bettercap 1.5.5 → 1.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ebf307012a9f7a95c84810c21db31d0ca657575f
-  data.tar.gz: 7aa29333600b9ad15821f2f4ad760dbee5dfcd76
+  metadata.gz: 1ee074bcf0415b99ad835ac61a8a72e94237ac34
+  data.tar.gz: c600e478177e4019e6745e7951c24ec0dc9b4778
 SHA512:
-  metadata.gz: 65328453bb055e8ddcea4073eac6b0c5c51b3d1a26c8fcab29f5d0a6be517516af1f5d9f7b21aad2877051dd37d3556e8bb457c781c82ab84e34060508995238
-  data.tar.gz: cff87a74985588e872ac886f5bf9e042bf507cbe911208f56f096eb786cf4783c673d352b8d8d9ddbe3777194dbefe263615171de86c9ab55cba0c8be844bdf5
+  metadata.gz: bc7511b21557af365f5a3df0d9c6711387035fbc9964804791bd18b22f65ea33455c88d197c9fd8ad20592a30aada450f3f61dfa680458bfa85f6a852dada595
+  data.tar.gz: a314b465b7c55533559679e43eb4ce6ab5a20387001434e3e7c1a7909df55a2fd76cde2242c150902fe4b35488eb2108979fb8e3506b091c548ee3bde509cb29

data/README.md

@@ -86,6 +86,14 @@ This should solve issues such as [this one](https://github.com/evilsocket/better
     gem build bettercap.gemspec
     sudo gem install bettercap*.gem
 
+**Installation on Kali Linux**
+
+Kali Linux has bettercap packaged and added to the **kali-rolling** repositories. To install bettercap and all dependencies in one fell swoop on the latest version of Kali Linux:
+    
+    apt-get update
+    apt-get dist-upgrade
+    apt-get install bettercap
+
 Documentation and Examples
 ============
 

data/lib/bettercap/firewalls/bsd.rb

@@ -38,9 +38,8 @@ class BSD < Base
   # If +enabled+ is true, the PF firewall will be enabled, otherwise it will
   # be disabled.
   def enable(enabled)
-    begin
-      Shell.execute("pfctl -#{enabled ? 'e' : 'd'} >/dev/null 2>&1")
-    rescue; end
+    Shell.execute("pfctl -#{enabled ? 'e' : 'd'} >/dev/null 2>&1")
+  rescue
   end
 
   # Apply the +r+ BetterCap::Firewalls::Redirection port redirection object.
@@ -66,12 +65,9 @@ class BSD < Base
     # disable pf
     enable false
 
-    begin
-      # remove the pf config file
-      File.delete( "/tmp/bettercap_pf_#{Process.pid}.conf" )
-    rescue
-    end
-
+    # remove the pf config file
+    File.delete( "/tmp/bettercap_pf_#{Process.pid}.conf" )
+  rescue
   end
 end
 end

data/lib/bettercap/logger.rb

@@ -91,7 +91,12 @@ module Logger
       loop do
         message = @@queue.pop
         if @@ctx.nil? or @@ctx.running
-          emit message
+          begin
+            emit message
+          rescue Exception => e
+            Logger.warn "Logger error: #{e.message}"
+            Logger.exception e
+          end
         end
       end
     end

data/lib/bettercap/monkey/celluloid/actor.rb

@@ -16,8 +16,8 @@ module Celluloid
 class Actor
   # Handle any exceptions that occur within a running actor
   def handle_crash(exception)
-      shutdown ExitEvent.new(behavior_proxy, exception)
-    rescue => ex
+    shutdown ExitEvent.new(behavior_proxy, exception)
+  rescue
   end
 end
 end

data/lib/bettercap/monkey/celluloid/io/udp_socket.rb

@@ -16,12 +16,10 @@ module Celluloid
   module IO
     class UDPSocket
       def initialize(address_family = ::Socket::AF_INET)
-        begin
-          @socket = ::UDPSocket.new(address_family)
-        rescue Errno::EMFILE
-          sleep 0.5
-          retry
-        end
+        @socket = ::UDPSocket.new(address_family)
+      rescue Errno::EMFILE
+        sleep 0.5
+        retry
       end
     end
   end

data/lib/bettercap/network/packet_queue.rb

@@ -49,13 +49,12 @@ class PacketQueue
 
   # Wait for the packet queue to be empty.
   def wait_empty( timeout )
-    begin
-      Timeout::timeout(timeout) {
-        while !@queue.empty?
-          sleep 0.5
-        end
-      }
-    rescue; end
+    Timeout::timeout(timeout) {
+      while !@queue.empty?
+        sleep 0.5
+      end
+    }
+  rescue
   end
 
   # Notify the queue to stop and wait for every worker to finish.

data/lib/bettercap/network/protos/base.rb

@@ -19,6 +19,7 @@ class Base
   TYPES = [
       :uint8,
       :uint16,
+      :uint16rev,
       :uint24,
       :uint32,
       :uint32rev,
@@ -64,6 +65,10 @@ class Base
           value = data[offset..offset + 1].unpack('S')[0]
           offset += 2
 
+        when :uint16rev
+          value = data[offset..offset + 1].reverse.unpack('S')[0]
+          offset += 2
+
         when :uint24
           value = data[offset..offset + 2].unpack('S')[0]
           offset += 3
@@ -132,28 +137,15 @@ class Base
   end
 
   def self.size( info, pkt, default )
-    if info[:opts].has_key?(:size)
-      if info[:opts][:size].is_a?(Integer)
-        return info[:opts][:size]
-      else
-        n = pkt.send( info[:opts][:size] )
-        return n
-      end
-    else
-      return default
-    end
+    return default unless info[:opts].has_key?(:size)
+    return info[:opts][:size] if info[:opts][:size].is_a?(Integer)
+    return pkt.send( info[:opts][:size] )
   end
 
   def self.offset( info, pkt, default )
-    if info[:opts].has_key?(:offset)
-      if info[:opts][:offset].is_a?(Integer)
-        return info[:opts][:offset]
-      else
-        return default + pkt.send( info[:opts][:offset] )
-      end
-    else
-      return default
-    end
+    return default unless info[:opts].has_key?(:offset)
+    return info[:opts][:offset] if info[:opts][:offset].is_a?(Integer)
+    return default + pkt.send( info[:opts][:offset] )
   end
 end
 

data/lib/bettercap/network/protos/teamviewer.rb

@@ -0,0 +1,119 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Network
+module Protos
+module TeamViewer
+
+  COMMANDS = {
+    10 => "CMD_IDENTIFY",
+    11 => "CMD_REQUESTCONNECT",
+    13 => "CMD_DISCONNECT",
+    14 => "CMD_VNCDISCONNECT",
+    15 => "CMD_TVCONNECTIONFAILED",
+    16 => "CMD_PING",
+    17 => "CMD_PINGOK",
+    18 => "CMD_MASTERCOMMAND",
+    19 => "CMD_MASTERRESPONSE",
+    20 => "CMD_CHANGECONNECTION",
+    21 => "CMD_NOPARTNERCONNECT",
+    22 => "CMD_CONNECTTOWAITINGTHREAD",
+    23 => "CMD_SESSIONMODE",
+    24 => "CMD_REQUESTROUTINGSESSION",
+    25 => "CMD_TIMEOUT",
+    26 => "CMD_JAVACONNECT",
+    27 => "CMD_KEEPALIVEBEEP",
+    28 => "CMD_REQUESTKEEPALIVE",
+    29 => "CMD_MASTERCOMMAND_ENCRYPTED",
+    30 => "CMD_MASTERRESPONSE_ENCRYPTED",
+    31 => "CMD_REQUESTRECONNECT",
+    32 => "CMD_RECONNECTTOWAITINGTHREAD",
+    33 => "CMD_STARTLOGGING",
+    34 => "CMD_SERVERAVAILABLE",
+    35 => "CMD_KEEPALIVEREQUEST",
+    36 => "CMD_OK",
+    37 => "CMD_FAILED",
+    38 => "CMD_PING_PERFORMANCE",
+    39 => "CMD_PING_PERFORMANCE_RESPONSE",
+    40 => "CMD_REQUESTKEEPALIVE2",
+    41 => "CMD_DISCONNECT_SWITCHEDTOUDP",
+    42 => "CMD_SENDMODE_UDP",
+    43 => "CMD_KEEPALIVEREQUEST_ANSWER",
+    44 => "CMD_ROUTE_CMD_TO_CLIENT",
+    45 => "CMD_NEW_MASTERLOGIN",
+    46 => "CMD_BUDDY",
+    47 => "CMD_ACCEPTROUTINGSESSION",
+    48 => "CMD_NEW_MASTERLOGIN_ANSWER",
+    49 => "CMD_BUDDY_ENCRYPTED",
+    50 => "CMD_REQUEST_ROUTE_BUDDY",
+    51 => "CMD_CONTACT_OTHER_MASTER",
+    52 => "CMD_REQUEST_ROUTE_ENCRYPTED",
+    53 => "CMD_ENDSESSION",
+    54 => "CMD_SESSIONID",
+    55 => "CMD_RECONNECT_TO_SESSION",
+    56 => "CMD_RECONNECT_TO_SESSION_ANSWER",
+    57 => "CMD_MEETING_CONTROL",
+    58 => "CMD_CARRIER_SWITCH",
+    59 => "CMD_MEETING_AUTHENTICATION",
+    60 => "CMD_ROUTERCMD",
+    61 => "CMD_PARTNERRECONNECT",
+    62 => "CMD_CONGRESTION_CONTROL",
+    63 => "CMD_ACK",
+    70 => "CMD_UDPREQUESTCONNECT",
+    71 => "CMD_UDPPING",
+    72 => "CMD_UDPREQUESTCONNECT_VPN",
+    90 => "CMD_DATA",
+    91 => "CMD_DATA2",
+    92 => "CMD_DATA_ENCRYPTED",
+    93 => "CMD_REQUESTENCRYPTION",
+    94 => "CMD_CONFIRMENCRYPTION",
+    95 => "CMD_ENCRYPTIONREQUESTFAILED",
+    96 => "CMD_REQUESTNOENCRYPTION",
+    97 => "CMD_UDPFLOWCONTROL",
+    98 => "CMD_DATA3",
+    99 => "CMD_DATA3_ENCRYPTED",
+    100 => "CMD_DATA3_RESENDPACKETS",
+    101 => "CMD_DATA3_ACKPACKETS",
+    102 => "CMD_AUTH_CHALLENGE",
+    103 => "CMD_AUTH_RESPONSE",
+    104 => "CMD_AUTH_RESULT",
+    105 => "CMD_RIP_MESSAGES",
+    106 => "CMD_DATA4",
+    107 => "CMD_DATASTREAM",
+    108 => "CMD_UDPHEARTBEAT",
+    109 => "CMD_DATA_DIRECTED",
+    110 => "CMD_UDP_RESENDPACKETS",
+    111 => "CMD_UDP_ACKPACKETS",
+    112 => "CMD_UDP_PROTECTEDCOMMAND",
+    113 => "CMD_FLUSHSENDBUFFER"
+}
+
+class Packet < Network::Protos::Base
+  uint16rev  :magic
+  uint8      :command_code
+
+  def version
+    return '1' if self.magic == 0x1130
+    return '2'
+  end
+
+  def command
+    return COMMANDS[ self.command_code ]
+  end
+end
+
+end
+end
+end
+end

data/lib/bettercap/network/servers/httpd.rb

@@ -22,16 +22,15 @@ class HTTPD
   def initialize( port = 8081, path = './' )
     @port = port
     @path = path
-    begin
-      @server = WEBrick::HTTPServer.new(
-        Port: @port,
-        DocumentRoot: @path,
-        Logger: WEBrick::Log.new("/dev/null"),
-        AccessLog: []
-      )
-    rescue Errno::EADDRINUSE
-      raise BetterCap::Error, "[HTTPD] It looks like there's another process listening on port #{@port}, please chose a different port."
-    end
+    @server = WEBrick::HTTPServer.new(
+      Port: @port,
+      DocumentRoot: @path,
+      Logger: WEBrick::Log.new("/dev/null"),
+      AccessLog: []
+    )
+  rescue Errno::EADDRINUSE
+    raise BetterCap::Error, "[HTTPD] It looks like there's another process listening on port #{@port}, "\
+                            "please chose a different port."
   end
 
   # Start the server.

data/lib/bettercap/network/target.rb

@@ -97,26 +97,21 @@ class Target
 
   # Return a compact string representation of this object.
   def to_s_compact
-    if @name
-      "#{@name}/#{@ip}"
-    else
-      @ip
-    end
+    return "#{@name}/#{@ip}" if @name
+    @ip
   end
 
   # Return true if this +Target+ is equal to the specified +ip+ and +mac+,
   # otherwise return false.
-  def equals?(ip, mac)
-    # compare by ip
-    if mac.nil?
-      return ( @ip == ip )
-    # compare by mac
-    elsif !@mac.nil? and ( @mac == mac )
-      Logger.info "Found IP #{ip} for target #{@mac}!" if @ip.nil?
-      @ip = ip
-      return true
-    end
-    false
+  def equals?(ip, mac = nil)
+    # compare by ip if no mac
+    return ( @ip == ip ) if mac.nil?
+    # false if no mac or if it's different
+    return false if @mac.nil? || ( @mac != mac )
+
+    Logger.info "Found IP #{ip} for target #{@mac}!" if @ip.nil?
+    @ip = ip
+    return true
   end
 
   def self.normalized_mac(v)

data/lib/bettercap/proxy/http/modules/injectcss.rb

@@ -67,10 +67,12 @@ class InjectCSS < BetterCap::Proxy::HTTP::Module
       BetterCap::Logger.info "[#{'INJECTCSS'.green}] Injecting CSS #{@@cssdata.nil?? "URL" : "file"} into #{request.to_url}"
       # inject URL
       if @@cssdata.nil?
-        response.body.sub!( '</head>', "  <link rel=\"stylesheet\" href=\"#{@cssurl}\"></script></head>" )
+	 replacement = " <link rel=\"stylesheet\" href=\"#{@cssurl}\"></script></head> "
+        response.body.sub!( '</head>' ) {replacement} 
       # inject data
       else
-        response.body.sub!( '</head>', "#{@@cssdata}</head>" )
+	 replacement = "#{@@cssdata}</head> "
+        response.body.sub!( '</head>' ) {replacement} 
       end
     end
   end

data/lib/bettercap/proxy/http/modules/injecthtml.rb

@@ -55,9 +55,11 @@ class InjectHTML < BetterCap::Proxy::HTTP::Module
       BetterCap::Logger.info "[#{'INJECTHTML'.green}] Injecting HTML code into #{request.to_url}"
 
       if @@data.nil?
-        response.body.sub!( '</body>', "<iframe src=\"#{@@iframe}\" frameborder=\"0\" height=\"0\" width=\"0\"></iframe></body>" )
+	 replacement = "<iframe src=\"#{@@iframe}\" frameborder=\"0\" height=\"0\" width=\"0\"></iframe></body>"
+        response.body.sub!( '</body>' ) {replacement}
       else
-        response.body.sub!( '</body>', "#{@@data}</body>" )
+	 replacement = "#{@@data}</body>"
+        response.body.sub!( '</body>' ) {replacement} 
       end
     end
   end

data/lib/bettercap/proxy/http/modules/injectjs.rb

@@ -67,10 +67,12 @@ class InjectJS < BetterCap::Proxy::HTTP::Module
       BetterCap::Logger.info "[#{'INJECTJS'.green}] Injecting javascript #{@@jsdata.nil?? "URL" : "file"} into #{request.to_url}"
       # inject URL
       if @@jsdata.nil?
-        response.body.sub!( '</head>', "<script src=\"#{@@jsurl}\" type=\"text/javascript\"></script></head>" )
+	 replacement = "<script src=\"#{@@jsurl}\" type=\"text/javascript\"></script></head>"
+        response.body.sub!( '</head>' ) {replacement} 
       # inject data
       else
-        response.body.sub!( '</head>', "#{@@jsdata}</head>" )
+	 replacement = "#{@@jsdata}<p></p></head>" 
+        response.body.sub!( '</head>') {replacement} 
       end
     end
   end

data/lib/bettercap/proxy/http/ssl/authority.rb

@@ -29,6 +29,10 @@ class Fetcher < Net::HTTP
   def self.fetch( hostname, port )
     http             = self.new( hostname, port )
     http.use_ssl     = true
+    http.ssl_timeout =
+    http.open_timeout =
+    http.read_timeout = 10
+
     http.verify_mode = OpenSSL::SSL::VERIFY_NONE
 
     http.head("/")

data/lib/bettercap/proxy/http/streamer.rb

@@ -166,10 +166,11 @@ class Streamer
   # Use a Net::HTTP object in order to perform the +req+ BetterCap::Proxy::HTTP::Request
   # object, will return a BetterCap::Proxy::HTTP::Response object instance.
   def perform_proxy_request(req, res)
-    path         = req.path
-    response     = nil
-    http         = Net::HTTP.new( req.host, req.port )
-    http.use_ssl = ( req.port == 443 )
+    path             = req.path
+    response         = nil
+    http             = Net::HTTP.new( req.host, req.port )
+    http.use_ssl     = ( req.port == 443 )
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
 
     http.start do
       response = yield( http, path, req.headers )

data/lib/bettercap/sniffer/parsers/teamviewer.rb

@@ -0,0 +1,30 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+module Parsers
+# MySQL authentication parser.
+class TeamViewer < Base
+  def on_packet( pkt )
+    begin
+      if pkt.tcp_dst == 5938 or pkt.tcp_src == 5938
+        packet = Network::Protos::TeamViewer::Packet.parse( pkt.payload )
+        unless packet.nil?
+          StreamLogger.log_raw( pkt, 'TEAMVIEWER', "#{'version'.blue}=#{packet.version.yellow} #{'command'.blue}=#{packet.command.yellow}"  )
+        end
+      end
+    rescue; end
+  end
+end
+end
+end

data/lib/bettercap/version.rb

@@ -12,7 +12,7 @@ This project is released under the GPL 3 license.
 =end
 module BetterCap
   # Current version of bettercap.
-  VERSION = '1.5.5'
+  VERSION = '1.5.6'
   # Program banner.
   BANNER = File.read( File.dirname(__FILE__) + '/banner' ).gsub( '#VERSION#', "v#{VERSION}")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bettercap
 version: !ruby/object:Gem::Version
-  version: 1.5.5
+  version: 1.5.6
 platform: ruby
 authors:
 - Simone Margaritelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-05-25 00:00:00.000000000 Z
+date: 2016-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -16,20 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.7.5
+        version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.7.5
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: packetfu
   requirement: !ruby/object:Gem::Requirement
@@ -194,6 +188,7 @@ files:
 - lib/bettercap/network/protos/mysql.rb
 - lib/bettercap/network/protos/ntlm.rb
 - lib/bettercap/network/protos/snmp.rb
+- lib/bettercap/network/protos/teamviewer.rb
 - lib/bettercap/network/servers/dnsd.rb
 - lib/bettercap/network/servers/httpd.rb
 - lib/bettercap/network/services
@@ -246,6 +241,7 @@ files:
 - lib/bettercap/sniffer/parsers/rlogin.rb
 - lib/bettercap/sniffer/parsers/snmp.rb
 - lib/bettercap/sniffer/parsers/snpp.rb
+- lib/bettercap/sniffer/parsers/teamviewer.rb
 - lib/bettercap/sniffer/parsers/url.rb
 - lib/bettercap/sniffer/parsers/whatsapp.rb
 - lib/bettercap/sniffer/sniffer.rb