logging option for user messages

CHANGELOG

@@ -33,6 +33,7 @@ NG-0.7.0    ????????
    + non root users can use ettercap to read from files
    + advanced ARP poisoning engine
    + unoffensive mode (doesn't forward packets)
+   + user messages can be logged
    + dissector enhancements in: 
       + POP (APOP and AUTH LOGIN support)
       + X11 (banner discovery)

TODO

@@ -27,16 +27,14 @@ this is the unofficial and floating in time roadmap:
       - write the requirements for each os
       - developer docs
 
-Oct 2003:
-
    + FIXING
       - nothing for now...
+
+Oct 2003:
 
    + CONNECTIONS
       - add the type to overwrite etter.services
 
-   + log the user messages
-
    + INJECTION 
       - it is done by the ui looking the sessions (locking them)
 

include/ec_globals.h

@@ -1,5 +1,5 @@
 
-/* $Id: ec_globals.h,v 1.32 2003/10/13 10:43:50 alor Exp $ */
+/* $Id: ec_globals.h,v 1.33 2003/10/18 11:27:42 alor Exp $ */
 
 #ifndef EC_GLOBALS_H
 #define EC_GLOBALS_H
@@ -54,6 +54,7 @@ struct ec_options {
    char *dumpfile;
    char *target1;
    char *target2;
+   FILE *msg_fd;
    int (*format)(const u_char *, size_t, u_char *);
    regex_t *regex;
 };

include/ec_log.h

@@ -1,5 +1,5 @@
 
-/* $Id: ec_log.h,v 1.15 2003/09/19 16:47:47 alor Exp $ */
+/* $Id: ec_log.h,v 1.16 2003/10/18 11:27:42 alor Exp $ */
 
 #ifndef EC_LOG_H
 #define EC_LOG_H
@@ -115,6 +115,9 @@ extern int set_loglevel(int level, char *filename);
 
 extern void log_packet(struct packet_object *po);
 
+extern int set_msg_loglevel(int level, char *filename);
+#define LOG_TRUE     1
+#define LOG_FALSE    0
 
 #endif
 

include/ec_packet.h

@@ -1,5 +1,5 @@
 
-/* $Id: ec_packet.h,v 1.20 2003/10/14 21:20:47 lordnaga Exp $ */
+/* $Id: ec_packet.h,v 1.21 2003/10/18 11:27:42 alor Exp $ */
 
 #if !defined(EC_PACKET_H)
 #define EC_PACKET_H
@@ -77,7 +77,7 @@ struct packet_object {
 
 
    u_int8 flags;                       /* flags relative to the packet */
-      #define PO_IGNORE       ((u_int8)(1))        /* this packet should not be processed (e.g. sniffing filter didn't match it) */
+      #define PO_IGNORE       ((u_int8)(1))        /* this packet should not be processed (e.g. sniffing TARGETS didn't match it) */
       #define PO_FORWARDABLE  ((u_int8)(1<<1))     /* the packet has our MAC address, by the IP is not ours */
 
       #define PO_FROMIFACE    ((u_int8)(1<<2))     /* this packet comes from the primary interface */

man/ettercap.8.in

@@ -14,7 +14,7 @@
 .\"  along with this program; if not, write to the Free Software
 .\"  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 .\"
-.\"  $Id: ettercap.8.in,v 1.38 2003/10/11 19:43:42 alor Exp $
+.\"  $Id: ettercap.8.in,v 1.39 2003/10/18 11:27:42 alor Exp $
 .\"
 .de Sp
 .if n .sp
@@ -502,6 +502,14 @@ option.
 Very similar to -L but it logs only passive information + users and passwords
 for each host. The file will be named LOGFILE.eci
 
+.TP
+\fB\-m\fR, \fB\-\-log-msg <LOGFILE>\fR
+It stores in <LOGFILE> all the user messages printed by ettercap. This can be
+useful when you are using ettercap in daemon mode or if you want to track down
+all the messages. Indeed, some dissectors prints messages but their
+informations are not stored anywhere, so this is the only way to keep track of
+them.
+
 .TP
 \fB\-c\fR, \fB\-\-compress\fR
 Compress the logfile with the gzip algorithm while it is dumped. etterlog(8) is

share/etter.filter.pcre

@@ -25,12 +25,12 @@
 # swap first two words of a udp packet
 
 if (ip.proto == UDP) {
-   pcre_regex(DATA.data, "/^([^ ]*) *([^ ]*)/$2 $1/");
+   pcre_regex(DATA.data, "^([^ ]*) *([^ ]*)", "$2 $1");
 }
 
 # matches 'foo' and the beginning of the line, then a word, then 'bar'
 
-if (pcre_regex(DECODED.data, "/^foo [^ ]+ bar/")) {
+if (pcre_regex(DECODED.data, "^foo [^ ]+ bar")) {
    msg("found");
 }
 

src/ec_log.c

@@ -17,11 +17,12 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-    $Id: ec_log.c,v 1.25 2003/10/16 16:46:48 alor Exp $
+    $Id: ec_log.c,v 1.26 2003/10/18 11:27:42 alor Exp $
 */
 
 #include <ec.h>
 #include <ec_log.h>
+#include <ec_file.h>
 #include <ec_packet.h>
 #include <ec_passive.h>
 #include <ec_threads.h>
@@ -47,6 +48,7 @@ static int fd_i;
 
 static void log_close(void);
 int set_loglevel(int level, char *filename);
+int set_msg_loglevel(int level, char *filename);
 
 void log_packet(struct packet_object *po);
 
@@ -521,6 +523,33 @@ static void log_write_info_arp_icmp(struct packet_object *po)
 }
 
 
+/*
+ * open/close the file to store all the USER_MSG
+ */
+int set_msg_loglevel(int level, char *filename)
+{
+   switch (level) {
+      case LOG_TRUE:
+         /* why we are opening an already opened file ? */
+         BUG_IF(GBL_OPTIONS->msg_fd != NULL);
+
+         GBL_OPTIONS->msg_fd = fopen(filename, FOPEN_WRITE_TEXT);
+         if (GBL_OPTIONS->msg_fd == NULL)
+            FATAL_MSG("Cannot open \"%s\" for writing", filename);
+
+         break;
+
+      case LOG_FALSE:
+         /* close the file and set the pointer to NULL */
+         if (GBL_OPTIONS->msg_fd) {
+            fclose(GBL_OPTIONS->msg_fd);
+            GBL_OPTIONS->msg_fd = NULL;
+         }
+         break;
+   }
+
+   return ESUCCESS;
+}
 
 /* EOF */
 

src/ec_parser.c

@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-    $Id: ec_parser.c,v 1.45 2003/10/15 13:12:04 alor Exp $
+    $Id: ec_parser.c,v 1.46 2003/10/18 11:27:42 alor Exp $
 */
 
 
@@ -79,6 +79,7 @@ void ec_usage(void)
    fprintf(stdout, "  -w, --write <file>          write sniffed data to pcapfile <file>\n");
    fprintf(stdout, "  -L, --log <logfile>         log all the traffic to this <logfile>\n");
    fprintf(stdout, "  -l, --log-info <logfile>    log only passive infos to this <logfile>\n");
+   fprintf(stdout, "  -m, --log-msg <logfile>     log all the messages to this <logfile>\n");
    fprintf(stdout, "  -c, --compress              use gzip compression on log files\n");
    fprintf(stdout, "  -o, --only-local            store profiles only for local hosts\n");
    fprintf(stdout, "  -O, --only-remote           store profiles only for remote hosts\n");
@@ -144,6 +145,7 @@ void parse_options(int argc, char **argv)
 
       { "log", required_argument, NULL, 'L' },
       { "log-info", required_argument, NULL, 'l' },
+      { "log-msg", required_argument, NULL, 'm' },
       { "compress", no_argument, NULL, 'c' },
       { "only-local", no_argument, NULL, 'o' },
       { "only-remote", no_argument, NULL, 'O' },
@@ -173,7 +175,7 @@ void parse_options(int argc, char **argv)
 
    optind = 0;
 
-   while ((c = getopt_long (argc, argv, "B:CchDdEe:F:f:Ghi:j:k:L:l:M:n:OoP:pqiRr:Tt:UuV:vw:z", long_options, (int *)0)) != EOF) {
+   while ((c = getopt_long (argc, argv, "B:CchDdEe:F:f:Ghi:j:k:L:l:M:m:n:OoP:pqiRr:Tt:UuV:vw:z", long_options, (int *)0)) != EOF) {
 
       switch (c) {
 
@@ -265,6 +267,11 @@ void parse_options(int argc, char **argv)
                   if (set_loglevel(LOG_INFO, optarg) == -EFATAL)
                      clean_exit(-EFATAL);
                   break;
+
+         case 'm':
+                  if (set_msg_loglevel(LOG_TRUE, optarg) == -EFATAL)
+                     clean_exit(-EFATAL);
+                  break;
 
          case 'c':
                   GBL_OPTIONS->compress = 1;

src/ec_ui.c

@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-    $Id: ec_ui.c,v 1.20 2003/10/12 15:28:27 alor Exp $
+    $Id: ec_ui.c,v 1.21 2003/10/18 11:27:42 alor Exp $
 */
 
 #include <ec.h>
@@ -212,11 +212,14 @@ void ui_msg(const char *fmt, ...)
       SAFE_REALLOC(msg->message, size);
    }
 
+   /* log the messages if needed */
+   if (GBL_OPTIONS->msg_fd)
+      fprintf(GBL_OPTIONS->msg_fd, "%s", msg->message);
+
    /* 
     * MUST use the mutex.
     * this MAY be a different thread !!
     */
-
    UI_MSG_LOCK;
 
    /* add the message to the queue */