xettercap 1.5.7xerob

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bbfc85fac2603c848498feb4a8acd1ea7bba9ebecfbf22b053b374138db3a272
+  data.tar.gz: f45da6057ca6f78421932054270e47258643d68905d632d438e09c8874b637b7
+SHA512:
+  metadata.gz: b24afaa692025254897bd1aaa78759847f86e5a55d2b49507bd779965fc286a6d8298b26e44569ac6ce42b6cf739134116ee4678c6c589896a67a32cb9554ce8
+  data.tar.gz: 3615020fca5dff0349202c8355becf5fccc507edec430a6289c890221c439aea00f6aff6fc88f3caff9d23a5ef57d8f91541b341a8cf504d1bc98ac1a354b92d

data/bin/xettercap

@@ -0,0 +1,61 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+
+=begin
+
+  BETTERCAP
+
+  Author : Simone 'evilsocket' Margaritelli
+  Email  : evilsocket@gmail.com
+  Blog   : http://www.evilsocket.net/
+
+  This project is released under the GPL 3 license.
+
+=end
+
+require 'bettercap'
+begin
+
+  # We need this in order to report unhandled exceptions.
+
+
+  # Create global context, parse command line arguments and perform basic
+  # error checking.
+  ctx = BetterCap::Options.parse!
+
+  ctx.start!
+
+  loop do
+    sleep 10
+  end
+
+rescue SystemExit, Interrupt, SignalException
+  BetterCap::Logger.raw "\n"
+
+rescue OptionParser::InvalidOption,
+       OptionParser::AmbiguousOption,
+       OptionParser::MissingArgument => e
+  BetterCap::Logger.error "'#{e.message.capitalize}', verify your command line arguments executing 'bettercap --help'."
+
+rescue BetterCap::Error => e
+  BetterCap::Logger.error e.message
+
+rescue Exception => e
+  puts "\n\n"
+  BetterCap::Logger.error "Oooops, seems like something weird occurred, please copy paste the following output " \
+                          "and open a new issue on https://github.com/evilsocket/bettercap/issues :\n"
+
+  BetterCap::Logger.error "Platform          : #{RUBY_PLATFORM}"
+  BetterCap::Logger.error "Ruby Version      : #{RUBY_VERSION}"
+  BetterCap::Logger.error "BetterCap Version : #{BetterCap::VERSION}"
+  BetterCap::Logger.error "Command Line      : #{original_argv.join(" ")}"
+  BetterCap::Logger.error "Exception         : #{e.class}"
+  BetterCap::Logger.error "Message           : #{e.message}"
+  BetterCap::Logger.error "Backtrace         :\n\n    #{e.backtrace.join("\n    ")}\n"
+
+ensure
+  # Make sure all the messages on the logger queue are printed.
+  BetterCap::Logger.wait!
+
+  ctx.finalize unless ctx.nil?
+end

data/lib/bettercap/banner

@@ -0,0 +1,2 @@
+
+

data/lib/bettercap/context.rb

@@ -0,0 +1,259 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+module BetterCap
+# This class holds global states and data, moreover it exposes high level
+# methods to manipulate the program behaviour.
+class Context
+  # Instance of BetterCap::Options class.
+  attr_accessor :options
+  # Instance of the current BetterCap::Firewalls class.
+  attr_accessor :firewall
+  # Local interface ( as an instance of BetterCap::Network::Target ).
+  attr_accessor :iface
+  # Network gateway ( as an instance of BetterCap::Network::Target ).
+  attr_accessor :gateway
+  # A list of BetterCap::Target objects which is periodically updated.
+  attr_accessor :targets
+  # Instance of BetterCap::Discovery::Thread class.
+  attr_accessor :discovery
+  # A list of BetterCap::Spoofers class instances.
+  attr_accessor :spoofer
+  # Instance of BetterCap::Network::Servers::HTTPD class.
+  attr_accessor :httpd
+  # Instance of BetterCap::Network::Servers::DNSD class.
+  attr_accessor :dnsd
+  # Set to true if the program is running, to false if a shutdown was
+  # scheduled by the user which pressed CTRL+C
+  attr_accessor :running
+  # Timeout for discovery operations.
+  attr_reader   :timeout
+  # Instance of BetterCap::PacketQueue.
+  attr_reader   :packets
+  # Instance of BetterCap::Memory.
+  attr_reader   :memory
+
+  @@instance = nil
+
+  # Return the global instance of the program Context, if the instance
+  # was not yet created it will be initialized and returned.
+  def self.get
+    @@instance ||= self.new
+  end
+
+  # Initialize the global context object.
+  def initialize
+    begin
+      iface = PCAPRUB::Pcap.lookupdev
+    rescue Exception => e
+      iface = nil
+      Logger.exception e
+    end
+
+    @running      = true
+    @timeout      = 5
+    @options      = Options.new iface
+    @discovery    = Discovery::Thread.new self
+    @firewall     = Firewalls::Base.get
+    @memory       = Memory.new
+    @iface        = nil
+    @original_mac = nil
+    @gateway      = nil
+    @targets      = []
+    @spoofer      = nil
+    @httpd        = nil
+    @dnsd         = nil
+    @proxies      = []
+    @redirections = []
+    @packets      = nil
+  end
+
+  # Update the Context state parsing network related informations.
+  def update!
+    gw = @options.core.gateway || Network.get_gateway
+    raise BetterCap::Error, "Could not detect the gateway address for interface #{@options.core.iface}, "\
+                            'make sure you\'ve specified the correct network interface to use and to have the '\
+                            'correct network configuration, this could also happen if bettercap '\
+                            'is launched from a virtual environment.' unless Network::Validator.is_ip?(gw)
+
+    unless @options.core.use_mac.nil?
+      cfg = PacketFu::Utils.ifconfig @options.core.iface
+      raise BetterCap::Error, "Could not determine IPv4 address of '#{@options.core.iface}', make sure this interface "\
+                              'is active and connected.' if cfg[:ip4_obj].nil?
+
+      @original_mac = Network::Target.normalized_mac(cfg[:eth_saddr])
+
+      Logger.info "Changing interface MAC address to #{@options.core.use_mac}"
+
+      Shell.ifconfig( "#{@options.core.iface} ether #{@options.core.use_mac}")
+    end
+
+    cfg = PacketFu::Utils.ifconfig @options.core.iface
+    raise BetterCap::Error, "Could not determine IPv4 address of '#{@options.core.iface}', make sure this interface "\
+                            'is active and connected.' if cfg[:ip4_obj].nil?
+
+    @gateway = Network::Target.new gw
+    @targets = @options.core.targets unless @options.core.targets.nil?
+    @iface   = Network::Target.new( cfg[:ip_saddr], cfg[:eth_saddr], cfg[:ip4_obj], cfg[:iface] )
+
+    ###Logger.info "[#{@iface.name.green}] #{@iface.to_s(false)}"
+
+    Logger.debug '----- NETWORK INFORMATIONS -----'
+    Logger.debug "  network  = #{@iface.network} ( #{@iface.network.to_range.to_s.split('..').join( ' -> ')} )"
+    Logger.debug "  gateway  = #{@gateway.ip}"
+    Logger.debug "  local_ip = #{@iface.ip}"
+    Logger.debug "--------------------------------\n"
+
+    @packets = Network::PacketQueue.new( @iface.name, @options.core.packet_throttle, 4 )
+    # Spoofers need the context network data to be initialized.
+    @spoofer = @options.spoof.parse_spoofers
+  end
+
+  # Find a target given its +ip+ and +mac+ addresses inside the #targets
+  # list, if not found return nil.
+  def find_target ip, mac
+    @targets.each do |target|
+      if target.equals?(ip,mac)
+        return target
+      end
+    end
+    nil
+  end
+
+  # Start everything!
+  def start!
+    # Start targets auto discovery.
+    @discovery.start
+
+    # Start network spoofers if any.
+    @spoofer.each do |spoofer|
+      spoofer.start
+    end
+
+    # Start proxies and setup port redirection.
+    if @options.proxies.any?
+      if ( @options.proxies.proxy or @options.proxies.proxy_https ) and @options.sniff.enabled?('URL')
+        BetterCap::Logger.warn "WARNING: Both HTTP transparent proxy and URL parser are enabled, you're gonna see duplicated logs."
+      end
+      create_proxies!
+    end
+
+    enable_port_redirection!
+
+    create_servers!
+
+    # Start network sniffer.
+    if @options.sniff.enabled?
+      Sniffer.start self
+    elsif @options.spoof.enabled? and !@options.proxies.any?
+      Logger.warn 'WARNING: Sniffer module was NOT enabled ( -X argument ), this '\
+                  'will cause the MITM to run but no data to be collected.'
+    end
+  end
+
+  # Stop every running daemon that was started and reset system state.
+  def finalize
+    @running = false
+
+    # Logger is silent if @running == false
+    puts "\nStopping MITM attack ...\n"
+
+    Logger.debug 'Stopping target discovery manager ...'
+    @discovery.stop
+
+    Logger.debug 'Stopping spoofers ...'
+    @spoofer.each do |spoofer|
+      spoofer.stop
+    end
+
+    # Spoofer might be sending some last packets to restore the targets,
+    # the packet queue must be stopped here.
+    @packets.stop
+
+    Logger.debug 'Stopping proxies ...'
+    @proxies.each do |proxy|
+      proxy.stop
+    end
+
+    Logger.debug 'Disabling port redirections ...'
+    @redirections.each do |r|
+      @firewall.del_port_redirection( r )
+    end
+
+    Logger.debug 'Restoring firewall state ...'
+    @firewall.restore
+
+    @dnsd.stop unless @dnsd.nil?
+    @httpd.stop unless @httpd.nil?
+
+    Shell.ifconfig( "#{@options.core.iface} ether #{@original_mac}") unless @original_mac.nil?
+  end
+
+  private
+
+  # Apply needed BetterCap::Firewalls::Redirection objects.
+  def enable_port_redirection!
+    @redirections = @options.get_redirections(@iface)
+    @redirections.each do |r|
+      Logger.debug "Redirecting #{r.protocol} traffic from #{r.src_address.nil? ? '*' : r.src_address}:#{r.src_port} to #{r.dst_address}:#{r.dst_port}"
+      @firewall.add_port_redirection( r )
+    end
+  end
+
+  # Initialize the needed transparent proxies and the processor routined which
+  # is needed in order to run proxy modules.
+  def create_proxies!
+    if @options.proxies.has_proxy_module?
+      Proxy::HTTP::Module.register_modules
+      raise BetterCap::Error, "#{@options.proxies.proxy_module} is not a valid bettercap proxy module." if Proxy::HTTP::Module.modules.empty?
+    end
+
+    # create HTTP proxy
+    if @options.proxies.proxy
+      @proxies << Proxy::HTTP::Proxy.new( @iface.ip, @options.proxies.proxy_port, false )
+    end
+
+    # create HTTPS proxy
+    if @options.proxies.proxy_https
+      @proxies << Proxy::HTTP::Proxy.new( @iface.ip, @options.proxies.proxy_https_port, true )
+    end
+
+    # create TCP proxy
+    if @options.proxies.tcp_proxy
+      @proxies << Proxy::TCP::Proxy.new( @iface.ip, @options.proxies.tcp_proxy_port, @options.proxies.tcp_proxy_upstream_address, @options.proxies.tcp_proxy_upstream_port )
+    end
+
+    @proxies.each do |proxy|
+      proxy.start
+    end
+  end
+
+  # Initialize and start the needed servers.
+  def create_servers!
+    # Start local DNS server.
+    if @options.servers.dnsd
+      Logger.warn "Starting DNS server with spoofing disabled, bettercap will only reply to local DNS queries." unless @options.spoof.enabled?
+
+      @dnsd = Network::Servers::DNSD.new( @options.servers.dnsd_file, @iface.ip, @options.servers.dnsd_port )
+      @dnsd.start
+    end
+
+    # Start local HTTP server.
+    if @options.servers.httpd
+      @httpd = Network::Servers::HTTPD.new( @options.servers.httpd_port, @options.servers.httpd_path )
+      @httpd.start
+    end
+  end
+
+end
+end

data/lib/bettercap/discovery/agents/arp.rb

@@ -0,0 +1,37 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Parse the ARP table searching for new hosts.
+module BetterCap
+module Discovery
+module Agents
+# Class responsible of sending ARP probes to each possible IP on the network.
+class Arp < Discovery::Agents::Base
+  private
+
+  # Build a PacketFu::ARPPacket instance for the specified +ip+ address.
+  def get_probe( ip )
+    pkt = PacketFu::ARPPacket.new
+
+    pkt.eth_saddr     = pkt.arp_saddr_mac = @ctx.iface.mac
+    pkt.eth_daddr     = 'ff:ff:ff:ff:ff:ff'
+    pkt.arp_daddr_mac = '00:00:00:00:00:00'
+    pkt.arp_saddr_ip  = @ctx.iface.ip
+    pkt.arp_daddr_ip  = ip.to_s
+
+    pkt
+  end
+end
+end
+end
+end

data/lib/bettercap/discovery/agents/base.rb

@@ -0,0 +1,73 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Base class for discovery agents.
+module BetterCap
+module Discovery
+module Agents
+# Base class for BetterCap::Discovery::Agents.
+class Base
+  # Initialize the agent using the +ctx+ BetterCap::Context instance.
+  # If +address+ is not nil only that ip will be probed.
+  def initialize( ctx, address = nil )
+    @ctx     = ctx
+    @address = address
+
+    if @address.nil?
+      net = ip = @ctx.iface.network
+      # loop each ip in our subnet and push it to the queue
+      while net.include?ip
+        unless skip_address?(ip)
+          @ctx.packets.push( get_probe(ip) )
+        end
+        ip = ip.succ
+      end
+    else
+      if skip_address?(@address)
+        Logger.debug "Skipping #{@address} ..."
+      else
+        Logger.debug "Probing #{@address} ..."
+        @ctx.packets.push( get_probe(@address) )
+      end
+    end
+  end
+
+  private
+
+  # Return true if +ip+ must be skipped during discovery, otherwise false.
+  def skip_address?(ip)
+    # don't send probes to the gateway if we already have its MAC.
+    if ip == @ctx.gateway.ip
+      return !@ctx.gateway.mac.nil?
+    # don't send probes to our device
+    elsif ip == @ctx.iface.ip
+      return true
+    # don't stress endpoints we already discovered
+    else
+      target = @ctx.find_target( ip.to_s, nil )
+      # known target?
+      return false if target.nil?
+      # do we still need to get the mac for this target?
+      return ( target.mac.nil?? false : true )
+    end
+
+  end
+
+  # Each Discovery::Agent::Base derived class should implement this method.
+  def get_probe( ip )
+    Logger.warn "#{self.class.name}#get_probe not implemented!"
+  end
+end
+end
+end
+end

data/lib/bettercap/discovery/agents/icmp.rb

@@ -0,0 +1,44 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Send a broadcast ping trying to filling the ARP table.
+module BetterCap
+module Discovery
+module Agents
+# Class responsible to do a ping-sweep on the network.
+class Icmp
+  # Create a thread which will perform a ping-sweep on the network in order
+  # to populate the ARP cache with active targets.
+  def initialize( ctx, address = nil )
+    Firewalls::Base.get.enable_icmp_bcast(true)
+
+    # TODO: Use the real broadcast address for this network.
+    3.times do
+      pkt = PacketFu::ICMPPacket.new
+
+      pkt.eth_saddr = ctx.iface.mac
+      pkt.eth_daddr = 'ff:ff:ff:ff:ff:ff'
+      pkt.ip_saddr  = ctx.iface.ip
+      pkt.ip_daddr  = '255.255.255.255'
+      pkt.icmp_type = 8
+      pkt.icmp_code = 0
+      pkt.payload   = "ABCD"
+      pkt.recalc
+
+      ctx.packets.push(pkt)
+    end
+  end
+end
+end
+end
+end

data/lib/bettercap/discovery/agents/udp.rb

@@ -0,0 +1,30 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+
+# Send UDP probes trying to filling the ARP table.
+module BetterCap
+module Discovery
+module Agents
+# Class responsible to send UDP probe packets to each possible IP on the network.
+class Udp < Discovery::Agents::Base
+  private
+
+  # Build an UDP packet for the specified +ip+ address.
+  def get_probe( ip )
+    # send dummy udp packet, just to fill ARP table
+    [ ip.to_s, 137, "\x10\x12\x85\x00\x00" ]
+  end
+end
+end
+end
+end

data/lib/bettercap/discovery/thread.rb

@@ -0,0 +1,128 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+module BetterCap
+module Discovery
+# Class responsible to actively discover targets on the network.
+class Thread
+  # Initialize the class using the +ctx+ BetterCap::Context instance.
+  def initialize( ctx )
+    @ctx     = ctx
+    @running = false
+    @thread  = nil
+  end
+
+  # Start the active network discovery thread.
+  def start
+    @running = true
+    @thread  = ::Thread.new { worker }
+
+    if @ctx.options.core.discovery?
+      ###Logger.info "[#{'DISCOVERY'.green}] Targeting the whole subnet #{@ctx.iface.network.to_range} ..."
+      # give some time to the discovery thread to spawn its workers,
+      # this will prevent 'Too many open files' errors to delay host
+      # discovery.
+      sleep(1.5)
+    end
+  end
+
+  # Stop the active network discovery thread.
+  def stop
+    @running = false
+    if @thread != nil
+      begin
+        @thread.exit
+      rescue
+      end
+    end
+  end
+
+  private
+
+  # Return true if the +list+ of targets includes +target+.
+  def list_include_target?( list, target )
+    list.each do |t|
+      if t.equals?(target.ip, target.mac)
+        return true
+      end
+    end
+    false
+  end
+
+  # Print informations about new and lost targets.
+  def print_differences( prev )
+    diff = { :new => [], :lost => [] }
+
+    @ctx.targets.each do |target|
+      unless list_include_target?( prev, target )
+        diff[:new] << target
+      end
+    end
+
+    prev.each do |target|
+      unless list_include_target?( @ctx.targets, target )
+        diff[:lost] << target
+      end
+    end
+
+    unless diff[:new].empty? and diff[:lost].empty?
+      if diff[:new].empty?
+        snew = ""
+      else
+        snew = "Acquired #{diff[:new].size} new target#{diff[:new].size > 1 ? "s" : ""}"
+      end
+
+      if diff[:lost].empty?
+        slost = ""
+      else
+        slost = "#{snew.empty?? 'L' : ', l'}ost #{diff[:lost].size} target#{diff[:lost].size > 1 ? "s" : ""}"
+      end
+
+      Logger.info "#{snew}#{slost} :"
+
+      msg = "\n"
+      diff[:new].each do |target|
+        msg += "  [#{'NEW'.green}] #{target.to_s(false)}\n"
+      end
+      diff[:lost].each do |target|
+        msg += "  [#{'LOST'.red}] #{target.to_s(false)}\n"
+      end
+      msg += "\n"
+      Logger.raw msg
+    end
+  end
+
+  # This method implements the main discovery logic, it will be executed within
+  # the spawned thread.
+  def worker
+    Logger.debug( 'Network discovery thread started.' ) if @ctx.options.core.discovery?
+
+    prev = []
+    while @running
+      # No targets specified.
+      if @ctx.options.core.targets.nil?
+        @ctx.targets = Network.get_alive_targets(@ctx).sort_by {
+          |t| t.sortable_ip
+        }
+      end
+
+      print_differences( prev ) if @ctx.options.core.discovery?
+
+      prev = @ctx.targets
+
+      @ctx.memory.optimize!
+      sleep(1) if @ctx.options.core.discovery?
+    end
+  end
+end
+end
+end

data/lib/bettercap/error.rb

@@ -0,0 +1,16 @@
+# encoding: UTF-8
+=begin
+
+BETTERCAP
+
+Author : Simone 'evilsocket' Margaritelli
+Email  : evilsocket@gmail.com
+Blog   : http://www.evilsocket.net/
+
+This project is released under the GPL 3 license.
+
+=end
+module BetterCap
+  # Class used to distinghuish between handled and unhandled exceptions.
+  class Error < StandardError; end
+end