RubyGems - bettercap - Versions diffs - 1.1.0 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

checksums.yaml +7 -0
data/LICENSE +225 -0
data/README.md +96 -0
data/bettercap.gemspec +28 -0
data/bin/bettercap +184 -0
data/example_proxy_module.rb +21 -0
data/lib/bettercap/base/ifirewall.rb +28 -0
data/lib/bettercap/base/ispoofer.rb +24 -0
data/lib/bettercap/context.rb +124 -0
data/lib/bettercap/discovery/arp.rb +37 -0
data/lib/bettercap/discovery/icmp.rb +37 -0
data/lib/bettercap/discovery/syn.rb +88 -0
data/lib/bettercap/discovery/udp.rb +74 -0
data/lib/bettercap/error.rb +16 -0
data/lib/bettercap/factories/firewall_factory.rb +32 -0
data/lib/bettercap/factories/parser_factory.rb +53 -0
data/lib/bettercap/factories/spoofer_factory.rb +36 -0
data/lib/bettercap/firewalls/linux.rb +55 -0
data/lib/bettercap/firewalls/osx.rb +70 -0
data/lib/bettercap/hw-prefixes +19651 -0
data/lib/bettercap/logger.rb +53 -0
data/lib/bettercap/monkey/packetfu/utils.rb +96 -0
data/lib/bettercap/network.rb +131 -0
data/lib/bettercap/proxy/module.rb +39 -0
data/lib/bettercap/proxy/proxy.rb +262 -0
data/lib/bettercap/proxy/request.rb +77 -0
data/lib/bettercap/proxy/response.rb +76 -0
data/lib/bettercap/shell.rb +31 -0
data/lib/bettercap/sniffer/parsers/base.rb +31 -0
data/lib/bettercap/sniffer/parsers/ftp.rb +19 -0
data/lib/bettercap/sniffer/parsers/httpauth.rb +45 -0
data/lib/bettercap/sniffer/parsers/https.rb +36 -0
data/lib/bettercap/sniffer/parsers/irc.rb +19 -0
data/lib/bettercap/sniffer/parsers/mail.rb +19 -0
data/lib/bettercap/sniffer/parsers/ntlmss.rb +38 -0
data/lib/bettercap/sniffer/parsers/post.rb +24 -0
data/lib/bettercap/sniffer/parsers/url.rb +28 -0
data/lib/bettercap/sniffer/sniffer.rb +39 -0
data/lib/bettercap/spoofers/arp.rb +130 -0
data/lib/bettercap/spoofers/none.rb +23 -0
data/lib/bettercap/target.rb +52 -0
data/lib/bettercap/version.rb +14 -0
metadata +129 -0

data/lib/bettercap/proxy/request.rb ADDED Viewed

@@ -0,0 +1,77 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+module Proxy
+class Request
+  attr_reader :lines, :verb, :url, :host, :port, :content_length
+  def initialize
+    @lines  = []
+    @verb   = nil
+    @url    = nil
+    @host   = nil
+    @port   = 80
+    @content_length = 0
+  end
+  def <<(line)
+    line = line.chomp
+    # is this the first line '<VERB> <URI> HTTP/<VERSION>' ?
+    if @url.nil? and line =~ /^(\w+)\s+(\S+)\s+HTTP\/[\d\.]+\s*$/
+      @verb    = $1
+      @url     = $2
+      # fix url
+      if @url.include? '://'
+        uri = URI::parse @url
+        @url = "#{uri.path}" + ( uri.query ? "?#{uri.query}" : "" )
+      end
+      line = "#{@verb} #{url} HTTP/1.0"
+      # get the host header value
+    elsif line =~ /^Host: (.*)$/
+      @host = $1
+      if host =~ /([^:]*):([0-9]*)$/
+        @host = $1
+        @port = $2.to_i
+      end
+      # parse content length, this will speed up data streaming
+    elsif line =~ /^Content-Length:\s+(\d+)\s*$/i
+      @content_length = $1.to_i
+        # we don't want to have hundreds of threads running
+      elsif line =~ /Connection: keep-alive/i
+        line = 'Connection: close'
+        # disable gzip, chunked, etc encodings
+      elsif line =~ /^Accept-Encoding:.*/i
+        line = 'Accept-Encoding: identity'
+      end
+      @lines << line
+    end
+    def is_post?
+      return @verb == 'POST'
+    end
+    def to_s
+      return @lines.join("\n") + "\n"
+    end
+  end
+end

data/lib/bettercap/proxy/response.rb ADDED Viewed

@@ -0,0 +1,76 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+module Proxy
+class Response
+  attr_reader :content_type, :content_length, :headers, :code, :headers_done
+  attr_accessor :body
+  def initialize
+    @content_type = nil
+    @content_length = nil
+    @body = ''
+    @code = nil
+    @headers = []
+    @headers_done = false
+  end
+  def <<(line)
+    # we already parsed the heders, collect response body
+    if @headers_done
+      @body += line
+    else
+      # parse the response status
+      if @code.nil? and line =~ /^HTTP\/[\d\.]+\s+(.+)/
+        @code = $1.chomp
+        # parse the content type
+      elsif line =~ /^Content-Type: ([^;]+).*/i
+        @content_type = $1.chomp
+        # parse content length
+      elsif line =~ /^Content-Length:\s+(\d+)\s*$/i
+        @content_length = $1.to_i
+        # last line, we're done with the headers
+      elsif line.chomp == ""
+        @headers_done = true
+      end
+      @headers << line.chomp
+    end
+  end
+  def is_textual?
+    @content_type and ( @content_type =~ /^text\/.+/ or @content_type =~ /^application\/.+/ )
+  end
+  def to_s
+    if is_textual?
+      @headers.map! do |header|
+        # update content length in case the body was
+        # modified
+        if header =~ /Content-Length:\s*(\d+)/i
+          "Content-Length: #{@body.size}"
+        else
+          header
+        end
+      end
+    end
+    @headers.join("\n") + "\n" + @body
+  end
+end
+end

data/lib/bettercap/shell.rb ADDED Viewed

@@ -0,0 +1,31 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/error'
+module Shell
+  class << self
+    #return the output of command
+    def execute(command)
+      r=%x(#{command})
+      if $? != 0
+        raise BetterCap::Error, "Error, executing #{command}"
+      end
+      return r
+    end
+    def ifconfig(iface = '')
+      self.execute( "LANG=en && ifconfig #{iface}" )
+    end
+    def arp
+      self.execute( 'LANG=en && arp -a' )
+    end
+  end
+end

data/lib/bettercap/sniffer/parsers/base.rb ADDED Viewed

@@ -0,0 +1,31 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/logger'
+require 'colorize'
+class BaseParser
+    def initialize
+        @filters = []
+        @name = 'BASE'
+    end
+    def on_packet( pkt )
+        s = pkt.to_s
+        @filters.each do |filter|
+            if s =~ filter
+                Logger.write "[#{pkt.ip_saddr}:#{pkt.tcp_src} > #{pkt.ip_daddr}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
+                             "[#{@name}] ".green +
+                             pkt.payload.strip.yellow
+            end
+        end
+    end
+end

data/lib/bettercap/sniffer/parsers/ftp.rb ADDED Viewed

@@ -0,0 +1,19 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+class FtpParser < BaseParser
+    def initialize
+        @filters = [ /(USER|PASS)\s+.+/ ]
+        @name = 'FTP'
+    end
+end

data/lib/bettercap/sniffer/parsers/httpauth.rb ADDED Viewed

@@ -0,0 +1,45 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+require 'colorize'
+require 'base64'
+class HttpauthParser < BaseParser
+  def on_packet( pkt )
+    lines = pkt.to_s.split("\n")
+    hostname = nil
+    path = nil
+    lines.each do |line|
+      if line =~ /[A-Z]+\s+(\/[^\s]+)\s+HTTP\/\d\.\d/
+        path = $1
+      elsif line =~ /Host:\s*([^\s]+)/i
+        hostname = $1
+      elsif line =~ /Authorization:\s*Basic\s+([^\s]+)/i
+        encoded = $1
+        decoded = Base64.decode64(encoded)
+        user, pass = decoded.split(':')
+        Logger.write "[#{pkt.ip_saddr}:#{pkt.tcp_src} > #{pkt.ip_daddr}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
+          '[HTTP BASIC AUTH]'.green + " http://#{hostname}#{path} - username=#{user} password=#{pass}".yellow
+      elsif line =~ /Authorization:\s*Digest\s+(.+)/i
+         Logger.write "[#{pkt.ip_saddr}:#{pkt.tcp_src} > #{pkt.ip_daddr}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
+          '[HTTP DIGEST AUTH]'.green + " http://#{hostname}#{path}\n#{$1}".yellow
+      end
+    end
+  end
+end

data/lib/bettercap/sniffer/parsers/https.rb ADDED Viewed

@@ -0,0 +1,36 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+require 'colorize'
+require 'resolv'
+class HttpsParser < BaseParser
+    def on_packet( pkt )
+        begin
+          if pkt.tcp_dst == 443
+            # the DNS resolution could take a while and block other parsers.
+            Thread.new do
+              begin
+                  hostname = Resolv.getname pkt.ip_daddr
+              rescue
+                  hostname = pkt.ip_daddr.to_s
+              end
+              Logger.write "[#{pkt.ip_saddr}:#{pkt.tcp_src} > #{pkt.ip_daddr}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
+                           '[HTTPS] '.green +
+                           "https://#{hostname}/".yellow
+            end
+          end
+        rescue
+        end
+    end
+end

data/lib/bettercap/sniffer/parsers/irc.rb ADDED Viewed

@@ -0,0 +1,19 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+class IrcParser < BaseParser
+    def initialize
+        @filters = [ /NICK\s+.+/, /NS IDENTIFY\s+.+/, /nickserv :identify\s+.+/ ]
+        @name = 'IRC'
+    end
+end

data/lib/bettercap/sniffer/parsers/mail.rb ADDED Viewed

@@ -0,0 +1,19 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+class MailParser < BaseParser
+    def initialize
+        @filters = [ /(\d+ )?(auth|authenticate) (login|plain)/i, /(\d+ )?login/i ]
+        @name = 'MAIL'
+    end
+end

data/lib/bettercap/sniffer/parsers/ntlmss.rb ADDED Viewed

@@ -0,0 +1,38 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+require 'colorize'
+class NtlmssParser < BaseParser
+    def bin2hex( data )
+        hex = ''
+        data.each_byte do |byte|
+            if /[[:print:]]/ === byte.chr
+                hex += byte.chr
+            else
+                hex += "\\x" + byte.to_s(16)
+            end
+        end
+        hex
+    end
+    def on_packet( pkt )
+        s = pkt.to_s
+        if s =~ /NTLMSSP\x00\x03\x00\x00\x00.+/
+            # TODO: Parse NTLMSSP packet.
+            Logger.write "[#{pkt.ip_saddr} > #{pkt.ip_daddr} #{pkt.proto.last}] " +
+                         '[NTLMSS] '.green +
+                         bin2hex( pkt.payload ).yellow
+        end
+    end
+end

data/lib/bettercap/sniffer/parsers/post.rb ADDED Viewed

@@ -0,0 +1,24 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+require 'colorize'
+class PostParser < BaseParser
+    def on_packet( pkt )
+        s = pkt.to_s
+        if s =~ /POST\s+[^\s]+\s+HTTP.+/
+            Logger.write "[#{pkt.ip_saddr}:#{pkt.tcp_src} > #{pkt.ip_daddr}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
+                         "[POST]\n".green +
+                         pkt.payload.strip.yellow
+        end
+    end
+end

data/lib/bettercap/sniffer/parsers/url.rb ADDED Viewed

@@ -0,0 +1,28 @@
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+require 'bettercap/sniffer/parsers/base'
+require 'colorize'
+class UrlParser < BaseParser
+    def on_packet( pkt )
+        s = pkt.to_s
+        if s =~ /GET\s+([^\s]+)\s+HTTP.+Host:\s+([^\s]+).+/m
+            host = $2
+            url = $1
+            if not url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
+                Logger.write "[#{pkt.ip_saddr}:#{pkt.tcp_src} > #{pkt.ip_daddr}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
+                             '[GET] '.green +
+                             "http://#{host}#{url}".yellow
+            end
+        end
+    end
+end

bettercap 1.1.0