proxy.src_port now supports multiple ports and port ranges (closes #845)

Browse source
This commit is contained in:
Simone Margaritelli 2021-03-14 16:03:09 +01:00
commit ff91392866
1 changed files with 73 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

98
modules/any_proxy/any_proxy.go
View file

@ -1,13 +1,19 @@
package any_proxy package any_proxy
import ( import (
"fmt"
"github.com/bettercap/bettercap/firewall" "github.com/bettercap/bettercap/firewall"
"github.com/bettercap/bettercap/session" "github.com/bettercap/bettercap/session"
"github.com/evilsocket/islazy/str"
"strconv"
"strings"
) )
type AnyProxy struct { type AnyProxy struct {
session.SessionModule session.SessionModule
Redirection *firewall.Redirection // not using map[int]*firewall.Redirection to preserve order
ports []int
redirections []*firewall.Redirection
} }
func NewAnyProxy(s *session.Session) *AnyProxy { func NewAnyProxy(s *session.Session) *AnyProxy {
@ -25,9 +31,11 @@ func NewAnyProxy(s *session.Session) *AnyProxy {
"(TCP|UDP)", "(TCP|UDP)",
"Proxy protocol.")) "Proxy protocol."))
mod.AddParam(session.NewIntParameter("any.proxy.src_port", mod.AddParam(session.NewStringParameter("any.proxy.src_port",
"80", "80",
"Remote port to redirect when the module is activated.")) "",
"Remote port to redirect when the module is activated, "+
"also supported a comma separated list of ports and/or port-ranges."))
mod.AddParam(session.NewStringParameter("any.proxy.src_address", mod.AddParam(session.NewStringParameter("any.proxy.src_address",
"", "",
@ -72,7 +80,7 @@ func (mod *AnyProxy) Author() string {
func (mod *AnyProxy) Configure() error { func (mod *AnyProxy) Configure() error {
var err error var err error
var srcPort int var srcPorts string
var dstPort int var dstPort int
var iface string var iface string
var protocol string var protocol string
@ -85,8 +93,6 @@ func (mod *AnyProxy) Configure() error {
return err return err
} else if err, protocol = mod.StringParam("any.proxy.protocol"); err != nil { } else if err, protocol = mod.StringParam("any.proxy.protocol"); err != nil {
return err return err
} else if err, srcPort = mod.IntParam("any.proxy.src_port"); err != nil {
return err
} else if err, dstPort = mod.IntParam("any.proxy.dst_port"); err != nil { } else if err, dstPort = mod.IntParam("any.proxy.dst_port"); err != nil {
return err return err
} else if err, srcAddress = mod.StringParam("any.proxy.src_address"); err != nil { } else if err, srcAddress = mod.StringParam("any.proxy.src_address"); err != nil {
@ -95,27 +101,71 @@ func (mod *AnyProxy) Configure() error {
return err return err
} }
if err, srcPorts = mod.StringParam("any.proxy.src_port"); err != nil {
return err
} else {
var ports []int
// srcPorts can be a single port, a list of ports or a list of ranges, or a mix.
for _, token := range str.Comma(str.Trim(srcPorts)) {
if p, err := strconv.Atoi(token); err == nil {
// simple case, integer port
ports = append(ports, p)
} else if strings.Contains(token, "-") {
// port range
if parts := strings.Split(token, "-"); len(parts) == 2 {
if from, err := strconv.Atoi(str.Trim(parts[0])); err != nil {
return fmt.Errorf("invalid start port %s: %s", parts[0], err)
} else if from < 1 || from > 65535 {
return fmt.Errorf("port %s out of valid range", parts[0])
} else if to, err := strconv.Atoi(str.Trim(parts[1])); err != nil {
return fmt.Errorf("invalid end port %s: %s", parts[1], err)
} else if to < 1 || to > 65535 {
return fmt.Errorf("port %s out of valid range", parts[1])
} else if from > to {
return fmt.Errorf("start port should be lower than end port")
} else {
for p := from; p <= to; p++ {
ports = append(ports, p)
}
}
} else {
return fmt.Errorf("can't parse '%s' as range", token)
}
} else {
return fmt.Errorf("can't parse '%s' as port or range", token)
}
}
// after parsing and validation, create a redirection per source port
mod.ports = ports
mod.redirections = nil
for _, port := range mod.ports {
redir := firewall.NewRedirection(iface,
protocol,
port,
dstAddress,
dstPort)
if srcAddress != "" {
redir.SrcAddress = srcAddress
}
mod.redirections = append(mod.redirections, redir)
}
}
if !mod.Session.Firewall.IsForwardingEnabled() { if !mod.Session.Firewall.IsForwardingEnabled() {
mod.Info("Enabling forwarding.") mod.Info("Enabling forwarding.")
mod.Session.Firewall.EnableForwarding(true) mod.Session.Firewall.EnableForwarding(true)
} }
mod.Redirection = firewall.NewRedirection(iface, for _, redir := range mod.redirections {
protocol, if err := mod.Session.Firewall.EnableRedirection(redir, true); err != nil {
srcPort, return err
dstAddress, }
dstPort) mod.Info("applied redirection %s", redir.String())
if srcAddress != "" {
mod.Redirection.SrcAddress = srcAddress
} }
if err := mod.Session.Firewall.EnableRedirection(mod.Redirection, true); err != nil {
return err
}
mod.Info("Applied redirection %s", mod.Redirection.String())
return nil return nil
} }
@ -128,13 +178,11 @@ func (mod *AnyProxy) Start() error {
} }
func (mod *AnyProxy) Stop() error { func (mod *AnyProxy) Stop() error {
if mod.Redirection != nil { for _, redir := range mod.redirections {
mod.Info("Disabling redirection %s", mod.Redirection.String()) mod.Info("disabling redirection %s", redir.String())
if err := mod.Session.Firewall.EnableRedirection(mod.Redirection, false); err != nil { if err := mod.Session.Firewall.EnableRedirection(redir, false); err != nil {
return err return err
} }
mod.Redirection = nil
} }
return mod.SetRunning(false, func() {}) return mod.SetRunning(false, func() {})
} }