bettercap 1.4.6 → 1.5.0

data/lib/bettercap/options/options.rb

@@ -0,0 +1,167 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+# Parse command line arguments, set options and initialize +Context+
+# accordingly.
+class Options
+  # Core options
+  attr_reader :core
+  # Spoofing related options.
+  attr_reader :spoof
+  # Sniffing related options.
+  attr_reader :sniff
+  # Proxies related options.
+  attr_reader :proxies
+  # Misc servers related options.
+  attr_reader :servers
+
+  # Create a BetterCap::Options class instance using the specified network interface.
+  def initialize( iface )
+    @core    = CoreOptions.new iface
+    @spoof   = SpoofOptions.new
+    @sniff   = SniffOptions.new
+    @proxies = ProxyOptions.new
+    @servers = ServerOptions.new
+  end
+
+  # Initialize the BetterCap::Context, parse command line arguments and update program
+  # state accordingly.
+  # Will rise a BetterCap::Error if errors occurred.
+  def self.parse!
+    ctx = Context.get
+
+    OptionParser.new do |opts|
+      opts.version = BetterCap::VERSION
+      opts.banner = "Usage: bettercap [options]"
+
+      ctx.options.core.parse!( ctx, opts )
+      ctx.options.spoof.parse!( ctx, opts )
+      ctx.options.sniff.parse!( ctx, opts )
+      ctx.options.proxies.parse!( ctx, opts )
+      ctx.options.servers.parse!( ctx, opts )
+
+    end.parse!
+
+    # Initialize logging system.
+    Logger.init( ctx )
+
+    if ctx.options.core.check_updates
+      UpdateChecker.check
+      exit
+    end
+
+    # Validate options.
+    ctx.options.validate!( ctx )
+    # Load firewall instance, network interface informations and detect the
+    # gateway address.
+    ctx.update!
+
+    ctx
+  end
+
+  def validate!( ctx )
+    @core.validate!
+    @proxies.validate!( ctx )
+    # Print starting message.
+    starting_message
+  end
+
+  def need_gateway?
+    ( @core.should_discover_hosts? or @spoof.enabled? )
+  end
+
+  # Helper method to create a Firewalls::Redirection object.
+  def redir( address, port, to, proto = 'TCP' )
+    Firewalls::Redirection.new( @core.iface, proto, nil, port, address, to )
+  end
+
+  # Helper method to create a Firewalls::Redirection object for a single address ( +from+ ).
+  def redir_single( from, address, port, to, proto = 'TCP' )
+    Firewalls::Redirection.new( @core.iface, proto, from, port, address, to )
+  end
+
+  # Create a list of BetterCap::Firewalls::Redirection objects which are needed
+  # given the specified command line arguments.
+  def get_redirections ifconfig
+    redirections = []
+
+    if @servers.dnsd or @proxies.sslstrip?
+      redirections << redir( ifconfig[:ip_saddr], 53, @servers.dnsd_port )
+      redirections << redir( ifconfig[:ip_saddr], 53, @servers.dnsd_port, 'UDP' )
+    end
+
+    if @proxies.proxy
+      @proxies.http_ports.each do |port|
+        redirections << redir( ifconfig[:ip_saddr], port, @proxies.proxy_port )
+      end
+    end
+
+    if @proxies.proxy_https
+      @proxies.https_ports.each do |port|
+        redirections << redir( ifconfig[:ip_saddr], port, @proxies.proxy_https_port )
+      end
+    end
+
+    if @proxies.tcp_proxy
+      redirections << redir_single( @proxies.tcp_proxy_upstream_address, ifconfig[:ip_saddr], @proxies.tcp_proxy_upstream_port, @proxies.tcp_proxy_port )
+    end
+
+    if @proxies.custom_proxy
+      @proxies.http_ports.each do |port|
+        redirections << redir( @proxies.custom_proxy, port, @proxies.custom_proxy_port )
+      end
+    end
+
+    if @proxies.custom_https_proxy
+      @proxies.https_ports.each do |port|
+        redirections << redir( @proxies.custom_https_proxy, port, @proxies.custom_https_proxy_port )
+      end
+    end
+
+    @proxies.custom_redirections.each do |r|
+      redirections << redir( ifconfig[:ip_saddr], r[:from], r[:to], r[:proto] )
+    end
+
+    redirections
+  end
+
+  # Print the starting status message.
+  def starting_message
+    on     = '✔'.green
+    off    = '✘'.red
+    status = {
+      'spoofing'    => ( @spoof.enabled?  ? on : off ),
+      'discovery'   => ( @core.discovery? ? on : off ),
+      'sniffer'     => ( @sniff.enabled?  ? on : off ),
+      'tcp-proxy'   => ( @proxies.tcp_proxy ? on : off ),
+      'http-proxy'  => ( @proxies.proxy ? on : off ),
+      'https-proxy' => ( @proxies.proxy_https ? on : off ),
+      'sslstrip'    => ( @proxies.sslstrip? ? on : off ),
+      'http-server' => ( @servers.httpd ? on : off ),
+      'dns-server'  => ( @proxies.sslstrip? or @servers.dnsd ? on : off )
+    }
+
+    msg = "Starting [ "
+    status.each do |k,v|
+      msg += "#{k}:#{v} "
+    end
+    msg += "] ...\n\n"
+
+    Logger.info msg
+
+    Logger.warn "You are running an unstable/beta version of this software, please" \
+                " update to a stable one if available." if BetterCap::VERSION =~ /[\d\.+]b/
+  end
+end
+end

data/lib/bettercap/options/proxy_options.rb

@@ -0,0 +1,258 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+
+class ProxyOptions
+  # If true, HTTP transparent proxy will be enabled.
+  attr_accessor :proxy
+  # If true, HTTPS transparent proxy will be enabled.
+  attr_accessor :proxy_https
+  # HTTP proxy port.
+  attr_accessor :proxy_port
+  # List of HTTP ports, [ 80 ] by default.
+  attr_accessor :http_ports
+  # HTTPS proxy port.
+  attr_accessor :proxy_https_port
+  # List of HTTPS ports, [ 443 ] by default.
+  attr_accessor :https_ports
+  # File name of the PEM certificate to use for the HTTPS proxy.
+  attr_accessor :proxy_pem_file
+  # File name of the transparent proxy module to load.
+  attr_accessor :proxy_module
+  # If true, sslstrip is enabled.
+  attr_accessor :sslstrip
+  # If true, TCP proxy will be enabled.
+  attr_accessor :tcp_proxy
+  # TCP proxy local port.
+  attr_accessor :tcp_proxy_port
+  # TCP proxy upstream server address.
+  attr_accessor :tcp_proxy_upstream_address
+  # TCP proxy upstream server port.
+  attr_accessor :tcp_proxy_upstream_port
+  # TCP proxy module to load.
+  attr_accessor :tcp_proxy_module
+  # Custom HTTP transparent proxy address.
+  attr_accessor :custom_proxy
+  # Custom HTTP transparent proxy port.
+  attr_accessor :custom_proxy_port
+  # Custom HTTPS transparent proxy address.
+  attr_accessor :custom_https_proxy
+  # Custom HTTPS transparent proxy port.
+  attr_accessor :custom_https_proxy_port
+  # Custom list of redirections.
+  attr_accessor :custom_redirections
+
+  def initialize
+    @http_ports = [ 80 ]
+    @https_ports = [ 443 ]
+    @proxy = false
+    @proxy_https = false
+    @proxy_port = 8080
+    @proxy_https_port = 8083
+    @proxy_pem_file = nil
+    @proxy_module = nil
+    @sslstrip = true
+
+    @tcp_proxy = false
+    @tcp_proxy_port = 2222
+    @tcp_proxy_upstream_address = nil
+    @tcp_proxy_upstream_port = nil
+    @tcp_proxy_module = nil
+
+    @custom_proxy = nil
+    @custom_proxy_port = 8080
+
+    @custom_https_proxy = nil
+    @custom_https_proxy_port = 8083
+
+    @custom_redirections = []
+  end
+
+  def parse!( ctx, opts )
+    opts.separator ""
+    opts.separator "PROXYING:".bold
+    opts.separator ""
+
+    opts.separator ""
+    opts.separator "  TCP:"
+    opts.separator ""
+
+    opts.on( '--tcp-proxy', 'Enable TCP proxy ( requires other --tcp-proxy-* options to be specified ).' ) do
+      @tcp_proxy = true
+    end
+
+    opts.on( '--tcp-proxy-module MODULE', "Ruby TCP proxy module to load." ) do |v|
+      @tcp_proxy_module = File.expand_path(v)
+      Proxy::TCP::Module.load( @tcp_proxy_module )
+    end
+
+    opts.on( '--tcp-proxy-port PORT', "Set local TCP proxy port, default to #{@tcp_proxy_port.to_s.yellow} ." ) do |v|
+      @tcp_proxy      = true
+      @tcp_proxy_port = v.to_i
+    end
+
+    opts.on( '--tcp-proxy-upstream-address ADDRESS', 'Set TCP proxy upstream server address.' ) do |v|
+      raise BetterCap::Error, 'Invalid TCP proxy upstream server address specified.' unless Network::Validator.is_ip?(v)
+      @tcp_proxy                  = true
+      @tcp_proxy_upstream_address = v
+    end
+
+    opts.on( '--tcp-proxy-upstream-port PORT', 'Set TCP proxy upstream server port.' ) do |v|
+      @tcp_proxy               = true
+      @tcp_proxy_upstream_port = v.to_i
+    end
+
+    opts.separator "  HTTP:"
+    opts.separator ""
+
+    opts.on( '--proxy', "Enable HTTP proxy and redirects all HTTP requests to it, default to #{'false'.yellow}." ) do
+      @proxy = true
+    end
+
+    opts.on( '--proxy-port PORT', "Set HTTP proxy port, default to #{@proxy_port.to_s.yellow}." ) do |v|
+      @proxy = true
+      @proxy_port = v.to_i
+    end
+
+    opts.on( '--no-sslstrip', 'Disable SSLStrip.' ) do
+      @sslstrip = false
+    end
+
+    opts.on( '--proxy-module MODULE', "Ruby proxy module to load, either a custom file or one of the following: #{Proxy::HTTP::Module.available.map{|x| x.yellow}.join(', ')}." ) do |v|
+      Proxy::HTTP::Module.load(ctx, opts, v)
+    end
+
+    opts.on( '--http-ports PORT1,PORT2', "Comma separated list of HTTP ports to redirect to the proxy, default to #{@http_ports.map{|x| x.to_s.yellow }.join(', ')}." ) do |v|
+      @http_ports = self.parse_ports( v )
+    end
+
+    opts.separator ""
+    opts.separator "  HTTPS:"
+    opts.separator ""
+
+    opts.on( '--proxy-https', "Enable HTTPS proxy and redirects all HTTPS requests to it, default to #{'false'.yellow}." ) do
+      @proxy_https = true
+    end
+
+    opts.on( '--proxy-https-port PORT', "Set HTTPS proxy port, default to #{@proxy_https_port.to_s.yellow}." ) do |v|
+      @proxy_https = true
+      @proxy_https_port = v.to_i
+    end
+
+    opts.on( '--proxy-pem FILE', "Use a custom PEM CA certificate file for the HTTPS proxy, default to #{Proxy::HTTP::SSL::Authority::DEFAULT.yellow} ." ) do |v|
+      @proxy_https = true
+      @proxy_pem_file = File.expand_path v
+    end
+
+    opts.on( '--https-ports PORT1,PORT2', "Comma separated list of HTTPS ports to redirect to the proxy, default to #{@https_ports.map{|x| x.to_s.yellow }.join(', ')}." ) do |v|
+      @https_ports = self.parse_ports( v )
+    end
+
+    opts.separator ""
+    opts.separator "  CUSTOM:"
+    opts.separator ""
+
+    opts.on( '--custom-proxy ADDRESS', 'Use a custom HTTP upstream proxy instead of the builtin one.' ) do |v|
+      parse_custom_proxy!(v)
+    end
+
+    opts.on( '--custom-proxy-port PORT', "Specify a port for the custom HTTP upstream proxy, default to #{@custom_proxy_port.to_s.yellow}." ) do |v|
+      @custom_proxy_port = v.to_i
+    end
+
+    opts.on( '--custom-https-proxy ADDRESS', 'Use a custom HTTPS upstream proxy instead of the builtin one.' ) do |v|
+      parse_custom_proxy!( v, true )
+    end
+
+    opts.on( '--custom-https-proxy-port PORT', "Specify a port for the custom HTTPS upstream proxy, default to #{@custom_https_proxy_port.to_s.yellow}." ) do |v|
+      @custom_https_proxy_port = v.to_i
+    end
+
+    opts.on( '--custom-redirection RULE', "Apply a custom port redirection, the format of the rule is #{'PROTOCOL ORIGINAL_PORT NEW_PORT'.yellow}. For instance #{'TCP 21 2100'.yellow} will redirect all TCP traffic going to port 21, to port 2100." ) do |v|
+      parse_redirection!( v )
+    end
+  end
+
+  def validate!( ctx )
+    if @tcp_proxy
+      raise BetterCap::Error, "No TCP proxy port specified ( --tcp-proxy-port PORT )." if @tcp_proxy_port.nil?
+      raise BetterCap::Error, "No TCP proxy upstream server address specified ( --tcp-proxy-upstream-address ADDRESS )." if @tcp_proxy_upstream_address.nil?
+      raise BetterCap::Error, "No TCP proxy upstream server port specified ( --tcp-proxy-upstream-port PORT )." if @tcp_proxy_upstream_port.nil?
+    end
+
+    if @sslstrip and ctx.options.servers.dnsd
+      raise BetterCap::Error, "SSL Stripping and builtin DNS server are mutually exclusive features, " \
+                              "either use the --no-sslstrip option or remove the --dns option."
+    end
+
+    if has_proxy_module? and ( !@proxy and !@proxy_https )
+      raise BetterCap::Error, "A proxy module was specified but none of the HTTP or HTTPS proxies are " \
+                              "enabled, specify --proxy or --proxy-https options."
+    end
+
+  end
+
+  # Parse a comma separated list of ports and return an array containing only
+  # valid ports, raise BetterCap::Error if that array is empty.
+  def self.parse_ports(value)
+    ports = []
+    value.split(",").each do |v|
+      v = v.strip.to_i
+      if v > 0 and v <= 65535
+        ports << v
+      end
+    end
+    raise BetterCap::Error, 'Invalid ports specified.' if ports.empty?
+    ports
+  end
+
+  # Setter for the #custom_proxy or #custom_https_proxy attribute, will raise a
+  # BetterCap::Error if +value+ is not a valid IP address.
+  def parse_custom_proxy!(value, https=false)
+    raise BetterCap::Error, 'Invalid custom HTTP upstream proxy address specified.' unless Network::Validator.is_ip?(value)
+    if https
+      @custom_https_proxy = value
+    else
+      @custom_proxy = value
+    end
+  end
+
+  # Parse a custom redirection rule.
+  def parse_redirection!(rule)
+    if rule =~ /^((TCP)|(UDP))\s+(\d+)\s+(\d+)$/i
+      @custom_redirections << {
+        :proto => $1.upcase,
+        :from  => $4.to_i,
+        :to    => $5.to_i
+      }
+    else
+      raise BetterCap::Error, 'Invalid custom redirection rule specified.'
+    end
+  end
+
+  # Return true if a proxy module was specified, otherwise false.
+  def has_proxy_module?
+    !@proxy_module.nil?
+  end
+
+  def sslstrip?
+    @proxy and @sslstrip
+  end
+
+  def any?
+    @proxy or @proxy_https or @tcp_proxy or @custom_proxy
+  end
+end
+
+end

data/lib/bettercap/options/server_options.rb

@@ -0,0 +1,71 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+
+class ServerOptions
+  # If true, BetterCap::Network::Servers::HTTPD will be enabled.
+  attr_accessor :httpd
+  # The port to bind HTTP server to.
+  attr_accessor :httpd_port
+  # Web root of the HTTP server.
+  attr_accessor :httpd_path
+  # If true, BetterCap::Network::Servers::DNSD will be enabled.
+  attr_accessor :dnsd
+  # The port to bind DNS server to.
+  attr_accessor :dnsd_port
+  # The host resolution file to use with the DNS server.
+  attr_accessor :dnsd_file
+
+  def initialize
+    @httpd = false
+    @httpd_port = 8081
+    @httpd_path = './'
+    @dnsd = false
+    @dnsd_port = 5300
+    @dnsd_file = nil
+  end
+
+  def parse!( ctx, opts )
+    opts.separator ""
+    opts.separator "SERVERS:".bold
+    opts.separator ""
+
+    opts.on( '--httpd', "Enable HTTP server, default to #{'false'.yellow}." ) do
+      @httpd = true
+    end
+
+    opts.on( '--httpd-port PORT', "Set HTTP server port, default to #{@httpd_port.to_s.yellow}." ) do |v|
+      @httpd = true
+      @httpd_port = v.to_i
+    end
+
+    opts.on( '--httpd-path PATH', "Set HTTP server path, default to #{@httpd_path.yellow} ." ) do |v|
+      @httpd = true
+      @httpd_path = v
+    end
+
+    opts.on( '--dns FILE', 'Enable DNS server and use this file as a hosts resolution table.' ) do |v|
+      @dnsd      = true
+      @dnsd_file = File.expand_path v
+    end
+
+    opts.on( '--dns-port PORT', "Set DNS server port, default to #{@dnsd_port.to_s.yellow}." ) do |v|
+      @dnsd_port = v.to_i
+    end
+
+  end
+
+end
+
+end