bettercap 1.3.5 → 1.3.6

data/lib/bettercap/options.rb

@@ -175,7 +175,7 @@ class Options
         ctx.options.iface = v
       end
 
-      opts.on( '-S', '--spoofer NAME', 'Spoofer module to use, available: ' + Factories::Spoofer.available.join(', ') + ' - default: ' + ctx.options.spoofer ) do |v|
+      opts.on( '-S', '--spoofer NAME', 'Spoofer module to use, available: ' + Spoofers::Base.available.join(', ') + ' - default: ' + ctx.options.spoofer ) do |v|
         ctx.options.spoofer = v
       end
 
@@ -223,9 +223,9 @@ class Options
         ctx.options.sniffer_filter = v
       end
 
-      opts.on( '-P', '--parsers PARSERS', 'Comma separated list of packet parsers to enable, "*" for all ( NOTE: Will set -X to true ), available: ' + Factories::Parser.available.join(', ') + ' - default: *' ) do |v|
+      opts.on( '-P', '--parsers PARSERS', 'Comma separated list of packet parsers to enable, "*" for all ( NOTE: Will set -X to true ), available: ' + Parsers::Base.available.join(', ') + ' - default: *' ) do |v|
         ctx.options.sniffer = true
-        ctx.options.parsers = Factories::Parser.from_cmdline(v)
+        ctx.options.parsers = Parsers::Base.from_cmdline(v)
       end
 
       opts.on( '--custom-parser EXPRESSION', 'Use a custom regular expression in order to capture and show sniffed data ( NOTE: Will set -X to true ).' ) do |v|
@@ -492,7 +492,7 @@ class Options
     spoofers = []
     spoofer_modules_names = @spoofer.split(",")
     spoofer_modules_names.each do |module_name|
-      spoofers << Factories::Spoofer.get_by_name( module_name )
+      spoofers << Spoofers::Base.get_by_name( module_name )
     end
     spoofers
   end

data/lib/bettercap/proxy/stream_logger.rb

@@ -26,7 +26,7 @@ class StreamLogger
 
   # Search for the +addr+ IP address inside the list of collected targets and return
   # its compact string representation ( @see BetterCap::Target#to_s_compact ).
-  def self.addr2s( addr )
+  def self.addr2s( addr, alt = nil )
     ctx = Context.get
 
     return 'local' if addr == ctx.ifconfig[:ip_saddr]
@@ -34,6 +34,10 @@ class StreamLogger
     target = ctx.find_target addr, nil
     return target.to_s_compact unless target.nil?
 
+    if addr == '0.0.0.0' and !alt.nil?
+      return alt
+    end
+
     addr
   end
 
@@ -41,8 +45,8 @@ class StreamLogger
   def self.log_raw( pkt, label, payload )
     nl    = if label.include?"\n" then "\n" else " " end
     label = label.strip
-    Logger.raw( "[#{self.addr2s(pkt.ip_saddr)} > #{self.addr2s(pkt.ip_daddr)}:#{pkt.tcp_dst}] " \
-               "[#{label.green}]#{nl}#{payload.strip.yellow}" )
+    Logger.raw( "[#{self.addr2s(pkt.ip_saddr, pkt.eth2s(:src))} > #{self.addr2s(pkt.ip_daddr,pkt.eth2s(:dst))}#{pkt.respond_to?('tcp_dst') ? ':' + pkt.tcp_dst.to_s : ''}] " \
+               "[#{label.green}]#{nl}#{payload.strip}" )
   end
 
   # Log a HTTP ( HTTPS if +is_https+ is true ) stream performed by the +client+

data/lib/bettercap/shell.rb

@@ -35,11 +35,33 @@ module Shell
       r
     end
 
-    # Get the +iface+ network interface configuration.
+    # Cross-platform way of finding an executable in the $PATH.
+    def which(cmd)
+      exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+      ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+        exts.each { |ext|
+          exe = File.join(path, "#{cmd}#{ext}")
+          return exe if File.executable?(exe) && !File.directory?(exe)
+        }
+      end
+      return nil
+    end
+
+    # Cross-platform way of finding an executable in the $PATH.
+    def available?(cmd)
+      !which(cmd).nil?
+    end
+
+    # Get the +iface+ network interface configuration ( using ifconfig ).
     def ifconfig(iface = '')
       self.execute( "LANG=en && ifconfig #{iface}" )
     end
 
+    # Get the +iface+ network interface configuration ( using iproute2 ).
+    def ip(iface = '')
+      self.execute( "LANG=en && ip addr show #{iface}" )
+    end
+
     # Get the ARP table cached on this computer.
     def arp
       self.execute( 'LANG=en && arp -a -n' )

data/lib/bettercap/sniffer/parsers/base.rb

@@ -14,6 +14,58 @@ module BetterCap
 module Parsers
 # Base class for BetterCap::Parsers.
 class Base
+  # Hash of available parsers ( parser name -> class name )
+  @@loaded = {}
+
+  class << self
+    # Called when this base class is inherited from one of the parsers.
+    def inherited(subclass)
+      name = subclass.name.split('::')[2].upcase
+      if name != 'CUSTOM'
+        @@loaded[name] = subclass.name
+      end
+    end
+
+    # Return a list of available parsers names.
+    def available
+      @@loaded.keys
+    end
+
+    # Parse the +v+ command line argument and return a list of parser names.
+    # Will raise BetterCap::Error if one or more parser names are not valid.
+    def from_cmdline(v)
+      raise BetterCap::Error, "No parser names provided" if v.nil?
+
+      avail = available
+      list = v.split(',').collect(&:strip).collect(&:upcase).reject{ |c| c.empty? }
+      list.each do |parser|
+        raise BetterCap::Error, "Invalid parser name '#{parser}'." unless avail.include?(parser) or parser == '*'
+      end
+      list
+    end
+
+    # Return a list of BetterCap::Parsers instances by their +parsers+ names.
+    def load_by_names(parsers)
+      loaded = []
+
+      @@loaded.each do |name,cname|
+        if parsers.include?(name) or parsers == ['*']
+          Logger.debug "Loading parser #{name} ( #{cname} ) ..."
+          loaded << BetterCap::Loader.load(cname).new
+        end
+      end
+
+      loaded
+    end
+
+    # Load and return an instance of the BetterCap::Parsers::Custom parser
+    # given the +expression+ Regex object.
+    def load_custom(expression)
+      Logger.debug "Loading custom parser: '#{expression}' ..."
+      [ BetterCap::Parsers::Custom.new(expression) ]
+    end
+  end
+
   # Initialize this parser.
   def initialize
     @filters = []

data/lib/bettercap/sniffer/parsers/cookie.rb

@@ -0,0 +1,45 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# HTTP cookies parser.
+class Cookie < Base
+  # Cookies to ignore.
+  FILTER = [ '__cfduid', '_ga', '_gat' ].freeze
+
+  def on_packet( pkt )
+    hostname = nil
+    cookies = {}
+
+    pkt.to_s.split("\n").each do |line|
+      if line =~ /Host:\s*([^\s]+)/i
+        hostname = $1
+      elsif line =~ /.*Cookie:\s*(.+)/i
+        $1.strip.split(';').each do |v|
+          k, v = v.split('=').map(&:strip)
+          next if k.nil? or v.nil?
+          unless k.empty? or v.empty? or FILTER.include?(k)
+            cookies[k] = v
+          end
+        end
+      end
+    end
+
+    unless hostname.nil? or cookies.empty?
+      StreamLogger.log_raw( pkt, "COOKIE", "[#{hostname.yellow}] #{cookies.map{|k,v| "#{k.green}=#{v.yellow}"}.join('; ')}" )
+    end
+  end
+end
+end
+end

data/lib/bettercap/sniffer/parsers/custom.rb

@@ -10,7 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/dhcp.rb

@@ -0,0 +1,48 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# DHCP packets and authentication parser.
+class DHCP < Base
+  def on_packet( pkt )
+    begin
+      if pkt.udp_dst == 67 or pkt.udp_dst == 68
+        packet = Network::Protos::DHCP::Packet.parse( pkt.payload )
+        unless packet.nil?
+          auth = packet.authentication
+          cid  = auth.nil?? nil : packet.client_identifier
+          msg  = "[#{packet.type.yellow}] #{'Transaction-ID'.green}=#{packet.transaction_id.yellow}"
+
+          unless cid.nil?
+            msg += " #{'Client-ID'.green}='#{cid.yellow}'"
+          end
+
+          unless auth.nil?
+            msg += "\n#{'AUTHENTICATION'.green}:\n\n"
+            auth.each do |k,v|
+              msg += "  #{k.blue} : #{v.yellow}\n"
+            end
+            msg += "\n"
+          end
+
+          StreamLogger.log_raw( pkt, 'DHCP', msg )
+        end
+      end
+    rescue Exception => e
+      Logger.debug e.message
+      Logger.debug e.backtrace.join("\n")
+    end
+  end
+end
+end
+end

data/lib/bettercap/sniffer/parsers/dict.rb

@@ -9,7 +9,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/ftp.rb

@@ -10,7 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/httpauth.rb

@@ -10,8 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
-require 'colorize'
 require 'base64'
 
 module BetterCap

data/lib/bettercap/sniffer/parsers/https.rb

@@ -10,8 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
-require 'colorize'
 require 'resolv'
 
 module BetterCap

data/lib/bettercap/sniffer/parsers/irc.rb

@@ -10,7 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/mail.rb

@@ -10,7 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/mpd.rb

@@ -9,7 +9,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/nntp.rb

@@ -10,7 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/ntlmss.rb

@@ -10,8 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
-require 'colorize'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/post.rb

@@ -10,8 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
-require 'colorize'
 
 module BetterCap
 module Parsers
@@ -32,7 +30,11 @@ class Post < Base
 
           req.body.split('&').each do |v|
             name, value = v.split('=')
-            msg << "  #{name.blue} : #{URI.unescape(value).yellow}\n"
+            if name.nil? or value.nil?
+              msg << "  #{URI.unescape(v).yellow}\n"
+            else
+              msg << "  #{name.blue} : #{URI.unescape(value).yellow}\n"
+            end
           end
 
           StreamLogger.log_raw( pkt, "POST", req.to_url(1000) )

data/lib/bettercap/sniffer/parsers/redis.rb

@@ -9,7 +9,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/rlogin.rb

@@ -9,7 +9,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/snpp.rb

@@ -9,7 +9,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/url.rb

@@ -10,8 +10,6 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/sniffer/parsers/base'
-require 'colorize'
 
 module BetterCap
 module Parsers

data/lib/bettercap/sniffer/parsers/whatsapp.rb

@@ -0,0 +1,33 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+WhatsApp OS Parser:
+  Author : Gianluca Costa
+  Email  : g.costa@xplico.org
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# WhatsApp traffic parser.
+class Whatsapp < Base
+  def on_packet( pkt )
+    begin
+      if ( pkt.tcp_dst == 443 or pkt.tcp_dst == 5222 or pkt.tcp_dst == 5223 ) and pkt.payload =~ /^WA.*?([a-zA-Z\-\.0-9]+).*?([0-9]+)/
+        version = $1
+        phone = $2
+        StreamLogger.log_raw( pkt, 'WHATSAPP', "#{'phone'.green}=#{phone.yellow} #{'version'.green}=#{version.yellow}" )
+      end
+    rescue; end
+  end
+end
+end
+end

data/lib/bettercap/sniffer/sniffer.rb

@@ -58,9 +58,9 @@ class Sniffer
     if @@ctx.options.sniffer_src.nil?
       @@cap.stream
     else
-      Logger.info "Reading packets from #{@@ctx.options.sniffer_src} ..."
+      Logger.info "[#{'SNIFFER'.green}] Reading packets from #{@@ctx.options.sniffer_src} ..."
 
-      PcapFile.file_to_array @@ctx.options.sniffer_src
+      PacketFu::PcapFile.file_to_array @@ctx.options.sniffer_src
     end
   end
 
@@ -99,14 +99,14 @@ class Sniffer
     @@ctx = ctx
 
     unless @@ctx.options.sniffer_pcap.nil?
-      @@pcap = PcapFile.new
-      Logger.warn "Saving packets to #{@@ctx.options.sniffer_pcap} ."
+      @@pcap = PacketFu::PcapFile.new
+      Logger.info "[#{'SNIFFER'.green}] Saving packets to #{@@ctx.options.sniffer_pcap} ."
     end
 
     if @@ctx.options.custom_parser.nil?
-      @@parsers = Factories::Parser.load_by_names @@ctx.options.parsers
+      @@parsers = Parsers::Base.load_by_names @@ctx.options.parsers
     else
-      @@parsers = Factories::Parser.load_custom @@ctx.options.custom_parser
+      @@parsers = Parsers::Base.load_custom @@ctx.options.custom_parser
     end
 
     @@cap = Capture.new(