bettercap 1.1.9 → 1.1.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f3a44959da9a916d0c0c67da9eaf293547006ba4
-  data.tar.gz: 78e4dcf3c3da73095e0a291038de9f38928875bc
+  metadata.gz: 397d0cf63901e645278f09bb5b2eafd9745945ed
+  data.tar.gz: 8c67517734bb52946622f279c5590301b592f7d6
 SHA512:
-  metadata.gz: 4f8fffb6c4c2c47d6e5fee83434a7f969f9201486a77a007d2f2a0d4486e5ade866421bbed71aa9373150ddb340b0b77567b462ac68987192d98f2b72bac2052
-  data.tar.gz: c312331cded4f9e729f0255860f66e6a1402ba29cfc4613dc8a2edca42e8bc263d1430e2aae3e4c99b69b5e1520abc02204b93b285232ec4177035c3e13a7408
+  metadata.gz: 6957c7da7b6781a1efdf229b93ce565d875f32ee6a8ccaa6361767ef2b31b79f421400b21397f5b3717aef7b065afd97a7e37de3a1c3efeaeab44ca6cd224d51
+  data.tar.gz: fb5dd3cdc11a9b7ce6406e02cac9632204aba0ded518ea46335689bef6ceb690f678e23dcad29b07c4013c65c27034f57a18f82c2bc0681902d79d9b6e7e0d66

data/CONTRIBUTING.md

@@ -21,7 +21,7 @@ Once you've gone through this list, open an issue and please give us as much as
 
 Also, you should attach to the issue a debug log that you can generate with:
 
-    sudo bettercap [arguments you are using for testing] --debug --log=debug.log
+    [sudo|rvmsudo] bettercap [arguments you are using for testing] --debug --log=debug.log
 
 Wait for the error to happen then close bettercap and paste the **debug.log** file inside the issue.
 
@@ -39,4 +39,4 @@ There're plenty of things you can to do improve the software:
 * Implement a new proxy module and push it to the [dedicated repository](https://github.com/evilsocket/bettercap-proxy-modules).
 * Implement a new [Spoofer module](https://github.com/evilsocket/bettercap/blob/master/lib/bettercap/spoofers/arp.rb).
 * Implement a new [Sniffer credentials parser](https://github.com/evilsocket/bettercap/blob/master/lib/bettercap/sniffer/parsers/post.rb).
-* Fix, extend or improve the core.
+* Fix, extend or improve the core.

data/TODO.md

@@ -5,8 +5,10 @@ This is a list of TODOs I use to keep track of tasks and upcoming features.
 - [x] Implement `--ignore ADDR,ADDR,ADDR` option to filter out specific addresses from the targets list.
 - [x] HTTP 1.1 chunked response support.
 - [x] Ip address to hostname resolution.
-- [ ] Wrap every class with `module BetterCap` and refactor old code.
-- [ ] Use StreamLogger for both Proxy and Sniffer traffic. 
+- [x] Wrap every class with `module BetterCap` and refactor old code.
+- [x] Use StreamLogger for both Proxy and Sniffer traffic.
+- [x] Implement `--custom-parser REGEX` option.
+- [x] Let `-T|--target` [support MAC addresses](https://github.com/evilsocket/bettercap/issues/82).
 - [ ] Implement event-driven core plugin infrastructure ( for webui, etc ).
 - [ ] Implement web-ui core plugin.
 - [ ] Rewrite proxy class using [em-proxy](https://github.com/igrigorik/em-proxy) library.
@@ -24,3 +26,4 @@ This is a list of TODOs I use to keep track of tasks and upcoming features.
 - [ ] ICMP Redirect ? ( only half duplex and filtered by many firewalls anyway ... dunno ).
 - [ ] DNS Spoofing ( not sure if it actually makes any sense ).
 - [ ] sslstrip ( not really sure, currently is quite useless )
+- [ ] Implement `--mkcert FILENAME` option to create custom HTTPS `crt` files.

data/bin/bettercap

@@ -20,12 +20,16 @@ begin
 
   # Create global context, parse command line arguments and perform basic
   # error checking.
-  ctx = Options.parse!
+  ctx = BetterCap::Options.parse!
 
   # Start targets auto discovery if needed.
   if ctx.options.target.nil?
-    Logger.info( "Targeting the whole subnet #{ctx.ifconfig[:ip4_obj].to_range} ..." ) unless ctx.options.has_spoofer?
+    BetterCap::Logger.info( "Targeting the whole subnet #{ctx.ifconfig[:ip4_obj].to_range} ..." ) unless ctx.options.has_spoofer?
     ctx.discovery.start
+    # give some time to the discovery thread to spawn its workers,
+    # this will prevent 'Too many open files' errors to delay host
+    # discovery.
+    sleep 1.5
   end
 
   # Start network spoofers if any.
@@ -36,7 +40,7 @@ begin
   # Start proxies and setup port redirection.
   if ctx.options.proxy
     if ctx.options.has_http_sniffer_enabled?
-      Logger.warn "WARNING: Both HTTP transparent proxy and URL parser are enabled, you're gonna see duplicated logs."
+      BetterCap::Logger.warn "WARNING: Both HTTP transparent proxy and URL parser are enabled, you're gonna see duplicated logs."
     end
     ctx.create_proxies
   end
@@ -45,16 +49,16 @@ begin
 
   # Start local HTTP server.
   if ctx.options.httpd
-    ctx.httpd = HTTPD::Server.new( ctx.options.httpd_port, ctx.options.httpd_path )
+    ctx.httpd = BetterCap::HTTPD::Server.new( ctx.options.httpd_port, ctx.options.httpd_path )
     ctx.httpd.start
   end
 
   # Start network sniffer.
   if ctx.options.sniffer
-    Sniffer.start ctx
+    BetterCap::Sniffer.start ctx
   else
-    Logger.warn 'WARNING: Sniffer module was NOT enabled ( -X argument ), this '\
-                'will cause the MITM to run but no data to be collected.' unless ctx.options.has_spoofer?
+    BetterCap::Logger.warn 'WARNING: Sniffer module was NOT enabled ( -X argument ), this '\
+                           'will cause the MITM to run but no data to be collected.' unless ctx.options.has_spoofer?
   end
 
   loop do
@@ -62,15 +66,19 @@ begin
   end
 
 rescue SystemExit, Interrupt
-  Logger.raw "\n"
+  BetterCap::Logger.raw "\n"
 
 rescue BetterCap::Error => e
-  Logger.error e.message
+
+  BetterCap::Logger.error e.message
 
 rescue Exception => e
-  Logger.error e.message
-  Logger.error e.backtrace.join("\n")
+  BetterCap::Logger.error e.message
+  BetterCap::Logger.error e.backtrace.join("\n")
 
 ensure
+  # Make sure all the messages on the logger queue are printed.
+  BetterCap::Logger.wait!
+
   ctx.finalize unless ctx.nil?
 end

data/lib/bettercap.rb

@@ -27,7 +27,11 @@ Config = RbConfig
 require 'bettercap/update_checker'
 require 'bettercap/error'
 require 'bettercap/options'
-require 'bettercap/discovery'
+require 'bettercap/discovery/agents/base'
+require 'bettercap/discovery/agents/arp'
+require 'bettercap/discovery/agents/icmp'
+require 'bettercap/discovery/agents/udp'
+require 'bettercap/discovery/discovery'
 require 'bettercap/context'
 require 'bettercap/monkey/packetfu/utils'
 require 'bettercap/factories/firewall_factory'

data/lib/bettercap/base/ifirewall.rb

@@ -9,6 +9,7 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
+module BetterCap
 class IFirewall
   def initialize
     @frwd_initial_state = forwarding_enabled?
@@ -42,3 +43,4 @@ private
     raise NotImplementedError, 'IFirewall: Unimplemented method!'
   end
 end
+end

data/lib/bettercap/base/ispoofer.rb

@@ -9,6 +9,7 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
+module BetterCap
 class ISpoofer
   def initialize
     not_implemented_method!
@@ -28,3 +29,4 @@ private
     raise NotImplementedError, 'ISpoofer: Unimplemented method!'
   end
 end
+end

data/lib/bettercap/context.rb

@@ -13,6 +13,7 @@ This project is released under the GPL 3 license.
 # this class holds global states & data
 require 'bettercap/error'
 
+module BetterCap
 class Context
   attr_accessor :options, :ifconfig, :firewall, :gateway,
                 :targets, :discovery, :spoofer, :httpd,
@@ -87,7 +88,7 @@ class Context
 
       Proxy::Module.register_modules
 
-      raise BetterCap::Error, "#{@options.proxy_module} is not a valid bettercap proxy module." unless !Proxy::Module.modules.empty?
+      raise BetterCap::Error, "#{@options.proxy_module} is not a valid bettercap proxy module." if Proxy::Module.modules.empty?
     end
 
     @proxy_processor = Proc.new do |request,response|
@@ -137,7 +138,8 @@ class Context
   def finalize
     @running = false
 
-    Logger.info 'Shutting down, hang on ...'
+    # Logger is silent if @running == false
+    puts "\nShutting down, hang on ...\n"
 
     Logger.debug 'Stopping target discovery manager ...'
     @discovery.stop
@@ -163,3 +165,4 @@ class Context
     @httpd.stop unless @httpd.nil?
   end
 end
+end

data/lib/bettercap/discovery/{arp.rb → agents/arp.rb}

@@ -9,15 +9,10 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
-require 'bettercap/shell'
-require 'bettercap/target'
-require 'bettercap/discovery/base'
-require 'bettercap/context'
 
 # Parse the ARP table searching for new hosts.
+module BetterCap
 class ArpAgent < BaseAgent
-
   def self.parse( ctx )
     targets = []
     self.parse_cache do |ip,mac|
@@ -47,19 +42,24 @@ class ArpAgent < BaseAgent
     nil
   end
 
+  def self.find_mac( address )
+    self.parse_cache do |ip,mac|
+      if mac == address
+        return ip
+      end
+    end
+    nil
+  end
+
   private
 
   def self.parse_cache
-    arp = Shell.arp
-
-    Logger.debug "ARP CACHE:\n#{arp}"
-
-    arp.split("\n").each do |line|
+    Shell.arp.split("\n").each do |line|
       m = self.parse_cache_line(line)
-      if !m.nil?
+      unless m.nil?
         ip = m[1]
-        hw = m[2]
-        if hw != 'ff:ff:ff:ff:ff:ff'
+        hw = Target.normalized_mac( m[2] )
+        if hw != 'FF:FF:FF:FF:FF:FF'
           yield( ip, hw )
         end
       end
@@ -82,3 +82,4 @@ class ArpAgent < BaseAgent
     pkt.to_w( @ifconfig[:iface] )
   end
 end
+end

data/lib/bettercap/discovery/{base.rb → agents/base.rb}

@@ -9,9 +9,9 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
 
 # Base class for discovery agents.
+module BetterCap
 class BaseAgent
   def initialize( ifconfig, gw_ip, local_ip )
     @local_ip = local_ip
@@ -35,7 +35,7 @@ class BaseAgent
     @workers = (0...4).map do
       Thread.new do
         begin
-          while ip = @queue.pop(true) 
+          while ip = @queue.pop(true)
             loop do
               Logger.debug "#{self.class.name} : Probing #{ip} ..."
 
@@ -44,7 +44,7 @@ class BaseAgent
 
                 break
               rescue Exception => e
-                Logger.debug "#{self.class.name}#send_probe : #{ip} -> #{e.message}"          
+                Logger.debug "#{self.class.name}#send_probe : #{ip} -> #{e.message}"
 
                 # If we've got an error message such as:
                 #   (cannot open BPF device) /dev/bpf0: Too many open files
@@ -80,4 +80,4 @@ class BaseAgent
     Logger.warn "#{self.class.name} not implemented!"
   end
 end
-
+end

data/lib/bettercap/discovery/{icmp.rb → agents/icmp.rb}

@@ -9,11 +9,9 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
-require 'bettercap/shell'
-require 'bettercap/factories/firewall_factory'
 
 # Send a broadcast ping trying to filling the ARP table.
+module BetterCap
 class IcmpAgent
   def initialize( timeout = 5 )
     @thread = Thread.new {
@@ -35,3 +33,4 @@ class IcmpAgent
     end
   end
 end
+end

data/lib/bettercap/discovery/{udp.rb → agents/udp.rb}

@@ -9,9 +9,9 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/discovery/base'
 
 # Send UDP probes trying to filling the ARP table.
+module BetterCap
 class UdpAgent < BaseAgent
   private
 
@@ -36,4 +36,4 @@ class UdpAgent < BaseAgent
     # TODO: Parse response for hostname?
   end
 end
-
+end

data/lib/bettercap/{discovery.rb → discovery/discovery.rb}

@@ -9,6 +9,7 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
+module BetterCap
 class Discovery
   def initialize( ctx )
     @ctx     = ctx
@@ -48,10 +49,16 @@ class Discovery
 
       if empty_list and not @ctx.targets.empty?
         Logger.info "Collected #{@ctx.targets.size} total targets."
+
+        msg = "\n"
         @ctx.targets.each do |target|
-          Logger.info "  #{target}"
+          msg += "  #{target}\n"
         end
+        Logger.raw msg
       end
+
+      sleep(5) if @ctx.options.arpcache
     end
   end
 end
+end

data/lib/bettercap/factories/firewall_factory.rb

@@ -13,6 +13,7 @@ require 'bettercap/error'
 require 'bettercap/firewalls/osx'
 require 'bettercap/firewalls/linux'
 
+module BetterCap
 class FirewallFactory
   @@instance = nil
 
@@ -34,3 +35,4 @@ class FirewallFactory
     @@instance = nil
   end
 end
+end

data/lib/bettercap/factories/parser_factory.rb

@@ -13,6 +13,7 @@ This project is released under the GPL 3 license.
 require 'bettercap/error'
 require 'bettercap/logger'
 
+module BetterCap
 class ParserFactory
   @@path = File.dirname(__FILE__) + '/../sniffer/parsers/'
 
@@ -20,7 +21,7 @@ class ParserFactory
     def available
       avail = []
       Dir.foreach( @@path ) do |file|
-        if file =~ /.rb/ and file != 'base.rb'
+        if file =~ /.rb/ and file != 'base.rb' and file != 'custom.rb'
           avail << file.gsub('.rb','').upcase
         end
       end
@@ -38,20 +39,25 @@ class ParserFactory
       list
     end
 
-    def ParserFactory.load_by_names(parsers)
+    def load_by_names(parsers)
       loaded = []
       Dir.foreach( @@path ) do |file|
         cname = file.gsub('.rb','').upcase
-        if file =~ /.rb/ and file != 'base.rb' and ( parsers.include?(cname) or parsers == ['*'] )
+        if file =~ /.rb/ and file != 'base.rb' and file != 'custom.rb' and ( parsers.include?(cname) or parsers == ['*'] )
           Logger.debug "Loading parser #{cname} ..."
 
           require_relative "#{@@path}#{file}"
 
-          loaded << Kernel.const_get("#{cname.capitalize}Parser").new
+          loaded << Kernel.const_get("BetterCap::#{cname.capitalize}Parser").new
         end
       end
       loaded
     end
+
+    def load_custom(expression)
+      require_relative "#{@@path}custom.rb"
+      [ BetterCap::CustomParser.new(expression) ]
+    end
   end
 end
-
+end

data/lib/bettercap/factories/spoofer_factory.rb

@@ -11,6 +11,7 @@ This project is released under the GPL 3 license.
 =end
 require 'bettercap/error'
 
+module BetterCap
 class SpooferFactory
   class << self
     def available
@@ -30,7 +31,7 @@ class SpooferFactory
 
       require_relative "../spoofers/#{name}"
 
-      Kernel.const_get("#{name.capitalize}Spoofer").new
+      Kernel.const_get("BetterCap::#{name.capitalize}Spoofer").new
     end
 
     private
@@ -40,3 +41,4 @@ class SpooferFactory
     end
   end
 end
+end

data/lib/bettercap/firewalls/linux.rb

@@ -12,6 +12,7 @@ This project is released under the GPL 3 license.
 require 'bettercap/base/ifirewall'
 require 'bettercap/shell'
 
+module BetterCap
 class LinuxFirewall < IFirewall
   def enable_forwarding(enabled)
     shell.execute("echo #{enabled ? 1 : 0} > /proc/sys/net/ipv4/ip_forward")
@@ -47,3 +48,4 @@ class LinuxFirewall < IFirewall
     Shell
   end
 end
+end

data/lib/bettercap/firewalls/osx.rb

@@ -12,6 +12,7 @@ This project is released under the GPL 3 license.
 require 'bettercap/base/ifirewall'
 require 'bettercap/shell'
 
+module BetterCap
 class OSXFirewall < IFirewall
   def enable_forwarding(enabled)
     shell.execute("sysctl -w net.inet.ip.forwarding=#{enabled ? 1 : 0}")
@@ -66,3 +67,4 @@ class OSXFirewall < IFirewall
     Shell
   end
 end
+end