-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for HTTP POST and Basic Auth to psnuffle #10315
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,24 @@ | ||
# Psnuffle password sniffer add-on class for HTTP GET URL's | ||
# Psnuffle password sniffer add-on class for HTTP URLs | ||
# part of psnuffle sniffer auxiliary module | ||
|
||
# | ||
# Very simple example how to write sniffer extensions | ||
# Sniffer class for GET/POST URLs. | ||
# Also extracts HTTP Basic authentication credentials. | ||
# | ||
|
||
# Sniffer class for GET URL's | ||
class SnifferURL < BaseProtocolParser | ||
def register_sigs | ||
self.sigs = { | ||
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i, | ||
:webhost => /^HOST\:\s+([^\n\r]+)/i, | ||
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Prefer There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Assuming you're keeping the style because no one really uses this anymore anyway. |
||
:post => /^POST\s+([^\n]+)\s+HTTP\/\d\.\d/i, | ||
:webhost => /^HOST:\s+([^\n\r]+)/i, | ||
:basic_auth => /^Authorization:\s+Basic\s+([^\n\r]+)/i, | ||
} | ||
end | ||
|
||
def parse(pkt) | ||
# We want to return immediantly if we do not have a packet which is handled by us | ||
# We want to return immediatly if we do not have a packet which is handled by us | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Immediately. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is the only thing I'd change for sure. :-) |
||
return unless pkt.is_tcp? | ||
return if (pkt.tcp_sport != 80 and pkt.tcp_dport != 80) | ||
return if (pkt.tcp_sport != 80 && pkt.tcp_dport != 80) | ||
s = find_session((pkt.tcp_sport == 80) ? get_session_src(pkt) : get_session_dst(pkt)) | ||
|
||
self.sigs.each_key do |k| | ||
|
@@ -34,15 +36,20 @@ def parse(pkt) | |
case matched | ||
when :webhost | ||
sessions[s[:session]].merge!({k => matches}) | ||
if(s[:get]) | ||
if s[:get] | ||
print_status("HTTP GET: #{s[:session]} http://#{s[:webhost]}#{s[:get]}") | ||
sessions.delete(s[:session]) | ||
return | ||
end | ||
if s[:post] | ||
print_status("HTTP POST: #{s[:session]} http://#{s[:webhost]}#{s[:post]}") | ||
end | ||
if s[:basic_auth] | ||
s[:user], s[:pass] = Rex::Text.decode_base64(s[:basic_auth]).split(':', 2) | ||
report_auth_info s | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same down here re style. No one really uses this. I'd change it to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Left it the same for consistency. Figured |
||
print_status "HTTP Basic Authentication: #{s[:session]} >> #{s[:user]} / #{s[:pass]}" | ||
end | ||
when nil | ||
# No matches, no saved state | ||
end # end case matched | ||
end # end of each_key | ||
end # end of parse | ||
end # end of URL sniffer | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file isn't even in the right place. :/