bettercap 1.1.10 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 397d0cf63901e645278f09bb5b2eafd9745945ed
-  data.tar.gz: 8c67517734bb52946622f279c5590301b592f7d6
+  metadata.gz: a830b906b0c9ea8c95b66699910e60e79c1eb728
+  data.tar.gz: 607fb72b1fd6dc77b4481ff2c3d8cb2dddefc8d3
 SHA512:
-  metadata.gz: 6957c7da7b6781a1efdf229b93ce565d875f32ee6a8ccaa6361767ef2b31b79f421400b21397f5b3717aef7b065afd97a7e37de3a1c3efeaeab44ca6cd224d51
-  data.tar.gz: fb5dd3cdc11a9b7ce6406e02cac9632204aba0ded518ea46335689bef6ceb690f678e23dcad29b07c4013c65c27034f57a18f82c2bc0681902d79d9b6e7e0d66
+  metadata.gz: 37ffe1a82e6da08ea9e1136892a9ec1b720b8fd5841eb74370e6e462151aa004e8ad0a3391d0db449dae5b5b86f2c5f7fe7d752c42566500039b1b7f478e677d
+  data.tar.gz: 1a2c0b6e2035a144bf677adaefba785abf614b375d9bb9d0d5284232ec1bac9cff467272eca2c3fa01e8acdbaf0c66ec726f47f6ba60e380bce61be615d2779e

data/TODO.md

@@ -9,11 +9,13 @@ This is a list of TODOs I use to keep track of tasks and upcoming features.
 - [x] Use StreamLogger for both Proxy and Sniffer traffic.
 - [x] Implement `--custom-parser REGEX` option.
 - [x] Let `-T|--target` [support MAC addresses](https://github.com/evilsocket/bettercap/issues/82).
-- [ ] Implement event-driven core plugin infrastructure ( for webui, etc ).
-- [ ] Implement web-ui core plugin.
+- [x] Fix modules structure by folder.
+- [x] Document classes with RDoc.
+- [x] ICMP Redirect ( double direct )
+- [ ] Implement `--mkcert FILENAME` option to create custom HTTPS `crt` files.
+- [ ] Implement sslstrip+ support.
 - [ ] Rewrite proxy class using [em-proxy](https://github.com/igrigorik/em-proxy) library.
 - [ ] HTTP/2 Support.
-- [ ] IPV6 Support.
 
 **Platform Specific**
 
@@ -23,7 +25,6 @@ This is a list of TODOs I use to keep track of tasks and upcoming features.
 
 **Maybe**
 
-- [ ] ICMP Redirect ? ( only half duplex and filtered by many firewalls anyway ... dunno ).
-- [ ] DNS Spoofing ( not sure if it actually makes any sense ).
-- [ ] sslstrip ( not really sure, currently is quite useless )
-- [ ] Implement `--mkcert FILENAME` option to create custom HTTPS `crt` files.
+- [ ] Implement event-driven core plugin infrastructure ( for webui, etc ).
+- [ ] Implement web-ui core plugin.
+- [ ] IPV6 Support.

data/bin/bettercap

@@ -56,7 +56,7 @@ begin
   # Start network sniffer.
   if ctx.options.sniffer
     BetterCap::Sniffer.start ctx
-  else
+  elsif ctx.options.has_spoofer?
     BetterCap::Logger.warn 'WARNING: Sniffer module was NOT enabled ( -X argument ), this '\
                            'will cause the MITM to run but no data to be collected.' unless ctx.options.has_spoofer?
   end
@@ -68,11 +68,17 @@ begin
 rescue SystemExit, Interrupt
   BetterCap::Logger.raw "\n"
 
-rescue BetterCap::Error => e
+rescue OptionParser::InvalidOption => e
+  BetterCap::Logger.error e.message
 
+rescue OptionParser::AmbiguousOption => e
+  BetterCap::Logger.error e.message
+
+rescue BetterCap::Error => e
   BetterCap::Logger.error e.message
 
 rescue Exception => e
+  BetterCap::Logger.error "EXCEPTION '#{e.class}' :"
   BetterCap::Logger.error e.message
   BetterCap::Logger.error e.backtrace.join("\n")
 

data/lib/bettercap.rb

@@ -27,16 +27,17 @@ Config = RbConfig
 require 'bettercap/update_checker'
 require 'bettercap/error'
 require 'bettercap/options'
+require 'bettercap/packet_queue'
+require 'bettercap/discovery/thread'
 require 'bettercap/discovery/agents/base'
 require 'bettercap/discovery/agents/arp'
 require 'bettercap/discovery/agents/icmp'
 require 'bettercap/discovery/agents/udp'
-require 'bettercap/discovery/discovery'
 require 'bettercap/context'
 require 'bettercap/monkey/packetfu/utils'
-require 'bettercap/factories/firewall_factory'
-require 'bettercap/factories/spoofer_factory'
-require 'bettercap/factories/parser_factory'
+require 'bettercap/factories/firewall'
+require 'bettercap/factories/spoofer'
+require 'bettercap/factories/parser'
 require 'bettercap/logger'
 require 'bettercap/shell'
 require 'bettercap/network'

data/lib/bettercap/context.rb

@@ -10,21 +10,48 @@ This project is released under the GPL 3 license.
 
 =end
 
-# this class holds global states & data
 require 'bettercap/error'
 
 module BetterCap
+# This class holds global states and data, moreover it exposes high level
+# methods to manipulate the program behaviour.
 class Context
-  attr_accessor :options, :ifconfig, :firewall, :gateway,
-                :targets, :discovery, :spoofer, :httpd,
-                :certificate, :running
+  # Instance of BetterCap::Options class.
+  attr_accessor :options
+  # A dictionary containing information about the selected network interface.
+  attr_accessor :ifconfig
+  # Instance of the current BetterCap::Firewalls class.
+  attr_accessor :firewall
+  # Network gateway IP address.
+  attr_accessor :gateway
+  # A list of BetterCap::Target objects which is periodically updated.
+  attr_accessor :targets
+  # Instance of BetterCap::Discovery::Thread class.
+  attr_accessor :discovery
+  # A list of BetterCap::Spoofers class instances.
+  attr_accessor :spoofer
+  # Instance of BetterCap::HTTPD::Server class.
+  attr_accessor :httpd
+  # Instance of OpenSSL::X509::Certificate class used
+  # for the HTTPS transparent proxy.
+  attr_accessor :certificate
+  # Set to true if the program is running, to false if a shutdown was
+  # scheduled by the user which pressed CTRL+C
+  attr_accessor :running
+  # Timeout for discovery operations.
+  attr_reader   :timeout
+  # Instance of BetterCap::PacketQueue.
+  attr_reader   :packets
 
   @@instance = nil
 
+  # Return the global instance of the program Context, if the instance
+  # was not yet created it will be initialized and returned.
   def self.get
     @@instance ||= self.new
   end
 
+  # Initialize the global context object.
   def initialize
     begin
       iface = Pcap.lookupdev
@@ -34,6 +61,7 @@ class Context
     end
 
     @running         = true
+    @timeout         = 5
     @options         = Options.new iface
     @ifconfig        = nil
     @firewall        = nil
@@ -45,10 +73,12 @@ class Context
     @certificate     = nil
     @proxies         = []
     @redirections    = []
-    @discovery       = Discovery.new self
-    @firewall        = FirewallFactory.get_firewall
+    @discovery       = Discovery::Thread.new self
+    @firewall        = Factories::Firewall.get
+    @packets         = nil
   end
 
+  # Update the Context state parsing network related informations.
   def update!
     @ifconfig = PacketFu::Utils.ifconfig @options.iface
     @gateway  = Network.get_gateway if @gateway.nil?
@@ -61,10 +91,20 @@ class Context
                             'correct network configuration, this could also happen if bettercap '\
                             'is launched from a virtual environment.' if @gateway.nil? or !Network.is_ip?(@gateway)
 
-    Logger.debug "network=#{@ifconfig[:ip4_obj]} gateway=#{@gateway} local_ip=#{@ifconfig[:ip_saddr]}"
-    Logger.debug "IFCONFIG: #{@ifconfig.inspect}"
+    Logger.debug '----- NETWORK INFORMATIONS -----'
+    Logger.debug "  network  = #{@ifconfig[:ip4_obj]}"
+    Logger.debug "  gateway  = #{@gateway}"
+    Logger.debug "  local_ip = #{@ifconfig[:ip_saddr]}\n"
+    @ifconfig.each do |key,value|
+      Logger.debug "  ifconfig[:#{key}] = #{value}"
+    end
+    Logger.debug "--------------------------------\n"
+
+    @packets = PacketQueue.new( @ifconfig[:iface], 4 )
   end
 
+  # Find a target given its +ip+ and +mac+ addresses inside the #targets
+  # list, if not found return nil.
   def find_target ip, mac
     @targets.each do |target|
       if target.equals?(ip,mac)
@@ -74,6 +114,7 @@ class Context
     nil
   end
 
+  # Apply needed BetterCap::Firewalls::Redirection objects.
   def enable_port_redirection!
     @redirections = @options.to_redirections @ifconfig
     @redirections.each do |r|
@@ -82,6 +123,8 @@ class Context
     end
   end
 
+  # Initialize the needed transparent proxies and the processor routined which
+  # is needed in order to run proxy modules.
   def create_proxies
     if @options.has_proxy_module?
       require @options.proxy_module
@@ -135,12 +178,15 @@ class Context
     end
   end
 
+  # Stop every running daemon that was started and reset system state.
   def finalize
     @running = false
 
     # Logger is silent if @running == false
     puts "\nShutting down, hang on ...\n"
 
+    @packets.stop
+
     Logger.debug 'Stopping target discovery manager ...'
     @discovery.stop
 

data/lib/bettercap/discovery/agents/arp.rb

@@ -12,7 +12,14 @@ This project is released under the GPL 3 license.
 
 # Parse the ARP table searching for new hosts.
 module BetterCap
-class ArpAgent < BaseAgent
+module Discovery
+module Agents
+# Class responsible to parse ARP cache and send ARP probes to each
+# possible IP on the network.
+class Arp < Discovery::Agents::Base
+  # Parse the current ARP cache and return a list of BetterCap::Target
+  # objects which are found inside it, using the +ctx+ BetterCap::Context
+  # instance.
   def self.parse( ctx )
     targets = []
     self.parse_cache do |ip,mac|
@@ -33,6 +40,8 @@ class ArpAgent < BaseAgent
     targets
   end
 
+  # Parse the ARP cache searching for the given IP +address+ and return its
+  # MAC if found, otherwise nil.
   def self.find_address( address )
     self.parse_cache do |ip,mac|
       if ip == address
@@ -42,6 +51,8 @@ class ArpAgent < BaseAgent
     nil
   end
 
+  # Parse the ARP cache searching for the given MAC +address+ and return its
+  # IP if found, otherwise nil.
   def self.find_mac( address )
     self.parse_cache do |ip,mac|
       if mac == address
@@ -70,16 +81,18 @@ class ArpAgent < BaseAgent
     /[^\s]+\s+\(([0-9\.]+)\)\s+at\s+([a-f0-9:]+).+#{Context.get.ifconfig[:iface]}.*/i.match(line)
   end
 
-  def send_probe( ip )
+  def get_probe( ip )
     pkt = PacketFu::ARPPacket.new
 
     pkt.eth_saddr     = pkt.arp_saddr_mac = @ifconfig[:eth_saddr]
     pkt.eth_daddr     = 'ff:ff:ff:ff:ff:ff'
     pkt.arp_daddr_mac = '00:00:00:00:00:00'
     pkt.arp_saddr_ip  = @ifconfig[:ip_saddr]
-    pkt.arp_daddr_ip  = ip
+    pkt.arp_daddr_ip  = ip.to_s
 
-    pkt.to_w( @ifconfig[:iface] )
+    pkt
   end
 end
 end
+end
+end

data/lib/bettercap/discovery/agents/base.rb

@@ -12,72 +12,36 @@ This project is released under the GPL 3 license.
 
 # Base class for discovery agents.
 module BetterCap
-class BaseAgent
-  def initialize( ifconfig, gw_ip, local_ip )
-    @local_ip = local_ip
-    @ifconfig = ifconfig
-    @queue    = Queue.new
+module Discovery
+module Agents
+# Base class for BetterCap::Discovery::Agents.
+class Base
+  # Initialize the agent using the +ctx+ BetterCap::Context instance.
+  def initialize( ctx )
+    @ctx       = ctx
+    @ifconfig  = ctx.ifconfig
+    @local_ip  = @ifconfig[:ip_saddr]
 
     net = ip = @ifconfig[:ip4_obj]
-
     # loop each ip in our subnet and push it to the queue
     while net.include?ip
       # rescanning the gateway could cause an issue when the
       # gateway itself has multiple interfaces ( LAN, WAN ... )
-      if ip != gw_ip and ip != local_ip
-        @queue.push ip
+      if ip != ctx.gateway and ip != @local_ip
+        packet = get_probe(ip)
+        @ctx.packets.push(packet)
       end
 
       ip = ip.succ
     end
-
-    # spawn the workers! ( tnx to https://blog.engineyard.com/2014/ruby-thread-pool )
-    @workers = (0...4).map do
-      Thread.new do
-        begin
-          while ip = @queue.pop(true)
-            loop do
-              Logger.debug "#{self.class.name} : Probing #{ip} ..."
-
-              begin
-                send_probe ip.to_s
-
-                break
-              rescue Exception => e
-                Logger.debug "#{self.class.name}#send_probe : #{ip} -> #{e.message}"
-
-                # If we've got an error message such as:
-                #   (cannot open BPF device) /dev/bpf0: Too many open files
-                # We want to retry to probe this ip in a while.
-                if e.message.include? 'Too many open files'
-                  Logger.debug "Retrying #{self.class.name}#send_probe on #{ip} in 1 second."
-
-                  sleep 1
-                else
-                  break
-                end
-              end
-            end
-          end
-        rescue Exception => e
-          Logger.debug "#{self.class.name} : #{ip} -> #{e.message}"
-        end
-      end
-    end
-  end
-
-  def wait
-    begin
-      @workers.map(&:join)
-    rescue Exception => e
-      Logger.debug "#{self.class.name}.wait: #{e.message}"
-    end
   end
 
   private
 
-  def send_probe( ip )
-    Logger.warn "#{self.class.name} not implemented!"
+  def get_probe( ip )
+    Logger.warn "#{self.class.name}#get_probe not implemented!"
   end
 end
 end
+end
+end

data/lib/bettercap/discovery/agents/icmp.rb

@@ -12,25 +12,33 @@ This project is released under the GPL 3 license.
 
 # Send a broadcast ping trying to filling the ARP table.
 module BetterCap
-class IcmpAgent
-  def initialize( timeout = 5 )
-    @thread = Thread.new {
-      FirewallFactory.get_firewall.enable_icmp_bcast(true)
-
-      if RUBY_PLATFORM =~ /darwin/
-        ping = Shell.execute("ping -i #{timeout} -c 2 255.255.255.255")
-      elsif RUBY_PLATFORM =~ /linux/
-        ping = Shell.execute("ping -i #{timeout} -c 2 -b 255.255.255.255 2> /dev/null")
-      end
-    }
-  end
+module Discovery
+module Agents
+# Class responsible to do a ping-sweep on the network.
+class Icmp
+  # Create a thread which will perform a ping-sweep on the network in order
+  # to populate the ARP cache with active targets, with a +ctx.timeout+ seconds
+  # timeout.
+  def initialize( ctx )
+    Factories::Firewall.get.enable_icmp_bcast(true)
+
+    # TODO: Use the real broadcast address for this network.
+    3.times do
+      pkt = PacketFu::ICMPPacket.new
+
+      pkt.eth_saddr = ctx.ifconfig[:eth_saddr]
+      pkt.eth_daddr = 'ff:ff:ff:ff:ff:ff'
+      pkt.ip_saddr  = ctx.ifconfig[:ip_saddr]
+      pkt.ip_daddr  = '255.255.255.255'
+      pkt.icmp_type = 8
+      pkt.icmp_code = 0
+      pkt.payload   = "ABCD"
+      pkt.recalc
 
-  def wait
-    begin
-      @thread.join
-    rescue Exception => e
-      Logger.debug "IcmpAgent.wait: #{e.message}"
+      ctx.packets.push(pkt)
     end
   end
 end
 end
+end
+end

data/lib/bettercap/discovery/agents/udp.rb

@@ -12,28 +12,17 @@ This project is released under the GPL 3 license.
 
 # Send UDP probes trying to filling the ARP table.
 module BetterCap
-class UdpAgent < BaseAgent
+module Discovery
+module Agents
+# Class responsible to send UDP probe packets to each possible IP on the network.
+class Udp < Discovery::Agents::Base
   private
 
-  def send_probe( ip )
-    port = 137
-    message =
-        "\x82\x28\x00\x00\x00" +
-        "\x01\x00\x00\x00\x00" +
-        "\x00\x00\x20\x43\x4B" +
-        "\x41\x41\x41\x41\x41" +
-        "\x41\x41\x41\x41\x41" +
-        "\x41\x41\x41\x41\x41" +
-        "\x41\x41\x41\x41\x41" +
-        "\x41\x41\x41\x41\x41" +
-        "\x41\x41\x41\x41\x41" +
-        "\x00\x00\x21\x00\x01"
-
-    # send netbios udp packet, just to fill ARP table
-    sd = UDPSocket.new
-    sd.send( message, 0, ip.to_s, port )
-    sd = nil
-    # TODO: Parse response for hostname?
+  def get_probe( ip )
+    # send dummy udp packet, just to fill ARP table
+    [ ip.to_s, 137, "\x10\x12\x85\x00\x00" ]
   end
 end
 end
+end
+end