github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-14 17:13:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bettercap/modules/net_sniff_http.go

50 lines
1.1 KiB
Go
Raw Blame History

package modules
import (
"fmt"
"github.com/evilsocket/bettercap-ng/core"
"regexp"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)
var httpRe = regexp.MustCompile("(?s).*(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH) (.+) HTTP/\\d\\.\\d.+Host: ([^\\s]+)")
var uaRe = regexp.MustCompile("(?s).*User-Agent: ([^\\n]+).+")
func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := tcp.Payload
dataSize := len(data)
if dataSize < 20 {
return false
}
m := httpRe.FindSubmatch(data)
if len(m) != 4 {
return false
}
ua := ""
mu := uaRe.FindSubmatch(data)
if len(mu) == 2 {
ua = string(mu[1])
}
url := fmt.Sprintf("%s", core.Yellow(string(m[3])))
if tcp.DstPort != 80 {
url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
}
url += fmt.Sprintf("%s", string(m[2]))
SniffPrinter("[%s] %s %s %s %s %s\n",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP),
core.W(core.BG_LBLUE+core.FG_BLACK, vURL(string(m[1]))),
vURL(url),
core.Dim(ua))
return true
}
Reference in a new issue View git blame Copy permalink