bettercap 1.1.3 → 1.1.4

data/lib/bettercap/proxy/certstore.rb

@@ -0,0 +1,68 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/logger'
+require 'openssl'
+
+module Proxy
+  class CertStore
+    @@selfsigned = {}
+    @@frompems = {}
+
+    def self.from_file( filename )
+      if !@@frompems.has_key? filename
+        Logger.info "Loading self signed HTTPS certificate from '#{filename}' ..."
+
+        pem = File.read filename
+
+        @@frompems[filename] = { :cert => OpenSSL::X509::Certificate.new(pem), :key => OpenSSL::PKey::RSA.new(pem) }
+      end
+
+      @@frompems[filename]
+    end
+
+    # TODO: Put a better default subject here!
+    def self.get_selfsigned( subject = '/C=BE/O=Test/OU=Test/CN=Test' )
+      if !@@selfsigned.has_key? subject
+        Logger.info "Generating self signed HTTPS certificate for subject '#{subject}' ..."
+
+        key = OpenSSL::PKey::RSA.new(2048)
+        public_key = key.public_key
+
+        cert = OpenSSL::X509::Certificate.new
+        cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+        cert.not_before = Time.now
+        cert.not_after = Time.now + 365 * 24 * 60 * 60
+        cert.public_key = public_key
+        cert.serial = 0x0
+        cert.version = 2
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+            ef.create_extension("basicConstraints","CA:TRUE", true),
+            ef.create_extension("subjectKeyIdentifier", "hash"),
+            ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
+        ]
+        cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                               "keyid:always,issuer:always")
+
+        cert.sign key, OpenSSL::Digest::SHA256.new
+
+        @@selfsigned[subject] = { :cert => cert, :key => key }
+      end
+
+      @@selfsigned[subject]
+    end
+  end
+
+end

data/lib/bettercap/proxy/proxy.rb

@@ -19,10 +19,14 @@ require 'bettercap/network'
 module Proxy
 
 class Proxy
-  def initialize address, port, &processor
+  def initialize( address, port, is_https, processor )
     @socket      = nil
     @address     = address
     @port        = port
+    @is_https    = is_https
+    @type        = is_https ? 'HTTPS' : 'HTTP'
+    @sslserver   = nil
+    @sslcontext  = nil
     @main_thread = nil
     @running     = false
     @processor   = processor
@@ -31,7 +35,7 @@ class Proxy
     begin
       @local_ips = Socket.ip_address_list.collect { |x| x.ip_address }
     rescue
-      Logget.warn 'Could not get local ips using Socket module, using Network.get_local_ips method.'
+      Logger.warn 'Could not get local ips using Socket module, using Network.get_local_ips method.'
 
       @local_ips = Network.get_local_ips
     end
@@ -40,16 +44,27 @@ class Proxy
   def start
     begin
       @socket = TCPServer.new( @address, @port )
+
+      if @is_https
+        cert = Context.get.certificate
+
+        @sslcontext      = OpenSSL::SSL::SSLContext.new
+        @sslcontext.cert = cert[:cert]
+        @sslcontext.key  = cert[:key]
+
+        @sslserver = OpenSSL::SSL::SSLServer.new( @socket, @sslcontext )
+      end
+
       @main_thread = Thread.new &method(:server_thread)
     rescue Exception => e
-      Logger.error "Error starting proxy: #{e.inspect}"
+      Logger.error "Error starting #{@type} proxy: #{e.inspect}"
       @socket.close unless @socket.nil?
     end
   end
 
   def stop
     begin
-      Logger.info 'Stopping proxy ...'
+      Logger.info "Stopping #{@type} proxy ..."
 
       if @socket and @running
         @running = false
@@ -61,25 +76,37 @@ class Proxy
 
   private
 
+  def async_accept
+    if @is_https
+      begin
+        Thread.new @sslserver.accept, &method(:client_thread)
+      rescue Exception => e
+        Logger.warn "Error while accepting #{@type} connection: #{e.inspect}"
+      end
+    else
+      Thread.new @socket.accept, &method(:client_thread)
+    end
+  end
+
   def server_thread
-    Logger.info "Proxy started on #{@address}:#{@port} ...\n"
+    Logger.info "#{@type} Proxy started on #{@address}:#{@port} ...\n"
 
     @running = true
 
     begin
       while @running do
-        Thread.new @socket.accept, &method(:client_thread)
+        async_accept
       end
     rescue Exception => e
       if @running
-        Logger.warn "Error while accepting connection: #{e.inspect}"
+        Logger.error "Error while accepting #{@type} connection: #{e.inspect}"
       end
     ensure
       @socket.close unless @socket.nil?
     end
   end
 
-  def binary_streaming from, to, opts = {}
+  def binary_streaming( from, to, opts = {} )
 
     total_size = 0
 
@@ -125,8 +152,8 @@ class Proxy
     end
   end
 
-  def html_streaming request, response, from, to
-    buff = ""
+  def html_streaming( request, response, from, to )
+    buff = ''
     loop do
       from.read 1024, buff
 
@@ -141,12 +168,12 @@ class Proxy
     to.write response.to_s
   end
 
-  def log_stream client, request, response
+  def log_stream( client, request, response )
     client_s   = "[#{client}]"
     verb_s     = request.verb
-    request_s  = "http://#{request.host}#{request.url}"
+    request_s  = "#{@is_https ? 'https' : 'http'}://#{request.host}#{request.url}"
     response_s = "( #{response.content_type} )"
-    request_s  = request_s.slice(0..50) + "..." unless request_s.length <= 50
+    request_s  = request_s.slice(0..50) + '...' unless request_s.length <= 50
 
     verb_s = verb_s.light_blue
 
@@ -165,36 +192,56 @@ class Proxy
     Logger.write "#{client_s} #{verb_s} #{request_s} #{response_s}"
   end
 
-  def is_self_request? request
+  def is_self_request?(request)
     @local_ips.include? IPSocket.getaddress(request.host)
   end
 
-  def rickroll_lamer client
+  def rickroll_lamer(client)
     client.write "HTTP/1.1 302 Found\n"
     client.write "Location: https://www.youtube.com/watch?v=dQw4w9WgXcQ\n\n"
   end
 
-  def client_thread client
-    client_port, client_ip = Socket.unpack_sockaddr_in(client.getpeername)
-    Logger.debug "New connection from #{client_ip}:#{client_port}"
+  def create_upstream_connection( request )
+    if @is_https
+      sock = TCPSocket.new( request.host, request.port )
 
-    server = nil
-    request = Request.new
+      ctx = OpenSSL::SSL::SSLContext.new
 
-    begin
-      # read the first line
-      request << client.readline
-
-      loop do
-        line = client.readline
-        request << line
+      # do we need this? :P ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_PEER)
 
-        if line.chomp == ""
-          break
-        end
+      socket = OpenSSL::SSL::SSLSocket.new(sock, ctx).tap do |socket|
+        socket.sync_close = true
+        socket.connect
       end
 
-      raise "Couldn't extract host from the request." unless request.host
+      socket
+    else
+      TCPSocket.new( request.host, request.port )
+    end
+  end
+
+  def get_client_details( client )
+    if !@is_https
+      client_port, client_ip = Socket.unpack_sockaddr_in(client.getpeername)
+    else
+      _, client_port, _, client_ip = client.peeraddr
+    end
+
+    [ client_ip, client_port ]
+  end
+
+  def client_thread( client )
+    client_ip, client_port = get_client_details client
+
+    Logger.debug "New #{@type} connection from #{client_ip}:#{client_port}"
+
+    server = nil
+    request = Request.new @is_https ? 443 : 80
+
+    begin
+      Logger.debug 'Reading request ...'
+
+      request.read client
 
       # someone is having fun with us =)
       if is_self_request? request
@@ -203,9 +250,15 @@ class Proxy
 
         rickroll_lamer client
 
+      elsif request.verb == 'CONNECT'
+
+        Logger.error "You're using bettercap as a normal HTTP(S) proxy, it wasn't designed to handle CONNECT requests:\n\n#{request.to_s}"
+
       else
 
-        server = TCPSocket.new( request.host, request.port )
+        Logger.debug 'Creating upstream connection ...'
+
+        server = create_upstream_connection request
 
         server.write request.to_s
 
@@ -218,16 +271,7 @@ class Proxy
 
         Logger.debug 'Reading response ...'
 
-        response = Response.new
-
-        # read all response headers
-        loop do
-          line = server.readline
-
-          response << line
-
-          break unless not response.headers_done
-        end
+        response = Response.from_socket server
 
         if response.textual?
           log_stream client_ip, request, response
@@ -243,7 +287,7 @@ class Proxy
           binary_streaming server, client, response: response
         end
 
-        Logger.debug "#{client_ip}:#{client_port} served."
+        Logger.debug "#{@type} client served."
       end
 
     rescue Exception => e

data/lib/bettercap/proxy/request.rb

@@ -15,18 +15,36 @@ module Proxy
 class Request
   attr_reader :lines, :verb, :url, :host, :port, :content_length
 
-  def initialize
+  def initialize( default_port = 80 )
     @lines  = []
     @verb   = nil
     @url    = nil
     @host   = nil
-    @port   = 80
+    @port   = default_port
     @content_length = 0
   end
 
+  def read(sock)
+    # read the first line
+    self << sock.readline
+
+    loop do
+      line = sock.readline
+      self << line
+
+      if line.chomp == ''
+        break
+      end
+    end
+
+    raise "Couldn't extract host from the request." unless @host
+  end
+
   def <<(line)
     line = line.chomp
 
+    Logger.debug "  REQUEST LINE: '#{line}'"
+
     # is this the first line '<VERB> <URI> HTTP/<VERSION>' ?
     if @url.nil? and line =~ /^(\w+)\s+(\S+)\s+HTTP\/[\d\.]+\s*$/
       @verb    = $1
@@ -35,13 +53,13 @@ class Request
       # fix url
       if @url.include? '://'
         uri = URI::parse @url
-        @url = "#{uri.path}" + ( uri.query ? "?#{uri.query}" : "" )
+        @url = "#{uri.path}" + ( uri.query ? "?#{uri.query}" : '' )
       end
 
       line = "#{@verb} #{url} HTTP/1.0"
 
     # get the host header value
-    elsif line =~ /^Host: (.*)$/
+    elsif line =~ /^Host:\s*(.*)$/
       @host = $1
       if host =~ /([^:]*):([0-9]*)$/
         @host = $1

data/lib/bettercap/proxy/response.rb

@@ -25,6 +25,21 @@ class Response
     @headers_done = false
   end
 
+  def self.from_socket(sock)
+    response = Response.new
+
+    # read all response headers
+    loop do
+      line = sock.readline
+
+      response << line
+
+      break unless not response.headers_done
+    end
+
+    response
+  end
+
   def <<(line)
     # we already parsed the heders, collect response body
     if @headers_done

data/lib/bettercap/sniffer/sniffer.rb

@@ -28,40 +28,38 @@ class Sniffer
     setup( ctx )
 
     @@cap.stream.each do |p|
-      append_packet p
-      parse_packet p
+      begin
+        parsed = Packet.parse p
+      rescue Exception => e
+        parsed = nil
+        Logger.debug e.message
+      end
+
+      if not parsed.nil? and parsed.is_ip? and !skip_packet?(parsed)
+        append_packet p
+        parse_packet parsed
+      end
     end
   end
 
   private
 
-  def self.parse_packet( p )
-    begin
-      pkt = Packet.parse p
-    rescue Exception => e
-      pkt = nil
-      Logger.debug e.message
-    end
+  def self.skip_packet?( pkt )
+    !@@ctx.options[:local] and
+        ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or
+            pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
+  end
 
-    if not pkt.nil? and pkt.is_ip?
-      if !skip_packet? pkt
-        @@parsers.each do |parser|
-          begin
-            parser.on_packet pkt
-          rescue Exception => e
-            Logger.warn e.message
-          end
-        end
+  def self.parse_packet( parsed )
+    @@parsers.each do |parser|
+      begin
+        parser.on_packet parsed
+      rescue Exception => e
+        Logger.warn e.message
       end
     end
   end
 
-  def self.skip_packet?( pkt )
-    !@@ctx.options[:local] and
-    ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or
-      pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
-  end
-
   def self.append_packet( p )
     begin
       @@pcap.array_to_file(

data/lib/bettercap/spoofers/arp.rb

@@ -22,6 +22,8 @@ class ArpSpoofer < ISpoofer
     @gw_hw        = nil
     @forwarding   = @ctx.firewall.forwarding_enabled?
     @spoof_thread = nil
+    @sniff_thread = nil
+    @capture      = nil
     @running      = false
 
     Logger.debug 'ARP SPOOFER SELECTED'
@@ -35,7 +37,7 @@ class ArpSpoofer < ISpoofer
     Logger.info "  Gateway : #{@ctx.gateway} ( #{@gw_hw} )"
   end
 
-  def send_spoofed_packed( saddr, smac, daddr, dmac )
+  def send_spoofed_packet( saddr, smac, daddr, dmac )
     pkt = PacketFu::ARPPacket.new
     pkt.eth_saddr = smac
     pkt.eth_daddr = dmac
@@ -51,7 +53,7 @@ class ArpSpoofer < ISpoofer
   def start
     stop() unless @running == false
 
-    Logger.info 'Starting ARP spoofer ...'
+    Logger.info "Starting ARP spoofer ( #{@ctx.options[:half_duplex] ? 'Half' : 'Full'} Duplex ) ..."
 
     if @forwarding == false
       Logger.debug 'Enabling packet forwarding.'
@@ -60,6 +62,36 @@ class ArpSpoofer < ISpoofer
     end
 
     @running = true
+    @sniff_thread = Thread.new do
+      Logger.info 'ARP watcher started ...'
+      begin
+      @capture = PacketFu::Capture.new(
+          iface: @ctx.options[:iface],
+          filter: 'arp',
+          start: true
+      )
+      rescue  Exception => e
+        Logger.error e.message
+      end
+      @capture.stream.each do |p|
+        begin
+          pkt = PacketFu::Packet.parse p
+          # we're only interested in 'who-has' packets
+          if pkt.arp_opcode == 1 and pkt.arp_dst_mac.to_s == '00:00:00:00:00:00'
+            is_from_us = ( pkt.arp_src_ip.to_s == @ctx.ifconfig[:ip_saddr] )
+
+            if !is_from_us
+              Logger.info "[ARP] #{pkt.arp_src_ip.to_s} is asking who #{pkt.arp_dst_ip.to_s} is."
+
+              send_spoofed_packet pkt.arp_dst_ip.to_s, @ctx.ifconfig[:eth_saddr], pkt.arp_src_ip.to_s, pkt.arp_src_mac.to_s
+            end
+          end
+        rescue Exception => e
+          Logger.error e.message
+        end
+      end
+    end
+
     @spoof_thread = Thread.new do
       prev_size = @ctx.targets.size
       loop do
@@ -95,8 +127,8 @@ class ArpSpoofer < ISpoofer
             end
           end
 
-          send_spoofed_packed @ctx.gateway,    @ctx.ifconfig[:eth_saddr], target.ip, target.mac
-          send_spoofed_packed target.ip, @ctx.ifconfig[:eth_saddr], @ctx.gateway,    @gw_hw
+          send_spoofed_packet( @ctx.gateway, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
+          send_spoofed_packet( target.ip, @ctx.ifconfig[:eth_saddr], @ctx.gateway, @gw_hw ) unless @ctx.options[:half_duplex]
         end
 
         prev_size = @ctx.targets.size
@@ -121,8 +153,8 @@ class ArpSpoofer < ISpoofer
 
     @ctx.targets.each do |target|
       if !target.mac.nil?
-        send_spoofed_packed @ctx.gateway,    @gw_hw,     target.ip, target.mac
-        send_spoofed_packed target.ip, target.mac, @ctx.gateway,    @gw_hw
+        send_spoofed_packet( @ctx.gateway, @gw_hw, target.ip, target.mac )
+        send_spoofed_packet( target.ip, target.mac, @ctx.gateway, @gw_hw ) unless @ctx.options[:half_duplex]
       end
     end
     sleep 1

data/lib/bettercap/target.rb

@@ -16,7 +16,7 @@ class Target
 
     @@prefixes = nil
 
-    def initialize( ip, mac )
+    def initialize( ip, mac=nil )
       @ip = ip
       @mac = mac
       @vendor = Target.lookup_vendor(mac) if not mac.nil?

data/lib/bettercap/version.rb

@@ -10,6 +10,6 @@ This project is released under the GPL 3 license.
 
 =end
 module BetterCap
-  VERSION = '1.1.3'
+  VERSION = '1.1.4'
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

data/lib/bettercap.rb

@@ -36,4 +36,5 @@ require 'bettercap/proxy/request'
 require 'bettercap/proxy/response'
 require 'bettercap/proxy/proxy'
 require 'bettercap/proxy/module'
+require 'bettercap/proxy/certstore'
 require 'bettercap/httpd/server'

data/test/factories/firewall_factory_test.rb

@@ -0,0 +1,54 @@
+require 'minitest/autorun'
+require 'factories/firewall_factory'
+
+class FirewallFactoryTest < MiniTest::Test
+  # TODO: Fix the tests for the Mac and Linux firewall initialization. Right now
+  # they are being created in a way which executes a shell command, causing
+  # tests to fail.
+
+  # def test_mac_firewall
+  #   FirewallFactory.clear_firewall
+  #
+  #   override_ruby_platform('darwin') do
+  #     firewall = FirewallFactory.get_firewall
+  #     assert_equal firewall.class, OSXFirewall
+  #   end
+  # end
+
+  # def test_linux_firewall
+  #   FirewallFactory.clear_firewall
+  #
+  #   override_ruby_platform('linux') do
+  #     firewall = FirewallFactory.get_firewall
+  #     assert_equal firewall.class, LinuxFirewall
+  #   end
+  # end
+
+  def test_unknown_firewall
+    FirewallFactory.clear_firewall
+
+    override_ruby_platform('ms') do
+      assert_raises BetterCap::Error do
+        FirewallFactory.get_firewall
+      end
+    end
+  end
+
+  private
+
+  def override_ruby_platform(platform)
+    actual_platform = RUBY_PLATFORM
+
+    begin
+      redefine_const :RUBY_PLATFORM, platform
+      yield
+    ensure
+      redefine_const :RUBY_PLATFORM, actual_platform
+    end
+  end
+
+  def redefine_const(const, value)
+    Object.send(:remove_const, const) if Object.const_defined?(const)
+    Object.const_set(const, value)
+  end
+end

data/test/factories/parser_factory_test.rb

@@ -0,0 +1,36 @@
+require 'minitest/autorun'
+require 'factories/parser_factory'
+
+class ParserFactoryTest < MiniTest::Test
+  def test_getting_available_parsers
+    available_parsers = ParserFactory.available
+    assert available_parsers.include?('FTP')
+  end
+
+  def test_successful_cmdline_parser_name
+    parsers = ParserFactory.from_cmdline('ftp,https')
+    assert_equal parsers, ['FTP', 'HTTPS']
+  end
+
+  def test_failed_cmdline_parser_name
+    assert_raises BetterCap::Error do
+      ParserFactory.from_cmdline 'unknown'
+    end
+  end
+
+  def test_no_cmdline_parser_provided
+    assert_raises BetterCap::Error do
+      ParserFactory.from_cmdline nil
+    end
+  end
+
+  def test_successfully_loading_parsers
+    loaded = ParserFactory.load_by_names 'FTP'
+    assert_equal loaded.first.class, FtpParser
+  end
+
+  def test_unsuccessfully_loading_parsers
+    loaded = ParserFactory.load_by_names 'unknown'
+    assert_empty loaded
+  end
+end

data/test/factories/spoofer_factory_test.rb

@@ -0,0 +1,15 @@
+require 'minitest/autorun'
+require 'factories/spoofer_factory'
+
+class SpooferFactoryTest < MiniTest::Test
+  def test_getting_available_parsers
+    spoofers = SpooferFactory.available
+    assert spoofers.include?('ARP')
+  end
+
+  def test_unsuccessful_name
+    assert_raises BetterCap::Error do
+      SpooferFactory.get_by_name 'unknown'
+    end
+  end
+end