RubyGems - bettercap - Versions diffs - 1.4.6 → 1.5.0 - Mend

bettercap 1.4.6 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

checksums.yaml +4 -4
data/bin/bettercap +1 -1
data/lib/bettercap.rb +1 -0
data/lib/bettercap/context.rb +63 -70
data/lib/bettercap/discovery/agents/base.rb +2 -2
data/lib/bettercap/discovery/thread.rb +5 -4
data/lib/bettercap/firewalls/base.rb +2 -4
data/lib/bettercap/firewalls/{osx.rb → bsd.rb} +3 -3
data/lib/bettercap/firewalls/linux.rb +2 -2
data/lib/bettercap/firewalls/redirection.rb +5 -2
data/lib/bettercap/logger.rb +6 -11
data/lib/bettercap/memory.rb +56 -0
data/lib/bettercap/monkey/em-proxy/proxy.rb +23 -0
data/lib/bettercap/monkey/packetfu/pcap.rb +51 -0
data/lib/bettercap/network/arp_reader.rb +2 -2
data/lib/bettercap/network/network.rb +2 -2
data/lib/bettercap/network/packet_queue.rb +2 -2
data/lib/bettercap/network/protos/base.rb +8 -5
data/lib/bettercap/network/protos/dhcp.rb +5 -124
data/lib/bettercap/network/target.rb +7 -2
data/lib/bettercap/options/core_options.rb +189 -0
data/lib/bettercap/options/options.rb +167 -0
data/lib/bettercap/options/proxy_options.rb +258 -0
data/lib/bettercap/options/server_options.rb +71 -0
data/lib/bettercap/options/sniff_options.rb +90 -0
data/lib/bettercap/options/spoof_options.rb +71 -0
data/lib/bettercap/proxy/{module.rb → http/module.rb} +8 -4
data/lib/bettercap/proxy/{modules → http/modules}/injectcss.rb +2 -2
data/lib/bettercap/proxy/{modules → http/modules}/injecthtml.rb +2 -2
data/lib/bettercap/proxy/{modules → http/modules}/injectjs.rb +2 -2
data/lib/bettercap/proxy/{proxy.rb → http/proxy.rb} +5 -2
data/lib/bettercap/proxy/{request.rb → http/request.rb} +4 -0
data/lib/bettercap/proxy/{response.rb → http/response.rb} +3 -0
data/lib/bettercap/proxy/{ssl → http/ssl}/authority.rb +3 -1
data/lib/bettercap/proxy/{ssl → http/ssl}/bettercap-ca.pem +0 -0
data/lib/bettercap/proxy/{ssl → http/ssl}/server.rb +3 -1
data/lib/bettercap/proxy/{sslstrip → http/sslstrip}/cookiemonitor.rb +2 -0
data/lib/bettercap/proxy/{sslstrip → http/sslstrip}/lock.ico +0 -0
data/lib/bettercap/proxy/{sslstrip → http/sslstrip}/strip.rb +4 -2
data/lib/bettercap/proxy/{streamer.rb → http/streamer.rb} +7 -4
data/lib/bettercap/proxy/stream_logger.rb +25 -9
data/lib/bettercap/proxy/tcp/module.rb +75 -0
data/lib/bettercap/proxy/tcp/proxy.rb +123 -0
data/lib/bettercap/proxy/thread_pool.rb +1 -1
data/lib/bettercap/sniffer/parsers/post.rb +1 -1
data/lib/bettercap/sniffer/parsers/url.rb +1 -1
data/lib/bettercap/sniffer/sniffer.rb +23 -17
data/lib/bettercap/spoofers/arp.rb +21 -9
data/lib/bettercap/spoofers/base.rb +12 -16
data/lib/bettercap/spoofers/icmp.rb +4 -5
data/lib/bettercap/spoofers/none.rb +0 -1
data/lib/bettercap/version.rb +1 -1
metadata +48 -19
data/lib/bettercap/firewalls/openbsd.rb +0 -77
data/lib/bettercap/options.rb +0 -600

data/lib/bettercap/proxy/tcp/module.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: UTF-8
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+module BetterCap
+module Proxy
+module TCP
+# Base class for transparent TCP proxy modules, example:
+#
+#  class SampleModule < BetterCap::Proxy::TCP::Module
+#    def on_data( event )
+#      event.data = 'aaa'
+#    end
+#
+#    def on_response( event )
+#      event.data = 'bbb'
+#    end
+#  end
+class Module
+  # This callback is called when the target is sending data to the upstream server.
+  # +event+ is an instance of the BetterCap::Proxy::TCP::Event class.
+  def on_data( event ); end
+  # This callback is called when the upstream server is sending data to the target.
+  # +event+ is an instance of the BetterCap::Proxy::TCP::Event class.
+  def on_response( event ); end
+  # This callback is called when the connection is terminated.
+  # +event+ is an instance of the BetterCap::Proxy::TCP::Event class.
+  def on_finish( event ); end
+  # Loaded modules.
+  @@loaded = {}
+  class << self
+    # Called when a class inherits this base class.
+    def inherited(subclass)
+      name = subclass.name.upcase
+      @@loaded[name] = subclass
+    end
+    # Load +file+ as a proxy module.
+    def load( file )
+      begin
+        require file
+      rescue LoadError
+        raise BetterCap::Error, "Invalid TCP proxy module specified."
+      end
+      @@loaded.each do |name,mod|
+        @@loaded[name] = mod.new
+      end
+    end
+    # Execute method +even_name+ for each loaded module instance using +event+
+    # as its argument.
+    def dispatch( event_name, event )
+      @@loaded.each do |name,mod|
+        mod.send( event_name, event )
+      end
+    end
+  end
+end
+end
+end
+end

data/lib/bettercap/proxy/tcp/proxy.rb ADDED Viewed

@@ -0,0 +1,123 @@
+# encoding: UTF-8
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+module BetterCap
+module Proxy
+module TCP
+# Class used to encapsulate ( and keep references ) of a single TCP event-.
+# http://stackoverflow.com/questions/161510/pass-parameter-by-reference-in-ruby
+class Event
+  # The source IP address of this event.
+  attr_accessor :ip
+  # Source port.
+  attr_accessor :port
+  # Reference to the buffer being transmitted.
+  attr_accessor :data
+  def initialize( ip, port, data = nil )
+    @ip   = ip
+    @port = port
+    @data = data
+  end
+end
+# Transparent TCP proxy class.
+class Proxy
+  # Initialize the TCP proxy with given arguments.
+  def initialize( address, port, up_address, up_port )
+    @address          = address
+    @port             = port
+    @upstream_address = up_address
+    @upstream_port    = up_port
+    @ctx              = BetterCap::Context.get
+    @worker           = nil
+  end
+  # Start the proxy.
+  def start
+    Logger.info "[#{'TCP PROXY'.green}] Starting on #{@address}:#{@port} ( -> #{@upstream_address}:#{@upstream_port} ) ..."
+    @worker = Thread.new &method(:worker)
+    # If the upstream server is in this network, we need to make sure that its MAC
+    # address is discovered and put in the ARP cache before we even start the proxy,
+    # otherwise internal connections won't be spoofed and the proxy will be useless
+    # until some random event will fill the ARP cache for the server.
+    if @ctx.ifconfig[:ip4_obj].include?( @upstream_address )
+      Logger.debug "[#{'TCP PROXY'.green}] Sending probe to upstream server address ..."
+      BetterCap::Network.get_hw_address( @ctx, @upstream_address )
+      # wait for the system to acknowledge the ARP cache changes.
+      sleep( 1 )
+    end
+  end
+  # Stop the proxy.
+  def stop
+    Logger.info "Stopping TCP proxy ..."
+    ::Proxy.stop
+    @worker.join
+  end
+  private
+  def worker
+    begin
+      up_addr = @upstream_address
+      up_port = @upstream_port
+      up_svc  = BetterCap::StreamLogger.service( :tcp, @upstream_port )
+      ::Proxy.start(:host => @address, :port => @port) do |conn|
+        conn.server :srv, :host => up_addr, :port => up_port
+        # ip -> upstream
+        conn.on_data do |data|
+          ip, port = peer
+          event    = Event.new( ip, port, data )
+          Logger.info "[#{'TCP PROXY'.green}] #{ip} #{'->'.green} #{'upstream'.yellow}:#{up_svc} ( #{event.data.bytesize} bytes )"
+          Module.dispatch( 'on_data', event )
+          event.data
+        end
+        # upstream -> ip
+        conn.on_response do |backend, resp|
+          ip, port = peer
+          event    = Event.new( ip, port, resp )
+          Logger.info "[#{'TCP PROXY'.green}] #{'upstream'.yellow}:#{up_svc} #{'->'.green} #{ip} ( #{event.data.bytesize} bytes )"
+          Module.dispatch( 'on_response', event )
+          event.data
+        end
+        # termination
+        conn.on_finish do |backend, name|
+          ip, port = peer
+          event    = Event.new( ip, port )
+          Logger.info "[#{'TCP PROXY'.green}] #{ip} <- #{'closed'.red} -> #{'upstream'.yellow}:#{up_svc}"
+          Module.dispatch( 'on_finish', event )
+          unbind
+        end
+      end
+    rescue Exception => e
+      Logger.error e.message
+      Logger.exception e
+    end
+  end
+end
+end
+end
+end

data/lib/bettercap/proxy/thread_pool.rb CHANGED Viewed

@@ -13,7 +13,7 @@ This project is released under the GPL 3 license.
 module BetterCap
 module Proxy
-# Thread pool class used by the BetterCap::Proxy::Proxy.
+# Thread pool class used by the BetterCap::Proxy::*.
 # Tnx to Puma ThreadPool!
 class ThreadPool

data/lib/bettercap/sniffer/parsers/post.rb CHANGED Viewed

@@ -19,7 +19,7 @@ class Post < Base
     s = pkt.to_s
     if s =~ /POST\s+[^\s]+\s+HTTP.+/
       begin
-        req = BetterCap::Proxy::Request.parse(pkt.payload)
+        req = BetterCap::Proxy::HTTP::Request.parse(pkt.payload)
         # the packet could be incomplete
         unless req.body.nil? or req.body.empty?
           StreamLogger.log_raw( pkt, "POST", req.to_url(1000) )

data/lib/bettercap/sniffer/parsers/url.rb CHANGED Viewed

@@ -20,7 +20,7 @@ class Url < Base
     if s =~ /GET\s+([^\s]+)\s+HTTP.+Host:\s+([^\s]+).+/m
       host = $2
       url = $1
-      if not url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
+      unless url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
         StreamLogger.log_raw( pkt, 'GET', "http://#{host}#{url}" )
       end
     end

data/lib/bettercap/sniffer/sniffer.rb CHANGED Viewed

@@ -31,7 +31,7 @@ class Sniffer
       setup( ctx )
-      start     = Time.now.to_i
+      start     = Time.now
       skipped   = 0
       processed = 0
@@ -52,11 +52,11 @@ class Sniffer
         end
       end
-      stop = Time.now.to_i
-      delta = stop - start
+      stop = Time.now
+      delta = ( stop - start ) * 1000.0
       total = skipped + processed
-      Logger.info "[#{'SNIFFER'.green}] #{total} packets processed in #{delta} s ( #{skipped} skipped packets, #{processed} processed packets )"
+      Logger.info "[#{'SNIFFER'.green}] #{total} packets processed in #{delta} ms ( #{skipped} skipped packets, #{processed} processed packets )"
     }
   end
@@ -64,13 +64,19 @@ class Sniffer
   # Return the current PCAP stream.
   def self.stream
-    if @@ctx.options.sniffer_src.nil?
-      @@cap.stream
+    if @@ctx.options.sniff.src.nil?
+      return @@cap.stream
     else
-      Logger.info "[#{'SNIFFER'.green}] Reading packets from #{@@ctx.options.sniffer_src} ..."
+      Logger.info "[#{'SNIFFER'.green}] Reading packets from #{@@ctx.options.sniff.src} ..."
-      PacketFu::PcapFile.file_to_array @@ctx.options.sniffer_src
+      begin
+        return PacketFu::PcapFile.file_to_array @@ctx.options.sniff.src
+      rescue Exception => e
+        Logger.error "Error while parsing #{@@ctx.options.sniff.src}: #{e.message}"
+        Logger.exception e
+      end
     end
+    return []
   end
   # Return true if the +pkt+ packet instance must be skipped.
@@ -81,7 +87,7 @@ class Sniffer
       # not IP packet
       return true unless pkt.is_ip?
       # skip if local packet and --local|-L was not specified.
-      unless @@ctx.options.local
+      unless @@ctx.options.sniff.local
         return ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
       end
     rescue; end
@@ -103,7 +109,7 @@ class Sniffer
   def self.append_packet( p )
     begin
       @@pcap.array_to_file(
-          filename: @@ctx.options.sniffer_pcap,
+          filename: @@ctx.options.sniff.output,
           array: [p],
           append: true ) unless @@pcap.nil?
     rescue Exception => e
@@ -115,20 +121,20 @@ class Sniffer
   def self.setup( ctx )
     @@ctx = ctx
-    unless @@ctx.options.sniffer_pcap.nil?
+    unless @@ctx.options.sniff.output.nil?
       @@pcap = PacketFu::PcapFile.new
-      Logger.info "[#{'SNIFFER'.green}] Saving packets to #{@@ctx.options.sniffer_pcap} ."
+      Logger.info "[#{'SNIFFER'.green}] Saving packets to #{@@ctx.options.sniff.output} ."
     end
-    if @@ctx.options.custom_parser.nil?
-      @@parsers = Parsers::Base.load_by_names @@ctx.options.parsers
+    if @@ctx.options.sniff.custom_parser.nil?
+      @@parsers = Parsers::Base.load_by_names @@ctx.options.sniff.parsers
     else
-      @@parsers = Parsers::Base.load_custom @@ctx.options.custom_parser
+      @@parsers = Parsers::Base.load_custom @@ctx.options.sniff.custom_parser
     end
     @@cap = Capture.new(
-        iface: @@ctx.options.iface,
-        filter: @@ctx.options.sniffer_filter,
+        iface: @@ctx.options.core.iface,
+        filter: @@ctx.options.sniff.filter,
         start: true
     )
   end

data/lib/bettercap/spoofers/arp.rb CHANGED Viewed

@@ -18,7 +18,6 @@ class Arp < Base
   # Initialize the BetterCap::Spoofers::Arp object.
   def initialize
     @ctx          = Context.get
-    @gateway      = nil
     @forwarding   = @ctx.firewall.forwarding_enabled?
     @spoof_thread = nil
     @sniff_thread = nil
@@ -46,12 +45,12 @@ class Arp < Base
   # Start the ARP spoofing.
   def start
-    Logger.debug "Starting ARP spoofer ( #{@ctx.options.half_duplex ? 'Half' : 'Full'} Duplex ) ..."
+    Logger.debug "Starting ARP spoofer ( #{@ctx.options.spoof.half_duplex ? 'Half' : 'Full'} Duplex ) ..."
     stop() if @running
     @running = true
-    if @ctx.options.kill
+    if @ctx.options.spoof.kill
       Logger.warn "Disabling packet forwarding."
       @ctx.firewall.enable_forwarding(false) if @forwarding
     else
@@ -77,7 +76,7 @@ class Arp < Base
     Logger.debug "Restoring ARP table of #{@ctx.targets.size} targets ..."
     @ctx.targets.each do |target|
-      unless target.ip.nil? or target.mac.nil?
+      if target.spoofable?
         5.times do
           spoof(target, true)
           sleep 0.3
@@ -96,18 +95,31 @@ class Arp < Base
   # restore its ARP cache instead.
   def spoof( target, restore = false )
     if restore
-      send_spoofed_packet( @gateway.ip, @gateway.mac, target.ip, 'ff:ff:ff:ff:ff:ff' )
-      send_spoofed_packet( target.ip, target.mac, @gateway.ip, 'ff:ff:ff:ff:ff:ff' ) unless @ctx.options.half_duplex
+      send_spoofed_packet( @ctx.gateway.ip, @ctx.gateway.mac, target.ip, 'ff:ff:ff:ff:ff:ff' )
+      send_spoofed_packet( target.ip, target.mac, @ctx.gateway.ip, 'ff:ff:ff:ff:ff:ff' ) unless @ctx.options.spoof.half_duplex
+      @ctx.targets.each do |e|
+        if e.spoofable? and e.ip != target.ip and e.ip != @ctx.gateway.ip
+          send_spoofed_packet( e.ip, e.mac, target.ip, 'ff:ff:ff:ff:ff:ff' )
+        end
+      end
     else
-      send_spoofed_packet( @gateway.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
-      send_spoofed_packet( target.ip, @ctx.ifconfig[:eth_saddr], @gateway.ip, @gateway.mac ) unless @ctx.options.half_duplex
+      # tell the target we're the gateway
+      send_spoofed_packet( @ctx.gateway.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
+      # tell the gateway we're the target
+      send_spoofed_packet( target.ip, @ctx.ifconfig[:eth_saddr], @ctx.gateway.ip, @ctx.gateway.mac ) unless @ctx.options.spoof.half_duplex
+      # tell the target we're everybody else in the network :D
+      @ctx.targets.each do |e|
+        if e.spoofable? and e.ip != target.ip and e.ip != @ctx.gateway.ip
+          send_spoofed_packet( e.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
+        end
+      end
     end
   end
   # Main spoofer loop.
   def arp_spoofer
     spoof_loop(1) { |target|
-      unless target.ip.nil? or target.mac.nil?
+      if target.spoofable?
         spoof(target)
       end
     }

data/lib/bettercap/spoofers/base.rb CHANGED Viewed

@@ -57,7 +57,7 @@ private
   def sniff_packets( filter )
     begin
       @capture = PacketFu::Capture.new(
-          iface: @ctx.options.iface,
+          iface: @ctx.options.core.iface,
           filter: filter,
           start: true
       )
@@ -67,10 +67,10 @@ private
     @capture.stream.each do |p|
       begin
-        if not @running
-            Logger.debug 'Stopping thread ...'
-            Thread.exit
-            break
+        unless @running
+          Logger.debug 'Stopping thread ...'
+          Thread.exit
+          break
         end
         pkt = PacketFu::Packet.parse p rescue nil
@@ -92,7 +92,7 @@ private
           break
       end
-      # Logger.debug "Spoofing #{@ctx.targets.size} targets ..."
+      Logger.debug "Spoofing #{@ctx.targets.size} targets ..."
       update_targets!
@@ -106,17 +106,13 @@ private
   # Get the MAC address of the gateway and update it.
   def update_gateway!
-    hw = Network.get_hw_address( @ctx, @ctx.gateway )
-    raise BetterCap::Error, "Couldn't determine router MAC" if ( @ctx.need_gateway? and hw.nil? )
-    @gateway = Network::Target.new( @ctx.gateway, hw )
-    # notify the system that the gateway mac is resolved, this will prevent
-    # the gateway ip to be unnecessarily probed from discovery agents.
-    @ctx.gateway_mac_resolved = !hw.nil?
+    unless @ctx.gateway.spoofable?
+      hw = Network.get_hw_address( @ctx, @ctx.gateway.ip )
+      raise BetterCap::Error, "Couldn't determine router MAC" if ( @ctx.options.need_gateway? and hw.nil? )
+      @ctx.gateway.mac = hw unless hw.nil?
+    end
-    Logger.info "[#{'GATEWAY'.green}] #{@gateway.to_s(false)}"
+    Logger.info "[#{'GATEWAY'.green}] #{@ctx.gateway.to_s(false)}"
   end
   # Update each target that needs to be updated.

data/lib/bettercap/spoofers/icmp.rb CHANGED Viewed

@@ -79,7 +79,6 @@ class Icmp < Base
   def initialize
     @ctx          = Context.get
     @forwarding   = @ctx.firewall.forwarding_enabled?
-    @gateway      = nil
     @local        = @ctx.ifconfig[:ip_saddr]
     @spoof_thread = nil
     @watch_thread = nil
@@ -93,12 +92,12 @@ class Icmp < Base
   # Send ICMP redirect to the +target+, redirecting the gateway ip and
   # everything in the @entries list of addresses to us.
   def send_spoofed_packet( target )
-    ( [@gateway.ip] + @entries ).each do |address|
+    ( [@ctx.gateway.ip] + @entries ).each do |address|
       begin
         Logger.debug "Sending ICMP Redirect to #{target.to_s_compact} redirecting #{address} to us ..."
         pkt = ICMPRedirectPacket.new
-        pkt.update!( @gateway, target, @local, address )
+        pkt.update!( @ctx.gateway, target, @local, address )
         @ctx.packets.push(pkt)
       rescue Exception => e
         Logger.debug "#{self.class.name} : #{e.message}"
@@ -113,7 +112,7 @@ class Icmp < Base
     stop() if @running
     @running = true
-    if @ctx.options.kill
+    if @ctx.options.spoof.kill
       Logger.warn "Disabling packet forwarding."
       @ctx.firewall.enable_forwarding(false) if @forwarding
     else
@@ -194,7 +193,7 @@ class Icmp < Base
   # Main spoofer loop.
   def icmp_spoofer
     spoof_loop(3) { |target|
-      unless target.ip.nil? or target.mac.nil?
+      if target.spoofable?
         send_spoofed_packet target
       end
     }