-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add setg sessiontlvlogging command to log TLV packets #16135
Add setg sessiontlvlogging command to log TLV packets #16135
Conversation
We'll want to make sure this works with the |
d0f203f
to
721329c
Compare
That would be interesting to have this also logged to a file. This could be set with an option, for example:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may want to follow a similar pattern to the existing session logging, it's potentially worth taking a look at that to see if it's a viable pattern to follow
6418d70
to
4bc6ea6
Compare
4bc6ea6
to
96f31e7
Compare
Looks like we'll want to also include this in the top level options:
|
We might find use out of allowing users to specify timestamps etc, similar to the current prompt handling: metasploit-framework/lib/rex/ui/text/shell.rb Lines 390 to 393 in e771147
|
7c054bd
to
9d2911c
Compare
Thinking aloud: Should we validate the file path is valid on assignment?
If we fail to write to a log file, should that block meterpreter from working? It feels like something we might be able to ignore 🤔 |
9d2911c
to
ec55f75
Compare
ec55f75
to
c8a02c2
Compare
c8a02c2
to
869f073
Compare
pathname = ::Pathname.new(path) | ||
|
||
begin | ||
self.tlv_log_file ||= ::File.open(pathname, 'a+') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a blocker: If the user changed log file location, this would still log to the old location. I believe that's what handle_session_tlv_logging
is meant to handle potentially
4a50a53
to
a2fadf0
Compare
Release NotesThis adds support for logging Meterpreter's TLV Packets with |
This PR allows the user to
setg sessiontlvlogging true/console/false/file:<file>
to enable/disable logging of TLV packets for all sessions.Future effort could include adding this toggle to individual sessions as well.
There is some logic behind deciding if we want to write to a file or directory.
If we set the logging output to a file and we have write permissions, TLV packets will be appended to the file.
If we set it to a directory and we have write permissions, TLV packets will be stored in that directory with a default filename of
sessiontlvlogging.txt
.If we set it to a non-existent directory such as
setg sessiontlvlogging file:/tmp/this/directory/does/not/exist
, the last part of thefile:
argument will be treated as the output file e.g.exist
in this example. This will also create the relevant subdirectories, meaning if we dosetg sessiontlvlogging file:/tmp/this/directory/does/not
in the future, we will output to a file,/tmp/this/directory/does/not/sessiontlvlogging.txt
as the directory exists.Verification
msfconsole
setg sessiontlvlogging console
SEND
andRECV
TLV packets are output to the consolesetg sessiontlvlogging false
setg sessiontlvlogging file:./output.txt
output.txt
file has TLV packet information stored.Before /
setg sessiontlvlogging false
After /
setg sessiontlvlogging console