RubyGems - bettercap - Versions diffs - 1.4.6 → 1.5.0 - Mend

bettercap 1.4.6 → 1.5.0

Files changed (55) hide show

checksums.yaml +4 -4
data/bin/bettercap +1 -1
data/lib/bettercap.rb +1 -0
data/lib/bettercap/context.rb +63 -70
data/lib/bettercap/discovery/agents/base.rb +2 -2
data/lib/bettercap/discovery/thread.rb +5 -4
data/lib/bettercap/firewalls/base.rb +2 -4
data/lib/bettercap/firewalls/{osx.rb → bsd.rb} +3 -3
data/lib/bettercap/firewalls/linux.rb +2 -2
data/lib/bettercap/firewalls/redirection.rb +5 -2
data/lib/bettercap/logger.rb +6 -11
data/lib/bettercap/memory.rb +56 -0
data/lib/bettercap/monkey/em-proxy/proxy.rb +23 -0
data/lib/bettercap/monkey/packetfu/pcap.rb +51 -0
data/lib/bettercap/network/arp_reader.rb +2 -2
data/lib/bettercap/network/network.rb +2 -2
data/lib/bettercap/network/packet_queue.rb +2 -2
data/lib/bettercap/network/protos/base.rb +8 -5
data/lib/bettercap/network/protos/dhcp.rb +5 -124
data/lib/bettercap/network/target.rb +7 -2
data/lib/bettercap/options/core_options.rb +189 -0
data/lib/bettercap/options/options.rb +167 -0
data/lib/bettercap/options/proxy_options.rb +258 -0
data/lib/bettercap/options/server_options.rb +71 -0
data/lib/bettercap/options/sniff_options.rb +90 -0
data/lib/bettercap/options/spoof_options.rb +71 -0
data/lib/bettercap/proxy/{module.rb → http/module.rb} +8 -4
data/lib/bettercap/proxy/{modules → http/modules}/injectcss.rb +2 -2
data/lib/bettercap/proxy/{modules → http/modules}/injecthtml.rb +2 -2
data/lib/bettercap/proxy/{modules → http/modules}/injectjs.rb +2 -2
data/lib/bettercap/proxy/{proxy.rb → http/proxy.rb} +5 -2
data/lib/bettercap/proxy/{request.rb → http/request.rb} +4 -0
data/lib/bettercap/proxy/{response.rb → http/response.rb} +3 -0
data/lib/bettercap/proxy/{ssl → http/ssl}/authority.rb +3 -1
data/lib/bettercap/proxy/{ssl → http/ssl}/bettercap-ca.pem +0 -0
data/lib/bettercap/proxy/{ssl → http/ssl}/server.rb +3 -1
data/lib/bettercap/proxy/{sslstrip → http/sslstrip}/cookiemonitor.rb +2 -0
data/lib/bettercap/proxy/{sslstrip → http/sslstrip}/lock.ico +0 -0
data/lib/bettercap/proxy/{sslstrip → http/sslstrip}/strip.rb +4 -2
data/lib/bettercap/proxy/{streamer.rb → http/streamer.rb} +7 -4
data/lib/bettercap/proxy/stream_logger.rb +25 -9
data/lib/bettercap/proxy/tcp/module.rb +75 -0
data/lib/bettercap/proxy/tcp/proxy.rb +123 -0
data/lib/bettercap/proxy/thread_pool.rb +1 -1
data/lib/bettercap/sniffer/parsers/post.rb +1 -1
data/lib/bettercap/sniffer/parsers/url.rb +1 -1
data/lib/bettercap/sniffer/sniffer.rb +23 -17
data/lib/bettercap/spoofers/arp.rb +21 -9
data/lib/bettercap/spoofers/base.rb +12 -16
data/lib/bettercap/spoofers/icmp.rb +4 -5
data/lib/bettercap/spoofers/none.rb +0 -1
data/lib/bettercap/version.rb +1 -1
metadata +48 -19
data/lib/bettercap/firewalls/openbsd.rb +0 -77
data/lib/bettercap/options.rb +0 -600

data/lib/bettercap/proxy/tcp/module.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: UTF-8
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+module BetterCap
+module Proxy
+module TCP
+# Base class for transparent TCP proxy modules, example:
+#
+#  class SampleModule < BetterCap::Proxy::TCP::Module
+#    def on_data( event )
+#      event.data = 'aaa'
+#    end
+#
+#    def on_response( event )
+#      event.data = 'bbb'
+#    end
+#  end
+class Module
+  # This callback is called when the target is sending data to the upstream server.
+  # +event+ is an instance of the BetterCap::Proxy::TCP::Event class.
+  def on_data( event ); end
+  # This callback is called when the upstream server is sending data to the target.
+  # +event+ is an instance of the BetterCap::Proxy::TCP::Event class.
+  def on_response( event ); end
+  # This callback is called when the connection is terminated.
+  # +event+ is an instance of the BetterCap::Proxy::TCP::Event class.
+  def on_finish( event ); end
+  # Loaded modules.
+  @@loaded = {}
+  class << self
+    # Called when a class inherits this base class.
+    def inherited(subclass)
+      name = subclass.name.upcase
+      @@loaded[name] = subclass
+    end
+    # Load +file+ as a proxy module.
+    def load( file )
+      begin
+        require file
+      rescue LoadError
+        raise BetterCap::Error, "Invalid TCP proxy module specified."
+      end
+      @@loaded.each do |name,mod|
+        @@loaded[name] = mod.new
+      end
+    end
+    # Execute method +even_name+ for each loaded module instance using +event+
+    # as its argument.
+    def dispatch( event_name, event )
+      @@loaded.each do |name,mod|
+        mod.send( event_name, event )
+      end
+    end
+  end
+end
+end
+end
+end

data/lib/bettercap/proxy/tcp/proxy.rb ADDED Viewed

@@ -0,0 +1,123 @@
+# encoding: UTF-8
+=begin
+BETTERCAP
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+This project is released under the GPL 3 license.
+=end
+module BetterCap
+module Proxy
+module TCP
+# Class used to encapsulate ( and keep references ) of a single TCP event-.
+# http://stackoverflow.com/questions/161510/pass-parameter-by-reference-in-ruby
+class Event
+  # The source IP address of this event.
+  attr_accessor :ip
+  # Source port.
+  attr_accessor :port
+  # Reference to the buffer being transmitted.
+  attr_accessor :data
+  def initialize( ip, port, data = nil )
+    @ip   = ip
+    @port = port
+    @data = data
+  end
+end
+# Transparent TCP proxy class.
+class Proxy
+  # Initialize the TCP proxy with given arguments.
+  def initialize( address, port, up_address, up_port )
+    @address          = address
+    @port             = port
+    @upstream_address = up_address
+    @upstream_port    = up_port
+    @ctx              = BetterCap::Context.get
+    @worker           = nil
+  end
+  # Start the proxy.
+  def start
+    Logger.info "[#{'TCP PROXY'.green}] Starting on #{@address}:#{@port} ( -> #{@upstream_address}:#{@upstream_port} ) ..."
+    @worker = Thread.new &method(:worker)
+    # If the upstream server is in this network, we need to make sure that its MAC
+    # address is discovered and put in the ARP cache before we even start the proxy,
+    # otherwise internal connections won't be spoofed and the proxy will be useless
+    # until some random event will fill the ARP cache for the server.
+    if @ctx.ifconfig[:ip4_obj].include?( @upstream_address )
+      Logger.debug "[#{'TCP PROXY'.green}] Sending probe to upstream server address ..."
+      BetterCap::Network.get_hw_address( @ctx, @upstream_address )
+      # wait for the system to acknowledge the ARP cache changes.
+      sleep( 1 )
+    end
+  end
+  # Stop the proxy.
+  def stop
+    Logger.info "Stopping TCP proxy ..."
+    ::Proxy.stop
+    @worker.join
+  end
+  private
+  def worker
+    begin
+      up_addr = @upstream_address
+      up_port = @upstream_port
+      up_svc  = BetterCap::StreamLogger.service( :tcp, @upstream_port )
+      ::Proxy.start(:host => @address, :port => @port) do |conn|
+        conn.server :srv, :host => up_addr, :port => up_port
+        # ip -> upstream
+        conn.on_data do |data|
+          ip, port = peer
+          event    = Event.new( ip, port, data )
+          Logger.info "[#{'TCP PROXY'.green}] #{ip} #{'->'.green} #{'upstream'.yellow}:#{up_svc} ( #{event.data.bytesize} bytes )"
+          Module.dispatch( 'on_data', event )
+          event.data
+        end
+        # upstream -> ip
+        conn.on_response do |backend, resp|
+          ip, port = peer
+          event    = Event.new( ip, port, resp )
+          Logger.info "[#{'TCP PROXY'.green}] #{'upstream'.yellow}:#{up_svc} #{'->'.green} #{ip} ( #{event.data.bytesize} bytes )"
+          Module.dispatch( 'on_response', event )
+          event.data
+        end
+        # termination
+        conn.on_finish do |backend, name|
+          ip, port = peer
+          event    = Event.new( ip, port )
+          Logger.info "[#{'TCP PROXY'.green}] #{ip} <- #{'closed'.red} -> #{'upstream'.yellow}:#{up_svc}"
+          Module.dispatch( 'on_finish', event )
+          unbind
+        end
+      end
+    rescue Exception => e
+      Logger.error e.message
+      Logger.exception e
+    end
+  end
+end
+end
+end
+end

data/lib/bettercap/proxy/thread_pool.rb CHANGED Viewed

@@ -13,7 +13,7 @@ This project is released under the GPL 3 license.
 module BetterCap
 module Proxy
-# Thread pool class used by the BetterCap::Proxy::Proxy.
+# Thread pool class used by the BetterCap::Proxy::*.
 # Tnx to Puma ThreadPool!
 class ThreadPool

data/lib/bettercap/sniffer/parsers/post.rb CHANGED Viewed

@@ -19,7 +19,7 @@ class Post < Base
     s = pkt.to_s
     if s =~ /POST\s+[^\s]+\s+HTTP.+/
       begin
-        req = BetterCap::Proxy::Request.parse(pkt.payload)
+        req = BetterCap::Proxy::HTTP::Request.parse(pkt.payload)
         # the packet could be incomplete
         unless req.body.nil? or req.body.empty?
           StreamLogger.log_raw( pkt, "POST", req.to_url(1000) )

data/lib/bettercap/sniffer/parsers/url.rb CHANGED Viewed

@@ -20,7 +20,7 @@ class Url < Base
     if s =~ /GET\s+([^\s]+)\s+HTTP.+Host:\s+([^\s]+).+/m
       host = $2
       url = $1
-      if not url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
+      unless url =~ /.+\.(png|jpg|jpeg|bmp|gif|img|ttf|woff|css|js).*/i
         StreamLogger.log_raw( pkt, 'GET', "http://#{host}#{url}" )
       end
     end

data/lib/bettercap/sniffer/sniffer.rb CHANGED Viewed

@@ -31,7 +31,7 @@ class Sniffer
       setup( ctx )
-      start     = Time.now.to_i
+      start     = Time.now
       skipped   = 0
       processed = 0
@@ -52,11 +52,11 @@ class Sniffer
         end
       end
-      stop = Time.now.to_i
-      delta = stop - start
+      stop = Time.now
+      delta = ( stop - start ) * 1000.0
       total = skipped + processed
-      Logger.info "[#{'SNIFFER'.green}] #{total} packets processed in #{delta} s ( #{skipped} skipped packets, #{processed} processed packets )"
+      Logger.info "[#{'SNIFFER'.green}] #{total} packets processed in #{delta} ms ( #{skipped} skipped packets, #{processed} processed packets )"
     }
   end
@@ -64,13 +64,19 @@ class Sniffer
   # Return the current PCAP stream.
   def self.stream
-    if @@ctx.options.sniffer_src.nil?
-      @@cap.stream
+    if @@ctx.options.sniff.src.nil?
+      return @@cap.stream
     else
-      Logger.info "[#{'SNIFFER'.green}] Reading packets from #{@@ctx.options.sniffer_src} ..."
+      Logger.info "[#{'SNIFFER'.green}] Reading packets from #{@@ctx.options.sniff.src} ..."
-      PacketFu::PcapFile.file_to_array @@ctx.options.sniffer_src
+      begin
+        return PacketFu::PcapFile.file_to_array @@ctx.options.sniff.src
+      rescue Exception => e
+        Logger.error "Error while parsing #{@@ctx.options.sniff.src}: #{e.message}"
+        Logger.exception e
+      end
     end
+    return []
   end
   # Return true if the +pkt+ packet instance must be skipped.
@@ -81,7 +87,7 @@ class Sniffer
       # not IP packet
       return true unless pkt.is_ip?
       # skip if local packet and --local|-L was not specified.
-      unless @@ctx.options.local
+      unless @@ctx.options.sniff.local
         return ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
       end
     rescue; end
@@ -103,7 +109,7 @@ class Sniffer
   def self.append_packet( p )
     begin
       @@pcap.array_to_file(
-          filename: @@ctx.options.sniffer_pcap,
+          filename: @@ctx.options.sniff.output,
           array: [p],
           append: true ) unless @@pcap.nil?
     rescue Exception => e
@@ -115,20 +121,20 @@ class Sniffer
   def self.setup( ctx )
     @@ctx = ctx
-    unless @@ctx.options.sniffer_pcap.nil?
+    unless @@ctx.options.sniff.output.nil?
       @@pcap = PacketFu::PcapFile.new
-      Logger.info "[#{'SNIFFER'.green}] Saving packets to #{@@ctx.options.sniffer_pcap} ."
+      Logger.info "[#{'SNIFFER'.green}] Saving packets to #{@@ctx.options.sniff.output} ."
     end
-    if @@ctx.options.custom_parser.nil?
-      @@parsers = Parsers::Base.load_by_names @@ctx.options.parsers
+    if @@ctx.options.sniff.custom_parser.nil?
+      @@parsers = Parsers::Base.load_by_names @@ctx.options.sniff.parsers
     else
-      @@parsers = Parsers::Base.load_custom @@ctx.options.custom_parser
+      @@parsers = Parsers::Base.load_custom @@ctx.options.sniff.custom_parser
     end
     @@cap = Capture.new(
-        iface: @@ctx.options.iface,
-        filter: @@ctx.options.sniffer_filter,
+        iface: @@ctx.options.core.iface,
+        filter: @@ctx.options.sniff.filter,
         start: true
     )
   end

data/lib/bettercap/spoofers/arp.rb CHANGED Viewed

@@ -18,7 +18,6 @@ class Arp < Base
   # Initialize the BetterCap::Spoofers::Arp object.
   def initialize
     @ctx          = Context.get
-    @gateway      = nil
     @forwarding   = @ctx.firewall.forwarding_enabled?
     @spoof_thread = nil
     @sniff_thread = nil
@@ -46,12 +45,12 @@ class Arp < Base
   # Start the ARP spoofing.
   def start
-    Logger.debug "Starting ARP spoofer ( #{@ctx.options.half_duplex ? 'Half' : 'Full'} Duplex ) ..."
+    Logger.debug "Starting ARP spoofer ( #{@ctx.options.spoof.half_duplex ? 'Half' : 'Full'} Duplex ) ..."
     stop() if @running
     @running = true
-    if @ctx.options.kill
+    if @ctx.options.spoof.kill
       Logger.warn "Disabling packet forwarding."
       @ctx.firewall.enable_forwarding(false) if @forwarding
     else
@@ -77,7 +76,7 @@ class Arp < Base
     Logger.debug "Restoring ARP table of #{@ctx.targets.size} targets ..."
     @ctx.targets.each do |target|
-      unless target.ip.nil? or target.mac.nil?
+      if target.spoofable?
         5.times do
           spoof(target, true)
           sleep 0.3
@@ -96,18 +95,31 @@ class Arp < Base
   # restore its ARP cache instead.
   def spoof( target, restore = false )
     if restore
-      send_spoofed_packet( @gateway.ip, @gateway.mac, target.ip, 'ff:ff:ff:ff:ff:ff' )
-      send_spoofed_packet( target.ip, target.mac, @gateway.ip, 'ff:ff:ff:ff:ff:ff' ) unless @ctx.options.half_duplex
+      send_spoofed_packet( @ctx.gateway.ip, @ctx.gateway.mac, target.ip, 'ff:ff:ff:ff:ff:ff' )
+      send_spoofed_packet( target.ip, target.mac, @ctx.gateway.ip, 'ff:ff:ff:ff:ff:ff' ) unless @ctx.options.spoof.half_duplex
+      @ctx.targets.each do |e|
+        if e.spoofable? and e.ip != target.ip and e.ip != @ctx.gateway.ip
+          send_spoofed_packet( e.ip, e.mac, target.ip, 'ff:ff:ff:ff:ff:ff' )
+        end
+      end
     else
-      send_spoofed_packet( @gateway.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
-      send_spoofed_packet( target.ip, @ctx.ifconfig[:eth_saddr], @gateway.ip, @gateway.mac ) unless @ctx.options.half_duplex
+      # tell the target we're the gateway
+      send_spoofed_packet( @ctx.gateway.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
+      # tell the gateway we're the target
+      send_spoofed_packet( target.ip, @ctx.ifconfig[:eth_saddr], @ctx.gateway.ip, @ctx.gateway.mac ) unless @ctx.options.spoof.half_duplex
+      # tell the target we're everybody else in the network :D
+      @ctx.targets.each do |e|
+        if e.spoofable? and e.ip != target.ip and e.ip != @ctx.gateway.ip
+          send_spoofed_packet( e.ip, @ctx.ifconfig[:eth_saddr], target.ip, target.mac )
+        end
+      end
     end
   end
   # Main spoofer loop.
   def arp_spoofer
     spoof_loop(1) { |target|
-      unless target.ip.nil? or target.mac.nil?
+      if target.spoofable?
         spoof(target)
       end
     }

data/lib/bettercap/spoofers/base.rb CHANGED Viewed

@@ -57,7 +57,7 @@ private
   def sniff_packets( filter )
     begin
       @capture = PacketFu::Capture.new(
-          iface: @ctx.options.iface,
+          iface: @ctx.options.core.iface,
           filter: filter,
           start: true
       )
@@ -67,10 +67,10 @@ private
     @capture.stream.each do |p|
       begin
-        if not @running
-            Logger.debug 'Stopping thread ...'
-            Thread.exit
-            break
+        unless @running
+          Logger.debug 'Stopping thread ...'
+          Thread.exit
+          break
         end
         pkt = PacketFu::Packet.parse p rescue nil
@@ -92,7 +92,7 @@ private
           break
       end
-      # Logger.debug "Spoofing #{@ctx.targets.size} targets ..."
+      Logger.debug "Spoofing #{@ctx.targets.size} targets ..."
       update_targets!
@@ -106,17 +106,13 @@ private
   # Get the MAC address of the gateway and update it.
   def update_gateway!
-    hw = Network.get_hw_address( @ctx, @ctx.gateway )
-    raise BetterCap::Error, "Couldn't determine router MAC" if ( @ctx.need_gateway? and hw.nil? )
-    @gateway = Network::Target.new( @ctx.gateway, hw )
-    # notify the system that the gateway mac is resolved, this will prevent
-    # the gateway ip to be unnecessarily probed from discovery agents.
-    @ctx.gateway_mac_resolved = !hw.nil?
+    unless @ctx.gateway.spoofable?
+      hw = Network.get_hw_address( @ctx, @ctx.gateway.ip )
+      raise BetterCap::Error, "Couldn't determine router MAC" if ( @ctx.options.need_gateway? and hw.nil? )
+      @ctx.gateway.mac = hw unless hw.nil?
+    end
-    Logger.info "[#{'GATEWAY'.green}] #{@gateway.to_s(false)}"
+    Logger.info "[#{'GATEWAY'.green}] #{@ctx.gateway.to_s(false)}"
   end
   # Update each target that needs to be updated.

data/lib/bettercap/spoofers/icmp.rb CHANGED Viewed

@@ -79,7 +79,6 @@ class Icmp < Base
   def initialize
     @ctx          = Context.get
     @forwarding   = @ctx.firewall.forwarding_enabled?
-    @gateway      = nil
     @local        = @ctx.ifconfig[:ip_saddr]
     @spoof_thread = nil
     @watch_thread = nil
@@ -93,12 +92,12 @@ class Icmp < Base
   # Send ICMP redirect to the +target+, redirecting the gateway ip and
   # everything in the @entries list of addresses to us.
   def send_spoofed_packet( target )
-    ( [@gateway.ip] + @entries ).each do |address|
+    ( [@ctx.gateway.ip] + @entries ).each do |address|
       begin
         Logger.debug "Sending ICMP Redirect to #{target.to_s_compact} redirecting #{address} to us ..."
         pkt = ICMPRedirectPacket.new
-        pkt.update!( @gateway, target, @local, address )
+        pkt.update!( @ctx.gateway, target, @local, address )
         @ctx.packets.push(pkt)
       rescue Exception => e
         Logger.debug "#{self.class.name} : #{e.message}"
@@ -113,7 +112,7 @@ class Icmp < Base
     stop() if @running
     @running = true
-    if @ctx.options.kill
+    if @ctx.options.spoof.kill
       Logger.warn "Disabling packet forwarding."
       @ctx.firewall.enable_forwarding(false) if @forwarding
     else
@@ -194,7 +193,7 @@ class Icmp < Base
   # Main spoofer loop.
   def icmp_spoofer
     spoof_loop(3) { |target|
-      unless target.ip.nil? or target.mac.nil?
+      if target.spoofable?
         send_spoofed_packet target
       end
     }