bettercap 1.1.9 → 1.1.10

data/lib/bettercap/proxy/stream_logger.rb

@@ -11,7 +11,7 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/logger'
 
-module Proxy
+module BetterCap
 class StreamLogger
   @@MAX_REQ_SIZE = 50
 
@@ -23,12 +23,24 @@ class StreamLogger
   }
 
   def self.addr2s( addr )
-    target = Context.get.find_target addr, nil
+    ctx = Context.get
+
+    return 'local' if addr == ctx.ifconfig[:ip_saddr]
+
+    target = ctx.find_target addr, nil
     return target.to_s_compact unless target.nil?
+
     addr
   end
 
-  def self.log( is_https, client, request, response )
+  def self.log_raw( pkt, label, payload )
+    nl    = if label.include?"\n" then "\n" else " " end
+    label = label.strip
+    Logger.raw( "[#{self.addr2s(pkt.ip_saddr)} > #{self.addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst}] " \
+               "[#{label.green}]#{nl}#{payload.strip.yellow}" )
+  end
+
+  def self.log_http( is_https, client, request, response )
     request_s  = "#{is_https ? 'https' : 'http'}://#{request.host}#{request.url}"
     response_s = "( #{response.content_type} )"
     request_s  = request_s.slice(0..@@MAX_REQ_SIZE) + '...' unless request_s.length <= @@MAX_REQ_SIZE

data/lib/bettercap/proxy/streamer.rb

@@ -11,6 +11,7 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/logger'
 
+module BetterCap
 module Proxy
 class Streamer
   def initialize( processor )
@@ -51,7 +52,7 @@ class Streamer
       rescue Exception => e
         Logger.debug e
       end
-      
+
     elsif response.content_length.nil?
       Logger.debug "Reading response body using 1024 bytes chunks ..."
 
@@ -169,3 +170,4 @@ class Streamer
 
 end
 end
+end

data/lib/bettercap/proxy/thread_pool.rb

@@ -12,6 +12,7 @@ This project is released under the GPL 3 license.
 require 'thread'
 
 # Tnx to Puma ThreadPool!
+module BetterCap
 module Proxy
 class ThreadPool
 
@@ -62,10 +63,10 @@ class ThreadPool
   #
   # Must be called with @mutex held!
   #
-  def spawn_thread    
+  def spawn_thread
     @spawned += 1
 
-    th = Thread.new do      
+    th = Thread.new do
       todo  = @todo
       block = @block
       mutex = @mutex
@@ -199,3 +200,4 @@ class ThreadPool
   end
 end
 end
+end

data/lib/bettercap/shell.rb

@@ -7,6 +7,7 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/error'
 
+module BetterCap
 module Shell
   class << self
 
@@ -38,3 +39,4 @@ module Shell
 
   end
 end
+end

data/lib/bettercap/sniffer/parsers/base.rb

@@ -9,29 +9,20 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
-require 'colorize'
-
+module BetterCap
 class BaseParser
   def initialize
     @filters = []
     @name = 'BASE'
   end
 
-  def addr2s( addr )
-    target = Context.get.find_target addr, nil
-    return target.to_s_compact unless target.nil?
-    addr
-  end
-
   def on_packet( pkt )
     s = pkt.to_s
     @filters.each do |filter|
       if s =~ filter
-        Logger.raw "[#{addr2s(pkt.ip_saddr)}:#{pkt.tcp_src} > #{addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
-                     "[#{@name}] ".green +
-                     pkt.payload.strip.yellow
+        StreamLogger.log_raw( pkt, @name, pkt.payload )
       end
     end
   end
 end
+end

data/lib/bettercap/sniffer/parsers/custom.rb

@@ -0,0 +1,21 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+require 'bettercap/sniffer/parsers/base'
+
+module BetterCap
+class CustomParser < BaseParser
+  def initialize( filter )
+    @filters = [ filter ]
+    @name    = 'DATA'
+  end
+end
+end

data/lib/bettercap/sniffer/parsers/ftp.rb

@@ -11,9 +11,11 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/sniffer/parsers/base'
 
+module BetterCap
 class FtpParser < BaseParser
     def initialize
         @filters = [ /(USER|PASS)\s+.+/ ]
         @name = 'FTP'
     end
 end
+end

data/lib/bettercap/sniffer/parsers/httpauth.rb

@@ -13,6 +13,7 @@ require 'bettercap/sniffer/parsers/base'
 require 'colorize'
 require 'base64'
 
+module BetterCap
 class HttpauthParser < BaseParser
   def on_packet( pkt )
     lines = pkt.to_s.split("\n")
@@ -31,14 +32,12 @@ class HttpauthParser < BaseParser
         decoded = Base64.decode64(encoded)
         user, pass = decoded.split(':')
 
-        Logger.raw "[#{addr2s(pkt.ip_saddr)}:#{pkt.tcp_src} > #{addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
-          '[HTTP BASIC AUTH]'.green + " http://#{hostname}#{path} - username=#{user} password=#{pass}".yellow
+        StreamLogger.log_raw( pkt, '[HTTP BASIC AUTH]'.green + " http://#{hostname}#{path} - username=#{user} password=#{pass}".yellow )
 
       elsif line =~ /Authorization:\s*Digest\s+(.+)/i
-         Logger.raw "[#{addr2s(pkt.ip_saddr)}:#{pkt.tcp_src} > #{addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
-          '[HTTP DIGEST AUTH]'.green + " http://#{hostname}#{path}\n#{$1}".yellow
-
+        StreamLogger.log_raw( pkt, '[HTTP DIGEST AUTH]'.green + " http://#{hostname}#{path}\n#{$1}".yellow )
       end
     end
   end
 end
+end

data/lib/bettercap/sniffer/parsers/https.rb

@@ -13,6 +13,7 @@ require 'bettercap/sniffer/parsers/base'
 require 'colorize'
 require 'resolv'
 
+module BetterCap
 class HttpsParser < BaseParser
   @@prev = nil
 
@@ -28,10 +29,7 @@ class HttpsParser < BaseParser
           end
 
           if @@prev.nil? or @@prev != hostname
-            Logger.raw "[#{addr2s(pkt.ip_saddr)}:#{pkt.tcp_src} > #{addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
-                         '[HTTPS] '.green +
-                         "https://#{hostname}/".yellow
-
+            StreamLogger.log_raw( pkt, 'HTTPS', "https://#{hostname}/" )
             @@prev = hostname
           end
         end
@@ -40,3 +38,4 @@ class HttpsParser < BaseParser
     end
   end
 end
+end

data/lib/bettercap/sniffer/parsers/irc.rb

@@ -11,9 +11,11 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/sniffer/parsers/base'
 
+module BetterCap
 class IrcParser < BaseParser
     def initialize
         @filters = [ /NICK\s+.+/, /NS IDENTIFY\s+.+/, /nickserv :identify\s+.+/ ]
         @name = 'IRC'
     end
 end
+end

data/lib/bettercap/sniffer/parsers/mail.rb

@@ -11,9 +11,11 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/sniffer/parsers/base'
 
+module BetterCap
 class MailParser < BaseParser
     def initialize
         @filters = [ /(\d+ )?(auth|authenticate) ([a-z\-_0-9]+)/i ]
         @name = 'MAIL'
     end
 end
+end

data/lib/bettercap/sniffer/parsers/ntlmss.rb

@@ -12,6 +12,7 @@ This project is released under the GPL 3 license.
 require 'bettercap/sniffer/parsers/base'
 require 'colorize'
 
+module BetterCap
 class NtlmssParser < BaseParser
     def bin2hex( data )
         hex = ''
@@ -30,9 +31,8 @@ class NtlmssParser < BaseParser
         s = pkt.to_s
         if s =~ /NTLMSSP\x00\x03\x00\x00\x00.+/
             # TODO: Parse NTLMSSP packet.
-            Logger.raw "[#{addr2s(pkt.ip_saddr)} > #{addr2s(pkt.ip_daddr)} #{pkt.proto.last}] " +
-                         '[NTLMSS] '.green +
-                         bin2hex( pkt.payload ).yellow
+            StreamLogger.log_raw( pkt, 'NTLMSS', bin2hex( pkt.payload ) )
         end
     end
 end
+end

data/lib/bettercap/sniffer/parsers/post.rb

@@ -12,13 +12,13 @@ This project is released under the GPL 3 license.
 require 'bettercap/sniffer/parsers/base'
 require 'colorize'
 
+module BetterCap
 class PostParser < BaseParser
-    def on_packet( pkt )
-        s = pkt.to_s
-        if s =~ /POST\s+[^\s]+\s+HTTP.+/
-            Logger.raw "[#{addr2s(pkt.ip_saddr)}:#{pkt.tcp_src} > #{addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
-                         "[POST]\n".green +
-                         pkt.payload.strip.yellow
-        end
+  def on_packet( pkt )
+    s = pkt.to_s
+    if s =~ /POST\s+[^\s]+\s+HTTP.+/
+      StreamLogger.log_raw( pkt, "POST\n", pkt.payload )
     end
+  end
+end
 end

data/lib/bettercap/sniffer/parsers/url.rb

@@ -12,17 +12,17 @@ This project is released under the GPL 3 license.
 require 'bettercap/sniffer/parsers/base'
 require 'colorize'
 
+module BetterCap
 class UrlParser < BaseParser
-    def on_packet( pkt )
-        s = pkt.to_s
-        if s =~ /GET\s+([^\s]+)\s+HTTP.+Host:\s+([^\s]+).+/m
-            host = $2
-            url = $1
-            if not url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
-                Logger.raw "[#{addr2s(pkt.ip_saddr)}:#{pkt.tcp_src} > #{addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst} #{pkt.proto.last}] " +
-                             '[GET] '.green +
-                             "http://#{host}#{url}".yellow
-            end
-        end
+  def on_packet( pkt )
+    s = pkt.to_s
+    if s =~ /GET\s+([^\s]+)\s+HTTP.+Host:\s+([^\s]+).+/m
+      host = $2
+      url = $1
+      if not url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
+        StreamLogger.log_raw( pkt, 'GET', "http://#{host}#{url}" )
+      end
     end
+  end
+end
 end

data/lib/bettercap/sniffer/sniffer.rb

@@ -14,6 +14,7 @@ require 'bettercap/factories/parser_factory'
 require 'colorize'
 require 'packetfu'
 
+module BetterCap
 class Sniffer
   include PacketFu
 
@@ -87,12 +88,16 @@ class Sniffer
   def self.setup( ctx )
     @@ctx = ctx
 
-    if !@@ctx.options.sniffer_pcap.nil?
+    unless @@ctx.options.sniffer_pcap.nil?
       @@pcap = PcapFile.new
       Logger.warn "Saving packets to #{@@ctx.options.sniffer_pcap} ."
     end
 
-    @@parsers = ParserFactory.load_by_names @@ctx.options.parsers
+    if @@ctx.options.custom_parser.nil?
+      @@parsers = ParserFactory.load_by_names @@ctx.options.parsers
+    else
+      @@parsers = ParserFactory.load_custom @@ctx.options.custom_parser
+    end
 
     @@cap = Capture.new(
         iface: @@ctx.options.iface,
@@ -101,3 +106,4 @@ class Sniffer
     )
   end
 end
+end

data/lib/bettercap/spoofers/arp.rb

@@ -16,6 +16,7 @@ require 'bettercap/network'
 require 'bettercap/logger'
 require 'colorize'
 
+module BetterCap
 class ArpSpoofer < ISpoofer
   def initialize
     @ctx          = Context.get
@@ -52,7 +53,7 @@ class ArpSpoofer < ISpoofer
   def start
     Logger.info "Starting ARP spoofer ( #{@ctx.options.half_duplex ? 'Half' : 'Full'} Duplex ) ..."
 
-    stop() unless !@running
+    stop() if @running
     @running = true
 
     @ctx.firewall.enable_forwarding(true) unless @forwarding
@@ -75,7 +76,7 @@ class ArpSpoofer < ISpoofer
           # we're only interested in 'who-has' packets
           if pkt.arp_opcode == 1 and pkt.arp_dst_mac.to_s == '00:00:00:00:00:00'
             is_from_us = ( pkt.arp_src_ip.to_s == @ctx.ifconfig[:ip_saddr] )
-            if !is_from_us
+            unless is_from_us
               Logger.info "[ARP] #{pkt.arp_src_ip.to_s} is asking who #{pkt.arp_dst_ip.to_s} is."
 
               send_spoofed_packet pkt.arp_dst_ip.to_s, @ctx.ifconfig[:eth_saddr], pkt.arp_src_ip.to_s, pkt.arp_src_mac.to_s
@@ -109,16 +110,24 @@ class ArpSpoofer < ISpoofer
         @ctx.targets.each do |target|
           # targets could change, update mac addresses if needed
           if target.mac.nil?
-            Logger.warn "Getting target #{target.ip} MAC address ..."
-
             hw = Network.get_hw_address( @ctx.ifconfig, target.ip )
             if hw.nil?
-              Logger.warn "Couldn't determine target MAC"
+              Logger.warn "Couldn't determine target #{ip} MAC!"
               next
             else
               Logger.info "  Target MAC    : #{hw}"
               target.mac = hw
             end
+          # target was specified by MAC address
+          elsif target.ip_refresh
+            ip = Network.get_ip_address( @ctx, target.mac )
+            if ip.nil?
+              Logger.warn "Couldn't determine target #{target.mac} IP!"
+              next
+            else
+              Logger.info "Target #{target.mac} IP : #{ip}" if target.ip.nil? or target.ip != ip
+              target.ip = ip
+            end
           end
 
           send_spoofed_packet( @gateway.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
@@ -159,3 +168,4 @@ class ArpSpoofer < ISpoofer
     sleep 1
   end
 end
+end

data/lib/bettercap/spoofers/none.rb

@@ -12,6 +12,7 @@ This project is released under the GPL 3 license.
 require 'bettercap/base/ispoofer'
 require 'bettercap/logger'
 
+module BetterCap
 class NoneSpoofer < ISpoofer
   def initialize
     Logger.warn 'Spoofing disabled.'
@@ -21,3 +22,4 @@ class NoneSpoofer < ISpoofer
 
   def stop; end
 end
+end

data/lib/bettercap/target.rb

@@ -12,8 +12,9 @@ This project is released under the GPL 3 license.
 require 'bettercap/logger'
 require 'socket'
 
+module BetterCap
 class Target
-    attr_accessor :ip, :mac, :vendor, :hostname
+    attr_accessor :ip, :mac, :vendor, :hostname, :ip_refresh
 
     NBNS_TIMEOUT = 30
     NBNS_PORT    = 137
@@ -23,11 +24,19 @@ class Target
     @@prefixes = nil
 
     def initialize( ip, mac=nil )
-      @ip       = ip
-      @mac      = normalized_mac mac unless mac.nil?
+      if Network.is_ip?(ip)
+        @ip = ip
+        @ip_refresh = false
+      else
+        @ip         = nil
+        mac         = ip
+        @ip_refresh = true
+      end
+
+      @mac      = Target.normalized_mac(mac) unless mac.nil?
       @vendor   = Target.lookup_vendor(@mac) unless mac.nil?
       @hostname = nil
-      @resolver = Thread.new { resolve! }
+      @resolver = Thread.new { resolve! } unless Context.get.options.no_target_nbns or @ip.nil?
     end
 
     def sortable_ip
@@ -35,12 +44,12 @@ class Target
     end
 
     def mac=(value)
-      @mac = normalized_mac value
+      @mac = Target.normalized_mac(value)
       @vendor = Target.lookup_vendor(@mac) if not @mac.nil?
     end
 
     def to_s
-      s = sprintf( '%-15s : %-17s', @ip, @mac )
+      s = sprintf( '%-15s : %-17s', if @ip.nil? then '???' else @ip end, @mac )
       s += " / #{@hostname}" unless @hostname.nil?
       s += if @vendor.nil? then " ( ??? )" else " ( #{@vendor} )" end
       s
@@ -55,15 +64,24 @@ class Target
     end
 
     def equals?(ip, mac)
-      ( @ip == ip && ( mac.nil? || @mac == normalized_mac(mac) ) )
+      # compare by ip
+      if mac.nil?
+        return ( @ip == ip )
+      # compare by mac
+      elsif !@mac.nil? and ( @mac == mac )
+        Logger.info "Found IP #{ip} for target #{@mac}!" if @ip.nil?
+        @ip = ip
+        return true
+      end
+      false
     end
 
-private
-
-    def normalized_mac(v)
+    def self.normalized_mac(v)
       v.split(':').map { |e| if e.size == 2 then e.upcase else "0#{e.upcase}" end }.join(':')
     end
 
+private
+
     def resolve!
       resp, sock = nil, nil
       begin
@@ -103,3 +121,4 @@ private
       @@prefixes[ mac.split(':')[0,3].join('').upcase ]
     end
 end
+end