bettercap 1.6.1 → 1.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 490c8b7f32ca7a9764aba54e0b7a5e8fb6d42f0f
-  data.tar.gz: d004aed04c55b7244ca61fd9a1c0dbbdd86d9042
+  metadata.gz: b7b14d5a93e46311f7abcb2a9bb1ae008ead71ea
+  data.tar.gz: c9a0bc4f745b7b37d8d5313048a554a6d24c0895
 SHA512:
-  metadata.gz: 341644a5eb60a927046fd9c8300bbff5be5df6bacc8f4a381fa4d48624a52f712be07532869e73f63b4ecdbad207dbee8a30229236fbffd2c9edc733ceaeb809
-  data.tar.gz: 736d8de6d05140d0252c8abad7eb5e59fc69c84f8a2a4ff59b12e9d7e72f37eaeab0bf2e55dd77d74873c8d18c5d06a75a1bffa420c24dc75b6e9fbecfbc201f
+  metadata.gz: 3b64319b9bc5243c6976e341a3d8f62867224c8c3dd0a85511c76133e3798660d19c10e8285ebb0c966fe4f3468328e766ba4a9f42310550b939ca2056f524d8
+  data.tar.gz: 925bb24ab784ee2e4ce4644eab36d658a48b313b825a3aa7f7262503f5e20d6ca9c0e3beac1c7a3ec69bbbea317be7849b73fcf3928e2918c969f8de4f98c9ae

data/README.md

@@ -1,8 +1,6 @@
 **bettercap** is a complete, modular, portable and easily extensible **MITM** tool and framework with every kind of diagnostic
 and offensive feature you could need in order to perform a man in the middle attack.
 
-Before submitting issues, please read the relevant [section](https://www.bettercap.org/docs/contribute/) in the documentation.
-
 <table>
     <tr>
         <th>Version</th>
@@ -17,16 +15,9 @@ Before submitting issues, please read the relevant [section](https://www.betterc
         <td><a href="https://www.bettercap.org/">https://www.bettercap.org/</a></td>
     </tr>
     <tr>
-        <th>Blog</th>
-        <td><a href="https://www.bettercap.org/blog/">https://www.bettercap.org/blog/</a></td>
-    <tr>
-        <th>Github</th>
+        <th>GitHub</th>
         <td><a href="https://github.com/evilsocket/bettercap">https://github.com/evilsocket/bettercap</a></td>
      <tr/>
-    <tr>
-        <th>Documentation</th>
-        <td><a href="https://www.bettercap.org/docs/">https://www.bettercap.org/docs/</a></td>
-    </tr>
     <tr>
         <th>Code Documentation</th>
         <td>
@@ -46,16 +37,8 @@ Before submitting issues, please read the relevant [section](https://www.betterc
         <td><a href="https://twitter.com/bettercap">@bettercap</a></td>
     </tr>
     <tr>
-        <th>Chat</th>
-        <td>
-          <a href="https://gitter.im/evilsocket/bettercap" target="_blank">
-            <img src="https://badges.gitter.im/evilsocket/bettercap.svg"/>
-          </a>
-        </td>
-    </tr>
-    <tr>
-        <th>Copyright</th>
-        <td>2015-2016 Simone Margaritelli</td>
+        <th>Copyleft</th>
+        <td>Simone Margaritelli</td>
     </tr>
     <tr>
         <th>License</th>
@@ -68,33 +51,49 @@ Installation
 
 **Dependencies**
 
-All dependencies will be automatically installed through the GEM system but in some case you might need to install some system
-dependency in order to make everything work:
+All dependencies will be automatically installed through the RubyGems system but in some cases you might need to install some system
+dependency in order to make everything work.
+
+**On OSX** (install brew and xcode tools first):
+
+```shell
+brew install libpcap
+```
+
+**On Linux**:
 
-    sudo apt-get install build-essential ruby-dev libpcap-dev
+```shell
+sudo apt-get install build-essential ruby-dev libpcap-dev net-tools
+```
 
 This should solve issues such as [this one](https://github.com/evilsocket/bettercap/issues/22) or [this one](https://github.com/evilsocket/bettercap/issues/100).
 
-**Stable Release ( GEM )**
+**Stable Release (RubyGems)**
 
-    gem install bettercap
+```shell
+gem install bettercap
+```
 
 **From Source**
 
-    git clone https://github.com/evilsocket/bettercap
-    cd bettercap
-    gem build bettercap.gemspec
-    sudo gem install bettercap*.gem
+```shell
+git clone https://github.com/evilsocket/bettercap
+cd bettercap
+gem build bettercap.gemspec
+sudo gem install bettercap*.gem
+```
 
 **Installation on Kali Linux**
 
 Kali Linux has bettercap packaged and added to the **kali-rolling** repositories. To install bettercap and all dependencies in one fell swoop on the latest version of Kali Linux:
-    
-    apt-get update
-    apt-get dist-upgrade
-    apt-get install bettercap
+   
+```shell
+apt-get update
+apt-get dist-upgrade
+apt-get install bettercap
+```
 
 Documentation and Examples
 ============
 
-Please refer to the [official website](https://www.bettercap.org/docs/).
+Please refer to the [official website](https://www.bettercap.org/).

data/bin/bettercap

@@ -7,7 +7,7 @@
 
   Author : Simone 'evilsocket' Margaritelli
   Email  : evilsocket@gmail.com
-  Blog   : http://www.evilsocket.net/
+  Blog   : https://www.evilsocket.net/
 
   This project is released under the GPL 3 license.
 

data/lib/bettercap/context.rb

@@ -147,7 +147,7 @@ class Context
         ip = ip.succ
       end
       tend = Time.now
-      Logger.info "[#{'DISCOVERY'.green}] Done in #{(tend - tstart) * 1000.0} ms"
+      Logger.info "[#{'DISCOVERY'.green}] Done in #{'%.01f' % ((tend - tstart) * 1000.0)} ms"
     end
   end
 

data/lib/bettercap/discovery/agents/mdns.rb

@@ -0,0 +1,61 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : https://www.evilsocket.net/
+
+mDNS DNS-SD broadcast discovery agent:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Send a broadcast mDNS query trying to fill the ARP table.
+module BetterCap
+module Discovery
+module Agents
+# Class responsible for sending mDNS broadcast queries to the network.
+class Mdns
+  # Create a thread which will send an mDNS broadcast query
+  # in order to populate the ARP cache with active targets.
+  # http://www.multicastdns.org/
+  # http://www.ietf.org/rfc/rfc6762.txt
+  # https://en.wikipedia.org/wiki/Multicast_DNS
+  # https://en.wikipedia.org/wiki/Zero-configuration_networking#DNS-SD_with_multicast
+  def initialize( ctx, address = nil )
+    pkt = PacketFu::UDPPacket.new
+
+    pkt.eth_saddr = ctx.iface.mac
+    pkt.eth_daddr = '01:00:5e:00:00:fb'
+    pkt.ip_saddr  = ctx.iface.ip
+    pkt.ip_daddr  = '224.0.0.251'
+    pkt.udp_src   = (rand((2 ** 16) - 1024) + 1024).to_i
+    pkt.udp_dst   = 5353
+
+    query = "\x09_services\x07_dns-sd\x04_udp\x05local"
+
+    payload =  "\x00\x01" # Transaction ID
+    payload << "\x00\x00" # Flags
+    payload << "\x00\x01" # Number of questions
+    payload << "\x00\x00" # Number of answers
+    payload << "\x00\x00" # Number of authority resource records
+    payload << "\x00\x00" # Number of additional resource records
+    payload << query      # Query
+    payload << "\x00"     # Terminator
+    payload << "\x00\x0c" # Type (PTR)
+    payload << "\x00\x01" # Class
+
+    pkt.payload = payload
+    pkt.recalc
+
+    ctx.packets.push(pkt)
+  end
+end
+end
+end
+end

data/lib/bettercap/discovery/agents/upnp.rb

@@ -0,0 +1,60 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : https://www.evilsocket.net/
+
+UPnP SSDP broadcast discovery agent:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Send a broadcast UPnP query trying to fill the ARP table.
+module BetterCap
+module Discovery
+module Agents
+# Class responsible for sending UPnP SSDP broadcast queries to the network.
+class Upnp
+  # Create a thread which will send a UPnP SSDP M-SEARCH broadcast query
+  # in order to populate the ARP cache with active targets.
+  # https://tools.ietf.org/html/draft-cai-ssdp-v1-03#section-4
+  # https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
+  # https://en.wikipedia.org/wiki/Zero-configuration_networking#SSDP
+  def initialize( ctx, address = nil )
+    host = '239.255.255.250'
+    port = 1900
+
+    pkt = PacketFu::UDPPacket.new
+
+    pkt.eth_saddr = ctx.iface.mac
+    pkt.eth_daddr = '01:00:5e:7f:ff:fa'
+    pkt.ip_saddr  = ctx.iface.ip
+    pkt.ip_daddr  = host
+    pkt.udp_src   = (rand((2 ** 16) - 1024) + 1024).to_i
+    pkt.udp_dst   = port
+
+    query = []
+    query << 'M-SEARCH * HTTP/1.1'
+    query << "Host: #{host}:#{port}"
+    query << 'Man: ssdp:discover'
+    query << 'ST: ssdp:all'          # Search Target
+    query << 'MX: 2'                 # Delay response (2 seconds)
+
+    payload = query.join("\r\n").to_s
+    payload << "\r\n"
+
+    pkt.payload = payload
+    pkt.recalc
+
+    ctx.packets.push(pkt)
+  end
+end
+end
+end
+end

data/lib/bettercap/discovery/agents/wsd.rb

@@ -0,0 +1,75 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : https://www.evilsocket.net/
+
+WS-Discovery broadcast discovery agent:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Send a broadcast WS-Discovery query trying to fill the ARP table.
+module BetterCap
+module Discovery
+module Agents
+# Class responsible for sending WS-Discovery broadcast queries to the network.
+class Wsd
+  # Create a thread which will send a WS-Discovery broadcast query
+  # in order to populate the ARP cache with active targets.
+
+  # References:
+  # - https://msdn.microsoft.com/en-us/library/windows/desktop/bb513684(v=vs.85).aspx
+  # - http://specs.xmlsoap.org/ws/2005/04/discovery/ws-discovery.pdf
+  # - https://en.wikipedia.org/wiki/Web_Services_for_Devices
+  # - https://en.wikipedia.org/wiki/WS-Discovery
+  # - https://en.wikipedia.org/wiki/Zero-configuration_networking#WS-Discovery
+
+  def initialize( ctx, address = nil )
+    pkt = PacketFu::UDPPacket.new
+
+    pkt.eth_saddr = ctx.iface.mac
+    pkt.eth_daddr = '01:00:5e:7f:ff:fa'
+    pkt.ip_saddr  = ctx.iface.ip
+    pkt.ip_daddr  = '239.255.255.250'
+    pkt.udp_src   = (rand((2 ** 16) - 1024) + 1024).to_i
+    pkt.udp_dst   = 3702
+
+    uuid = SecureRandom.uuid
+
+    payload = '<?xml version="1.0" encoding="utf-8" ?>'
+    payload << '<soap:Envelope'
+    payload << ' xmlns:soap="http://www.w3.org/2003/05/soap-envelope"'
+    payload << ' xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"'
+    payload << ' xmlns:wsd="http://schemas.xmlsoap.org/ws/2005/04/discovery"'
+    payload << ' xmlns:wsdp="http://schemas.xmlsoap.org/ws/2006/02/devprof">'
+
+    payload << '<soap:Header>'
+    # WS-Discovery
+    payload << '<wsa:To>urn:schemas-xmlsoap-org:ws:2005:04:discovery</wsa:To>'
+    # Action (Probe)
+    payload << "<wsa:Action>http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe</wsa:Action>"
+    # Message identifier (unique GUID)
+    payload << "<wsa:MessageID>urn:uuid:#{uuid}</wsa:MessageID>"
+    payload << '</soap:Header>'
+
+    payload << '<soap:Body>'
+    payload << '<wsd:Probe/>' # WS-Discovery type (blank)
+    payload << '</soap:Body>'
+    payload << '</env:Envelope>'
+
+    pkt.payload = payload
+    pkt.recalc
+
+    ctx.packets.push(pkt)
+  end
+end
+end
+end
+end

data/lib/bettercap/firewalls/linux.rb

@@ -75,8 +75,6 @@ class Linux < Base
       # Ipv6 uses a different ip + port representation
       cal_dst_address = "[#{r.dst_address}]"
     end
-    # post route
-    Shell.execute("#{table} -t nat -I POSTROUTING -s 0/0 -j MASQUERADE")
     # accept all
     Shell.execute("#{table} -P FORWARD ACCEPT")
     # add redirection
@@ -92,8 +90,6 @@ class Linux < Base
       # Ipv6 uses a different ip + port representation
       cal_dst_address = "[#{r.dst_address}]"
     end
-    # remove post route
-    Shell.execute("#{table} -t nat -D POSTROUTING -s 0/0 -j MASQUERADE")
     # remove redirection
     Shell.execute("#{table} -t nat -D PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{cal_dst_address}:#{r.dst_port}")
   end

data/lib/bettercap/logger.rb

@@ -13,6 +13,53 @@ This project is released under the GPL 3 license.
 module BetterCap
 # Class responsible for console and file logging.
 module Logger
+  L_RAW = 0
+  L_DBG = 1
+  L_INF = 2
+  L_WRN = 3
+  L_ERR = 4
+
+  class Entry
+    def initialize( ts, level, message )
+      @timestamp = ts
+      @level = level
+      @message = message
+    end
+
+    def create
+      case @level
+        when Logger::L_RAW
+          formatted_message( @message, nil )
+        when Logger::L_DBG
+          formatted_message( @message, 'D' ).light_black
+        when Logger::L_INF
+          formatted_message( @message, 'I' )
+        when Logger::L_WRN
+          formatted_message( @message, 'W' ).yellow
+        when Logger::L_ERR
+          formatted_message( @message, 'E' ).red
+      end
+    end
+
+    private
+
+    # Format +message+ for the given +message_type+.
+    def formatted_message(message, message_type)
+      # raw message?
+      if message_type.nil?
+        if @timestamp and !message.strip.empty?
+          "[#{Time.now}] #{message}"
+        else
+          message
+        end
+      elsif @timestamp
+        "[#{Time.now}] [#{message_type}] #{message}"
+      else
+        "[#{message_type}] #{message}"
+      end
+    end
+  end
+
   class << self
     @@ctx       = nil
     @@queue     = Queue.new
@@ -39,48 +86,45 @@ module Logger
             "Message   : #{e.message}\n" +
             "Backtrace :\n\n    #{e.backtrace.join("\n    ")}\n"
 
-      if BetterCap::VERSION.end_with?('b')
-        self.warn(msg)
-      else
-        self.debug(msg)
-      end
+      self.debug(msg)
     end
 
     # Log an error +message+.
     def error(message)
-      @@queue.push formatted_message(message, 'E').red
+      @@queue.push Logger::Entry.new( @@timestamp, Logger::L_ERR, message )
     end
 
     # Log an information +message+.
     def info(message)
-      @@queue.push( formatted_message(message, 'I') ) unless @@silent
+      @@queue.push( Logger::Entry.new( @@timestamp, Logger::L_INF, message ) ) unless @silent
     end
 
     # Log a warning +message+.
     def warn(message)
-      @@queue.push formatted_message(message, 'W').yellow
+      @@queue.push Logger::Entry.new( @@timestamp, Logger::L_WRN, message )
     end
 
     # Log a debug +message+.
     def debug(message)
       if @@debug and not @@silent
-        @@queue.push formatted_message(message, 'D').light_black
+        @@queue.push Logger::Entry.new( @@timestamp, Logger::L_DBG, message )
       end
     end
 
     # Log a +message+ as it is.
     def raw(message)
-      @@queue.push( formatted_message( message, nil ) ) unless @@silent
+      @@queue.push( Logger::Entry.new( @@timestamp, Logger::L_RAW, message ) ) unless @silent
     end
 
     # Wait for the messages queue to be empty.
     def wait!
       while not @@queue.empty?
-        if @@thread.nil?
-          emit @@queue.pop
-        else
-          sleep 0.3
+        msg = @@queue.pop(true) rescue nil
+        if msg
+          emit msg.create
         end
+
+        sleep(0.3) if msg.nil?
       end
     end
 
@@ -89,15 +133,16 @@ module Logger
     # Main logger logic.
     def worker
       loop do
-        message = @@queue.pop
-        if @@ctx.nil? or @@ctx.running
+        msg = @@queue.pop(true) rescue nil
+        if msg and ( @@ctx.nil? or @@ctx.running )
           begin
-            emit message
+            emit msg.create
           rescue Exception => e
-            Logger.warn "Logger error: #{e.message}"
             Logger.exception e
           end
         end
+
+        sleep(0.3) if msg.nil?
       end
     end
 
@@ -110,22 +155,6 @@ module Logger
         f.close
       end
     end
-
-    # Format +message+ for the given +message_type+.
-    def formatted_message(message, message_type)
-      # raw message?
-      if message_type.nil?
-        if @@timestamp and !message.strip.empty?
-          "[#{Time.now}] #{message}"
-        else
-          message
-        end
-      elsif @@timestamp
-        "[#{Time.now}] [#{message_type}] #{message}"
-      else
-        "[#{message_type}] #{message}"
-      end
-    end
   end
 end
 end