bettercap 1.3.6 → 1.3.7

data/lib/bettercap/proxy/response.rb

@@ -48,6 +48,23 @@ class Response
     r
   end
 
+  # Return a 302 response object redirecting to +url+, setting optional +cookies+.
+  def self.redirect( url, cookies = [] )
+    r = Response.new
+
+    r << "HTTP/1.1 302 Moved"
+    r << "Location: #{url}"
+
+    cookies.each do |cookie|
+      r << "Set-Cookie: #{cookie}"
+    end
+
+    r << "Connection: close"
+    r << "\n\n"
+
+    r
+  end
+
   # Initialize this response object state.
   def initialize
     @content_type = nil
@@ -158,7 +175,7 @@ class Response
       end
     end
 
-    @headers.join("\n") + "\n" + @body
+    @headers.join("\n") + "\n" + ( @body || "\n" )
   end
 end
 

data/lib/bettercap/proxy/sslstrip/strip.rb

@@ -78,8 +78,7 @@ class Strip
     unless @cookies.is_clean?(request)
       Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
       expired = @cookies.get_expired_headers!(request)
-
-      response = build_expired_cookies( expired, request )
+      response = Response.redirect( "http://#{request.host}#{request.url}", expired )
     end
     response
   end
@@ -156,22 +155,6 @@ class Strip
       end
     end
   end
-
-  # Return a 302 Redirect BetterCap::Proxy::Response object for the
-  # +request+, using +expired+ cookie headers to kill a client session.
-  def build_expired_cookies( expired, request )
-    resp = Response.new
-
-    resp << "HTTP/1.1 302 Moved"
-    resp << "Connection: close"
-    resp << "Location: http://#{request.host}#{request.url}"
-
-    expired.each do |cookie|
-      resp << "Set-Cookie: #{cookie}"
-    end
-
-    resp
-  end
 end
 
 end

data/lib/bettercap/proxy/stream_logger.rb

@@ -24,6 +24,8 @@ class StreamLogger
     '5' => :red
   }
 
+  @@services = nil
+
   # Search for the +addr+ IP address inside the list of collected targets and return
   # its compact string representation ( @see BetterCap::Target#to_s_compact ).
   def self.addr2s( addr, alt = nil )
@@ -36,17 +38,48 @@ class StreamLogger
 
     if addr == '0.0.0.0' and !alt.nil?
       return alt
+    elsif addr == '255.255.255.255'
+      return '*'
     end
 
     addr
   end
 
+  # Given +proto+ and +port+ return the network service name if possible.
+  def self.service( proto, port )
+    if @@services.nil?
+      Logger.info 'Preloading network services ...'
+
+      @@services = { :tcp => {}, :udp => {} }
+      filename = File.dirname(__FILE__) + '/../network/services'
+      File.open( filename ).each do |line|
+        if line =~ /([^\s]+)\s+(\d+)\/([a-z]+).*/i
+          @@services[$3.to_sym][$2.to_i] = $1
+        end
+      end
+    end
+
+    if @@services.has_key?(proto) and @@services[proto].has_key?(port)
+      @@services[proto][port]
+    else
+      port
+    end
+  end
+
   # Log a raw packet ( +pkt+ ) data +payload+ using the specified +label+.
   def self.log_raw( pkt, label, payload )
-    nl    = if label.include?"\n" then "\n" else " " end
+    nl    = label.include?("\n") ? "\n" : " "
     label = label.strip
-    Logger.raw( "[#{self.addr2s(pkt.ip_saddr, pkt.eth2s(:src))} > #{self.addr2s(pkt.ip_daddr,pkt.eth2s(:dst))}#{pkt.respond_to?('tcp_dst') ? ':' + pkt.tcp_dst.to_s : ''}] " \
-               "[#{label.green}]#{nl}#{payload.strip}" )
+    from  = self.addr2s( pkt.ip_saddr, pkt.eth2s(:src) )
+    to    = self.addr2s( pkt.ip_daddr, pkt.eth2s(:dst) )
+
+    if pkt.respond_to?('tcp_dst')
+      to += ':' + self.service( :tcp, pkt.tcp_dst ).to_s
+    elsif pkt.respond_to?('udp_dst')
+      to += ':' + self.service( :udp, pkt.udp_dst ).to_s
+    end
+
+    Logger.raw( "[#{from} > #{to}] [#{label.green}]#{nl}#{payload.strip}" )
   end
 
   # Log a HTTP ( HTTPS if +is_https+ is true ) stream performed by the +client+

data/lib/bettercap/proxy/streamer.rb

@@ -29,8 +29,7 @@ class Streamer
 
     Logger.warn "#{client_ip}:#{client_port} is connecting to us directly."
 
-    client.write "HTTP/1.1 302 Found\n"
-    client.write "Location: https://www.youtube.com/watch?v=dQw4w9WgXcQ\n\n"
+    client.write Response.redirect( "https://www.youtube.com/watch?v=dQw4w9WgXcQ" ).to_s
   end
 
   # Handle the HTTP +request+ from +client+.

data/lib/bettercap/sniffer/parsers/dhcp.rb

@@ -21,7 +21,7 @@ class DHCP < Base
         unless packet.nil?
           auth = packet.authentication
           cid  = auth.nil?? nil : packet.client_identifier
-          msg  = "[#{packet.type.yellow}] #{'Transaction-ID'.green}=#{packet.transaction_id.yellow}"
+          msg  = "[#{packet.type.yellow}] #{'Transaction-ID'.green}=#{sprintf( "0x%X", packet.xid ).yellow}"
 
           unless cid.nil?
             msg += " #{'Client-ID'.green}='#{cid.yellow}'"
@@ -38,10 +38,7 @@ class DHCP < Base
           StreamLogger.log_raw( pkt, 'DHCP', msg )
         end
       end
-    rescue Exception => e
-      Logger.debug e.message
-      Logger.debug e.backtrace.join("\n")
-    end
+    rescue; end
   end
 end
 end

data/lib/bettercap/sniffer/parsers/httpauth.rb

@@ -35,8 +35,8 @@ class Httpauth < Base
 
         StreamLogger.log_raw( pkt, 'HTTP BASIC AUTH', "http://#{hostname}#{path} - username=#{user} password=#{pass}".yellow )
 
-      elsif line =~ /Authorization:\s*Digest\s+(.+)/i
-        StreamLogger.log_raw( pkt, 'HTTP DIGEST AUTH', "http://#{hostname}#{path}\n#{$1}".yellow )
+      elsif line =~ /Authorization:\s*([^\s]+)\s+(.+)/i
+        StreamLogger.log_raw( pkt, "HTTP #{$1} AUTH", "http://#{hostname}#{path}\n#{$1.blue}: #{$2.yellow}" )
       end
     end
   end

data/lib/bettercap/sniffer/parsers/mysql.rb

@@ -0,0 +1,27 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# MySQL authentication parser.
+class MySQL < Base
+  def on_packet( pkt )
+    packet = Network::Protos::MySQL::Packet.parse( pkt.payload )
+    unless packet.nil? or !packet.is_auth?
+      StreamLogger.log_raw( pkt, 'MYSQL', "#{'username'.blue}='#{packet.username.yellow}' "\
+                                          "#{'password'.blue}='#{packet.password.map { |x| sprintf("%02X", x )}.join.yellow}'" )
+    end
+  end
+end
+end
+end

data/lib/bettercap/sniffer/parsers/ntlmss.rb

@@ -13,26 +13,20 @@ This project is released under the GPL 3 license.
 
 module BetterCap
 module Parsers
-# NTLMSS traffic parser.
-class Ntlmss < Base
-  # Convert binary +data+ into human readable hexadecimal representation.
-  def bin2hex( data )
-    hex = ''
-    data.each_byte do |byte|
-      if /[[:print:]]/ === byte.chr
-        hex += byte.chr
-      else
-        hex += "\\x" + byte.to_s(16)
-      end
-    end
-    hex
-  end
-
+# NTLMSS authentication parser.
+class NTLMSS < Base
   def on_packet( pkt )
-    s = pkt.to_s
-    if s =~ /NTLMSSP\x00\x03\x00\x00\x00.+/
-      # TODO: Parse NTLMSSP packet.
-      StreamLogger.log_raw( pkt, 'NTLMSS', bin2hex( pkt.payload ) )
+    packet = Network::Protos::NTLM::Packet.parse( pkt.payload )
+    if !packet.nil? and packet.is_auth?
+      msg = "NTLMSSP Authentication:\n"
+      msg += "  #{'LM Response'.blue}   : #{packet.lm_response.map { |x| sprintf("%02X", x )}.join.yellow}\n"
+      msg += "  #{'NTLM Response'.blue} : #{packet.ntlm_response.map { |x| sprintf("%02X", x )}.join.yellow}\n"
+      msg += "  #{'Domain Name'.blue}   : #{packet.domain_name.yellow}\n"
+      msg += "  #{'User Name'.blue}     : #{packet.user_name.yellow}\n"
+      msg += "  #{'Host Name'.blue}     : #{packet.host_name.yellow}\n"
+      msg += "  #{'Session Key'.blue}   : #{packet.session_key_resp.map { |x| sprintf("%02X", x )}.join.yellow}"
+
+      StreamLogger.log_raw( pkt, 'NTLM', msg )
     end
   end
 end

data/lib/bettercap/sniffer/parsers/pgsql.rb

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# PgSQL authentication parser.
+class PgSQL < Base
+  STARTUP_EXPR      = /....\x00\x03\x00\x00user\x00([^\x00]+)\x00database\x00([^\x00]+)/
+  MD5_AUTH_REQ_EXPR = /\x52....\x00\x00\x00\x05(....)/
+  MD5_PASSWORD_EXPR = /\x70....md5(.+)/
+
+  def on_packet( pkt )
+    if pkt.payload =~ STARTUP_EXPR
+      StreamLogger.log_raw( pkt, 'PGSQL', "STARTUP #{'username'.blue}='#{$1.yellow}' #{'database'.blue}='#{$2.yellow}'" )
+
+    elsif pkt.payload =~ MD5_AUTH_REQ_EXPR
+      salt = $1.reverse.unpack('L')[0]
+      StreamLogger.log_raw( pkt, 'PGSQL', "MD5 AUTH REQUEST #{'salt'.blue}=#{sprintf("0x%X", salt).yellow}" )
+
+    elsif pkt.payload =~ MD5_PASSWORD_EXPR
+      StreamLogger.log_raw( pkt, 'PGSQL', "PASSWORD #{'md5'.blue}='#{$1.yellow}'" )
+    end
+  end
+end
+end
+end

data/lib/bettercap/sniffer/sniffer.rb

@@ -34,18 +34,25 @@ class Sniffer
 
       setup( ctx )
 
-      self.stream.each do |p|
+      self.stream.each do |raw_packet|
         break unless @@ctx.running
         begin
-          parsed = Packet.parse p
+          parsed = PacketFu::Packet.parse(raw_packet)
         rescue Exception => e
           parsed = nil
-          Logger.debug e.message
+          #Logger.debug e.message
+          #Logger.debug e.backtrace.join("\n")
         end
 
         if not parsed.nil? and parsed.is_ip? and !skip_packet?(parsed)
-          append_packet p
+          Logger.debug "Parsing packet ..."
+          append_packet raw_packet
           parse_packet parsed
+        else
+          Logger.debug "[SNIFFER] Skipping packet:" \
+                       " parsed=#{parsed.nil?? 'false' : 'true'}" \
+                       " is_ip?=#{parsed.nil?? 'false' : parsed.is_ip?}" \
+                       " skip_packet?=#{parsed.nil?? 'true' : skip_packet?(parsed)}"
         end
       end
     end
@@ -66,9 +73,12 @@ class Sniffer
 
   # Return true if the +pkt+ packet instance must be skipped.
   def self.skip_packet?( pkt )
-    !@@ctx.options.local and
-        ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or
-            pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
+    begin
+      !@@ctx.options.local and
+          ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or
+              pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
+    rescue; end
+    false
   end
 
   # Apply each parser on the given +parsed+ packet.
@@ -77,7 +87,7 @@ class Sniffer
       begin
         parser.on_packet parsed
       rescue Exception => e
-        Logger.warn e.message
+        Logger.debug e.message
       end
     end
   end

data/lib/bettercap/version.rb

@@ -12,7 +12,7 @@ This project is released under the GPL 3 license.
 =end
 module BetterCap
   # Current version of bettercap.
-  VERSION = '1.3.6'
+  VERSION = '1.3.7'
   # Program banner.
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bettercap
 version: !ruby/object:Gem::Version
-  version: 1.3.6
+  version: 1.3.7
 platform: ruby
 authors:
 - Simone Margaritelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-06 00:00:00.000000000 Z
+date: 2016-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -141,8 +141,11 @@ files:
 - lib/bettercap/network/packet_queue.rb
 - lib/bettercap/network/protos/base.rb
 - lib/bettercap/network/protos/dhcp.rb
+- lib/bettercap/network/protos/mysql.rb
+- lib/bettercap/network/protos/ntlm.rb
 - lib/bettercap/network/servers/dnsd.rb
 - lib/bettercap/network/servers/httpd.rb
+- lib/bettercap/network/services
 - lib/bettercap/network/target.rb
 - lib/bettercap/options.rb
 - lib/bettercap/proxy/certstore.rb
@@ -172,8 +175,10 @@ files:
 - lib/bettercap/sniffer/parsers/irc.rb
 - lib/bettercap/sniffer/parsers/mail.rb
 - lib/bettercap/sniffer/parsers/mpd.rb
+- lib/bettercap/sniffer/parsers/mysql.rb
 - lib/bettercap/sniffer/parsers/nntp.rb
 - lib/bettercap/sniffer/parsers/ntlmss.rb
+- lib/bettercap/sniffer/parsers/pgsql.rb
 - lib/bettercap/sniffer/parsers/post.rb
 - lib/bettercap/sniffer/parsers/redis.rb
 - lib/bettercap/sniffer/parsers/rlogin.rb