bettercap 1.6.1 → 1.6.2

data/lib/bettercap/network/network.rb

@@ -142,7 +142,7 @@ class << self
     if ctx.options.core.use_ipv6
       BetterCap::Loader.load("BetterCap::Discovery::Agents::Ndp").new(ctx, address)
     else
-      [ 'Icmp', 'Udp', 'Arp' ].each do |name|
+      [ 'Icmp', 'Udp', 'Arp', 'Mdns', 'Upnp', 'Wsd' ].each do |name|
         BetterCap::Loader.load("BetterCap::Discovery::Agents::#{name}").new(ctx, address)
       end
     end

data/lib/bettercap/options/core_options.rb

@@ -119,7 +119,7 @@ class CoreOptions
 
     opts.on( '-h', '--help', 'Display the available options.') do
       puts opts
-      puts "\nFor examples & docs please visit " + "https://bettercap.org/docs/".bold
+      puts "\nFor examples & docs please visit " + "https://bettercap.org/".bold
       exit
     end
 

data/lib/bettercap/proxy/http/modules/redirect.rb

@@ -5,7 +5,7 @@ BETTERCAP
 
 Author : Simone 'evilsocket' Margaritelli
 Email  : evilsocket@gmail.com
-Blog   : http://www.evilsocket.net/
+Blog   : https://www.evilsocket.net/
 
 This project is released under the GPL 3 license.
 

data/lib/bettercap/proxy/http/proxy.rb

@@ -136,7 +136,7 @@ class Proxy
   # ip addresses.
   def is_self_request?(request)
     begin
-      return @local_ips.include? IPSocket.getaddress(request.host)
+      return @local_ips.include? request.host
     rescue; end
     false
   end
@@ -146,12 +146,7 @@ class Proxy
     request = Request.new @upstream_port
 
     begin
-      Logger.debug 'Reading request ...'
-
       request.read(client)
-
-      Logger.debug 'Request parsed.'
-
       # stripped request
       if @streamer.was_stripped?( request, client )
         @streamer.handle( request, client )
@@ -163,11 +158,8 @@ class Proxy
         @streamer.handle( request, client )
       end
 
-      Logger.debug "#{@type} client served."
-
     rescue SocketError => se
       Logger.debug "Socket error while serving client: #{se.message}"
-      # Logger.exception se
     rescue Errno::EPIPE => ep
       Logger.debug "Connection closed while serving client."
     rescue EOFError => eof

data/lib/bettercap/proxy/http/sslstrip/strip.rb

@@ -195,7 +195,7 @@ class Strip
     response = nil
     # check for cookies.
     unless @cookies.is_clean?(request)
-      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
+      Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
       expired = @cookies.get_expired_headers!(request)
       response = Response.redirect( request.to_url(nil), expired )
     end
@@ -222,14 +222,14 @@ class Strip
       end
       request.port = 443
 
-      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{url}', proxying via SSL ( #{request.to_url} )."
+      Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{url}', proxying via SSL ( #{request.to_url} )."
     end
   end
 
   # If +request+ is the favicon of a stripped host, send our spoofed lock icon.
   def spoof_favicon!(request)
     if was_stripped?(request) and is_favicon?(request)
-      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending spoofed favicon '#{request.to_url }'."
+      Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Sending spoofed favicon '#{request.to_url }'."
       return @favicon
     end
     nil
@@ -254,14 +254,14 @@ class Strip
 
       # no cookies set, just a normal http -> https redirect
       if response['Set-Cookie'].empty?
-        Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{original}' -> '#{stripped}'."
+        Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{original}' -> '#{stripped}'."
         # The request will be retried on port 443 if MAX_REDIRECTS is not reached.
         request.port = 443
         # retry the request if possible
         return true
       # cookies set, this is probably a redirect after a login.
       else
-        Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS ( with cookies ) '#{original}' -> '#{stripped}'."
+        Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS ( with cookies ) '#{original}' -> '#{stripped}'."
         # we know this session, do not kill it!
         @cookies.add!( request )
         # remove the 'secure' flag from every cookie.

data/lib/bettercap/sniffer/parsers/asterisk.rb

@@ -0,0 +1,37 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : https://www.evilsocket.net/
+
+Asterisk Call Manager authentication parser:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# Asterisk Call Manager authentication parser.
+class Asterisk  < Base
+  def initialize
+    @name = 'Asterisk'
+  end
+  def on_packet( pkt )
+    return unless pkt.tcp_dst == 5038
+    return unless pkt.to_s =~ /action:\s+login\r?\n/i
+
+    if pkt.to_s =~ /username:\s+(.+?)\r?\n/i && pkt.to_s =~ /secret:\s+(.+?)\r?\n/i
+      user = pkt.to_s.scan(/username:\s+(.+?)\r?\n/i).flatten.first
+      pass = pkt.to_s.scan(/secret:\s+(.+?)\r?\n/i).flatten.first
+      StreamLogger.log_raw( pkt, @name, "username=#{user} password=#{pass}" )
+    end
+  rescue
+  end
+end
+end
+end

data/lib/bettercap/sniffer/parsers/bfd.rb

@@ -0,0 +1,159 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : https://www.evilsocket.net/
+
+Bidirectional Forwarding Detection (BFD) packet and authentication parser:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+#
+# Bidirectional Forwarding Detection (BFD) packet and authentication parser.
+#
+# References:
+# - https://tools.ietf.org/html/rfc5880#section-4
+# - https://en.wikipedia.org/wiki/Bidirectional_Forwarding_Detection
+#
+class Bfd < Base
+  def initialize
+    @name = 'BFD'
+  end
+
+  def on_packet( pkt )
+    return unless (pkt.udp_dst == 3784 && pkt.payload.length > 30)
+
+    # It appears PacketFu drops the first two bits from packet.payload
+    # (because they're 00?), so let's insert them for consistency.
+    data = '00' + pkt.payload.to_s.unpack('H*').first.to_i(16).to_s(2)
+
+=begin
+
+Packet format from RFC5880, section 4:
+
+  The Mandatory Section of a BFD Control packet has the following
+  format:
+
+   0                   1                   2                   3
+   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |Vers |  Diag   |Sta|P|F|C|A|D|M|  Detect Mult  |    Length     |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |                       My Discriminator                        |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |                      Your Discriminator                       |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |                    Desired Min TX Interval                    |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |                   Required Min RX Interval                    |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |                 Required Min Echo RX Interval                 |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+  An optional Authentication Section MAY be present:
+
+   0                   1                   2                   3
+   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |   Auth Type   |   Auth Len    |    Authentication Data...     |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+=end
+
+    # Mandatory Section of a BFD Control packet
+    # -----------------------------------------
+    # data[0..2]     # Protocol version
+
+    # This parser supports only BFD version 1
+    return unless data[0..2] == '001'
+
+    # data[3..7]     # Diagnostic Code
+    # data[8..9]     # State
+    # data[10..15]   # Message Flags
+    # - data[10]     # - Poll (P)
+    # - data[11]     # - Final (F)
+    # - data[12]     # - Control Plane Independent (C)
+    # - data[13]     # - Authentication Present (A)
+    # - data[14]     # - Demand (D)
+    # - data[15]     # - Multipoint (M)
+
+    # We're only interested in packets with authentication present
+    return unless data[13] == '1'
+
+    # data[16..23]   # Detection time multiplier
+    # data[24..31]   # Length of the BFD Control packet, in bytes.
+    # data[32..63]   # My Discriminator
+    # data[64..95]   # Your Discriminator
+    # data[96..127]  # Desired Min TX Interval
+    # data[128..159] # Required Min RX Interval
+    # data[160..191] # Required Min Echo RX Interval
+
+
+=begin
+
+Simple Password Authentication Section Format from RFC5880, section 4.2:
+
+   0                   1                   2                   3
+   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |   Auth Type   |   Auth Len    |  Auth Key ID  |  Password...  |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  |                              ...                              |
+  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+=end
+
+    # Simple Authentication Section
+    # -----------------------------
+    # data[192..199] # Auth Type
+                     #         0 - Reserved
+                     #         1 - Simple Password
+                     #         2 - Keyed MD5
+                     #         3 - Meticulous Keyed MD5
+                     #         4 - Keyed SHA1
+                     #         5 - Meticulous Keyed SHA1
+                     #     6-255 - Reserved for future use
+    auth_type = data[192..199].to_i(2)
+
+    # We're only interested in simple authentication
+    return unless auth_type == 1
+
+    log = []
+    log << "#{'AuthType'.blue}=Simple"
+
+    # data[200..207] # Auth Length - the length (in bytes) of the authentication section, including:
+                     #   Auth Type (1 byte)
+                     #   Auth Length (1 byte)
+                     #   Auth Key ID (1 byte)
+    auth_len = data[200..207].to_i(2) - 3 # minus 3 to account for auth headers
+
+    # data[208..215] # Auth Key ID
+    auth_key = data[208..215].to_i(2)
+    log << "#{'AuthKeyID'.blue}=#{auth_key}"
+
+    # data[216..??]  # Password:
+                     #   216 to (216 + auth_len)
+    if auth_len <= 0
+      log << "#{'Password'.blue}=null"
+    else
+      password = data[216...( 216 + (auth_len * 8) )]
+      password_hex = password.to_i(2).to_s(16)
+      password_ascii = [password.to_i(2).to_s(16)].pack('H*')
+      log << "#{'Password'.blue}=#{password_hex} ('#{password_ascii.yellow}')"
+    end
+
+    StreamLogger.log_raw pkt, @name, log.join(' ')
+  rescue
+  end
+end
+end
+end

data/lib/bettercap/sniffer/parsers/dhcp.rb

@@ -16,30 +16,30 @@ module Parsers
 # DHCP packets and authentication parser.
 class DHCP < Base
   def on_packet( pkt )
-    begin
-      if pkt.udp_dst == 67 or pkt.udp_dst == 68
-        packet = Network::Protos::DHCP::Packet.parse( pkt.payload )
-        unless packet.nil?
-          auth = packet.authentication
-          cid  = auth.nil?? nil : packet.client_identifier
-          msg  = "[#{packet.type.yellow}] #{'Transaction-ID'.green}=#{sprintf( "0x%X", packet.xid ).yellow}"
-
-          unless cid.nil?
-            msg += " #{'Client-ID'.green}='#{cid.yellow}'"
-          end
-
-          unless auth.nil?
-            msg += "\n#{'AUTHENTICATION'.green}:\n\n"
-            auth.each do |k,v|
-              msg += "  #{k.blue} : #{v.yellow}\n"
-            end
-            msg += "\n"
-          end
-
-          StreamLogger.log_raw( pkt, 'DHCP', msg )
-        end
+    return unless (pkt.udp_dst == 67 || pkt.udp_dst == 68)
+
+    packet = Network::Protos::DHCP::Packet.parse( pkt.payload )
+
+    return if packet.nil?
+
+    auth = packet.authentication
+    cid  = auth.nil?? nil : packet.client_identifier
+    msg  = "[#{packet.type.yellow}] #{'Transaction-ID'.green}=#{sprintf( "0x%X", packet.xid ).yellow}"
+
+    unless cid.nil?
+      msg += " #{'Client-ID'.green}='#{cid.yellow}'"
+    end
+
+    unless auth.nil?
+      msg += "\n#{'AUTHENTICATION'.green}:\n\n"
+      auth.each do |k,v|
+        msg += "  #{k.blue} : #{v.yellow}\n"
       end
-    rescue; end
+      msg += "\n"
+    end
+
+    StreamLogger.log_raw( pkt, 'DHCP', msg )
+  rescue
   end
 end
 end

data/lib/bettercap/sniffer/parsers/dict.rb

@@ -6,6 +6,10 @@ Author : Simone 'evilsocket' Margaritelli
 Email  : evilsocket@gmail.com
 Blog   : https://www.evilsocket.net/
 
+DICT authentication parser:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
 This project is released under the GPL 3 license.
 
 =end
@@ -18,19 +22,17 @@ class Dict < Base
     @name = 'DICT'
   end
   def on_packet( pkt )
-    begin
-      if pkt.tcp_dst == 2628
-        lines = pkt.to_s.split(/\r?\n/)
-        lines.each do |line|
-          if line =~ /AUTH\s+(.+)\s+(.+)$/
-            user = $1
-            pass = $2
-            StreamLogger.log_raw( pkt, @name, "username=#{user} password=#{pass}" )
-          end
-        end
+    return unless pkt.tcp_dst == 2628
+
+    lines = pkt.to_s.split(/\r?\n/)
+    lines.each do |line|
+      if line =~ /AUTH\s+(.+)\s+(.+)$/
+        user = $1
+        pass = $2
+        StreamLogger.log_raw( pkt, @name, "username=#{user} password=#{pass}" )
       end
-    rescue
     end
+  rescue
   end
 end
 end

data/lib/bettercap/sniffer/parsers/hsrp.rb

@@ -0,0 +1,262 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : https://www.evilsocket.net/
+
+HSRP packet and authentication parser:
+  Author : Brendan Coles
+  Email  : bcoles[at]gmail.com
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+#
+# HSRP packet and authentication parser.
+#
+# Supports HSRP version 0
+# Supports text authentication
+# Supports IPv4
+#
+# Does not support IPv6
+# Does not support MD5 authentication
+# Does not support HSRP version 2
+#
+# References:
+# - https://en.wikipedia.org/wiki/Hot_Standby_Router_Protocol
+# - https://tools.ietf.org/html/rfc2281#section-5
+# - https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9234-hsrpguidetoc.html
+# - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-hsrp-md5.html
+#
+class Hsrp < Base
+  def initialize
+    @name = 'HSRP'
+  end
+
+  def on_packet( pkt )
+    if pkt.respond_to? 'hsrp_version'
+      parse_hsrp_packetfu pkt
+    elsif is_hsrp? pkt
+      parse_hsrp_raw pkt
+    end
+  rescue
+  end
+
+  private
+
+  def parse_hsrp_raw(pkt)
+    log = []
+    data = pkt.payload.to_s.unpack('H*').first
+
+=begin
+
+Packet format from RFC2281, section 5:
+
+                          1                   2                   3
+
+   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |   Version     |   Op Code     |     State     |   Hellotime   |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |   Holdtime    |   Priority    |     Group     |   Reserved    |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                      Authentication  Data                     |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                      Authentication  Data                     |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                      Virtual IP Address                       |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+=end
+
+    # data[0...2]      # HSRP version
+                       # HSRP versions 0 and 2 both advertise as version 0
+    version = data[0...2].to_i(16)
+
+    # This parser supports only HSRP version 0
+    return unless version == 0
+
+    # data[2...4]      # Op Code:
+                       #  0 - Hello
+                       #      Hello messages are sent to indicate that a router is running and
+                       #      is capable of becoming the active or standby router.
+                       #  1 - Coup
+                       #      Coup messages are sent when a router wishes to become the active router.
+                       #  2 - Resign
+                       #      Resign messages are sent when a router no longer wishes to be the
+                       #      active router.
+                       #  3 - Advertise
+                       #      Passive HSRP Router Advertisements
+                       #      This OpCode is not described in RFC2281.
+    op_code = data[2...4].to_i(16)
+    case op_code
+    when 0
+      log << 'hello'.yellow
+    when 1
+      log << 'coup'.yellow
+    when 2
+      log << 'resign'.yellow
+    when 3
+      log << 'advertise'.yellow
+    else
+      log << 'unknown'.yellow
+    end
+
+    log << "#{'OpCode'.blue}=#{op_code}"
+
+    # data[4...6]      # State:
+                       #         0 - Initial
+                       #         1 - Learn
+                       #         2 - Listen
+                       #         4 - Speak
+                       #         8 - Standby
+                       #        16 - Active
+    state = data[4...6].to_i(16)
+    case state
+    when 0
+      state_desc = 'Initial'
+    when 1
+      state_desc = 'Learn'
+    when 2
+      state_desc = 'Listen'
+    when 4
+      state_desc = 'Speak'
+    when 8
+      state_desc = 'StandBy'
+    when 16
+      state_desc = 'Active'
+    else
+      state_desc = 'Unknown'
+    end
+
+    log << "#{'State'.blue}=#{state_desc.yellow} (#{state})"
+
+    # data[6...8]      # HelloTime - Time (in seconds) between Hello messages
+    hello_time = data[6...8].to_i(16)
+    log << "#{'HelloTime'.blue}=#{hello_time}"
+
+    # data[8...10]     # HoldTime - Time (in seconds) for which the Hello message is valid
+    hold_time = data[8...10].to_i(16)
+    log << "#{'HoldTime'.blue}=#{hold_time}"
+
+    # data[10...12]    # Priority
+    priority = data[10...12].to_i(16)
+    log << "#{'Priority'.blue}=#{priority.to_s.yellow}"
+
+    # data[12...14]    # StandBy Group
+    group = data[12...14].to_i(16)
+    log << "#{'Group'.blue}=#{group.to_s.yellow}"
+
+    # data[14...16]    # Reserved (0x00)
+
+    # data[16...32]    # Authentication data
+    auth = data[16...32]
+    log << "#{'Authentication'.blue}=#{auth}"
+
+    # strip trailing null bytes from the authentication data
+    # and check if the remaining data is ASCII
+    auth_ascii = [auth.gsub(/(00)*\z/, '')].pack('H*')
+    if auth_ascii == ''
+      # null authentication may indicate HSRPv2 MD5 data occurs later in the packet
+      # HSRPv2 is not supported by this parser
+      if pkt.payload.length > 50
+        log << '(null, md5?)'
+      else
+        log << '(null)'
+      end
+    elsif auth_ascii =~ /\A[a-zA-Z0-9_\-+\.,"' ]*\z/
+      log << "('#{auth_ascii.yellow}')"
+    end
+
+    # data[32...40]    # Virtual IP Address
+    virtual_ip = data[32...40].scan(/\w{2}/).map{ |c| c.to_i(16).to_s(10) }.join('.')
+    log << "#{'VirtualIP'.blue}='#{virtual_ip.yellow}'"
+
+    StreamLogger.log_raw pkt, @name, log.join(' ')
+  rescue
+  end
+
+  def parse_hsrp_packetfu(pkt)
+    log = []
+
+    op_code = pkt.hsrp_opcode
+    case op_code
+    when 0
+      log << 'hello'.yellow
+    when 1
+      log << 'coup'.yellow
+    when 2
+      log << 'resign'.yellow
+    when 3
+      log << 'advertise'.yellow
+    else
+      log << 'unknown'.yellow
+    end
+
+    log << "#{'OpCode'.blue}=#{op_code}"
+
+    state = pkt.hsrp_state
+    case state
+    when 0
+      state_desc = 'Initial'
+    when 1
+      state_desc = 'Learn'
+    when 2
+      state_desc = 'Listen'
+    when 4
+      state_desc = 'Speak'
+    when 8
+      state_desc = 'StandBy'
+    when 16
+      state_desc = 'Active'
+    else
+      state_desc = 'Unknown'
+    end
+
+    log << "#{'State'.blue}=#{state_desc.yellow} (#{state})"
+    log << "#{'HelloTime'.blue}=#{pkt.hsrp_hellotime}"
+    log << "#{'HoldTime'.blue}=#{pkt.hsrp_holdtime}"
+    log << "#{'Priority'.blue}=#{pkt.hsrp_priority.to_s.yellow}"
+    log << "#{'Group'.blue}=#{pkt.hsrp_group.to_s.yellow}"
+
+    auth = pkt.hsrp_password.unpack('H*').first
+    log << "#{'Authentication'.blue}=#{auth}"
+
+    # strip trailing null bytes from the authentication data
+    # and check if the remaining data is ASCII
+    auth_ascii = [auth.gsub(/(00)*\z/, '')].pack('H*')
+    if auth_ascii == ''
+      # null authentication may indicate HSRPv2 MD5 data occurs later in the packet
+      # HSRPv2 is not supported by this parser
+      if pkt.payload.length > 0
+        log << '(null, md5?)'
+      else
+        log << '(null)'
+      end
+    elsif auth_ascii =~ /\A[a-zA-Z0-9_\-+\.,"' ]*\z/
+      log << "('#{auth_ascii.yellow}')"
+    end
+
+    virtual_ip = pkt.hsrp_vip.to_s.unpack('H*').first.to_s.scan(/\w{2}/).map{ |c| c.to_i(16).to_s(10) }.join('.')
+    log << "#{'VirtualIP'.blue}='#{virtual_ip.yellow}'"
+
+    StreamLogger.log_raw pkt, @name, log.join(' ')
+  rescue
+  end
+
+  def is_hsrp?(pkt)
+    return ( pkt.eth_daddr == '01:00:5e:00:00:02' && \
+             pkt.ip_daddr == '224.0.0.2' && \
+             pkt.respond_to?('udp_src') && pkt.respond_to?('udp_dst') && \
+             ( pkt.udp_src == 1985 || pkt.udp_dst == 1985 ) && \
+             pkt.payload.length >= 20 )
+  end
+end
+end
+end