Commit 5bad515c authored by Sophie Brun's avatar Sophie Brun

New upstream version 1.6.2

parent 73a6b1b1
**bettercap** is a complete, modular, portable and easily extensible **MITM** tool and framework with every kind of diagnostic
and offensive feature you could need in order to perform a man in the middle attack.
Before submitting issues, please read the relevant [section](https://www.bettercap.org/docs/contribute/) in the documentation.
<table>
<tr>
<th>Version</th>
......@@ -17,16 +15,9 @@ Before submitting issues, please read the relevant [section](https://www.betterc
<td><a href="https://www.bettercap.org/">https://www.bettercap.org/</a></td>
</tr>
<tr>
<th>Blog</th>
<td><a href="https://www.bettercap.org/blog/">https://www.bettercap.org/blog/</a></td>
<tr>
<th>Github</th>
<th>GitHub</th>
<td><a href="https://github.com/evilsocket/bettercap">https://github.com/evilsocket/bettercap</a></td>
<tr/>
<tr>
<th>Documentation</th>
<td><a href="https://www.bettercap.org/docs/">https://www.bettercap.org/docs/</a></td>
</tr>
<tr>
<th>Code Documentation</th>
<td>
......@@ -46,16 +37,8 @@ Before submitting issues, please read the relevant [section](https://www.betterc
<td><a href="https://twitter.com/bettercap">@bettercap</a></td>
</tr>
<tr>
<th>Chat</th>
<td>
<a href="https://gitter.im/evilsocket/bettercap" target="_blank">
<img src="https://badges.gitter.im/evilsocket/bettercap.svg"/>
</a>
</td>
</tr>
<tr>
<th>Copyright</th>
<td>2015-2016 Simone Margaritelli</td>
<th>Copyleft</th>
<td>Simone Margaritelli</td>
</tr>
<tr>
<th>License</th>
......@@ -68,33 +51,49 @@ Installation
**Dependencies**
All dependencies will be automatically installed through the GEM system but in some case you might need to install some system
dependency in order to make everything work:
All dependencies will be automatically installed through the RubyGems system but in some cases you might need to install some system
dependency in order to make everything work.
**On OSX** (install brew and xcode tools first):
```shell
brew install libpcap
```
**On Linux**:
sudo apt-get install build-essential ruby-dev libpcap-dev
```shell
sudo apt-get install build-essential ruby-dev libpcap-dev net-tools
```
This should solve issues such as [this one](https://github.com/evilsocket/bettercap/issues/22) or [this one](https://github.com/evilsocket/bettercap/issues/100).
**Stable Release ( GEM )**
**Stable Release (RubyGems)**
gem install bettercap
```shell
gem install bettercap
```
**From Source**
git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
sudo gem install bettercap*.gem
```shell
git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
sudo gem install bettercap*.gem
```
**Installation on Kali Linux**
Kali Linux has bettercap packaged and added to the **kali-rolling** repositories. To install bettercap and all dependencies in one fell swoop on the latest version of Kali Linux:
apt-get update
apt-get dist-upgrade
apt-get install bettercap
```shell
apt-get update
apt-get dist-upgrade
apt-get install bettercap
```
Documentation and Examples
============
Please refer to the [official website](https://www.bettercap.org/docs/).
Please refer to the [official website](https://www.bettercap.org/).
......@@ -5,15 +5,15 @@
Gem::Specification.new do |s|
s.name = "bettercap"
s.version = "1.6.1"
s.version = "1.6.2"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.authors = ["Simone Margaritelli"]
s.date = "2017-06-29"
s.date = "2017-08-21"
s.description = "BetterCap is the state of the art, modular, portable and easily extensible MITM framework featuring ARP, DNS and ICMP spoofing, sslstripping, credentials harvesting and more."
s.email = "evilsocket@gmail.com"
s.executables = ["bettercap"]
s.files = ["LICENSE.md", "README.md", "bin/bettercap", "lib/bettercap.rb", "lib/bettercap/banner", "lib/bettercap/context.rb", "lib/bettercap/discovery/agents/arp.rb", "lib/bettercap/discovery/agents/base.rb", "lib/bettercap/discovery/agents/icmp.rb", "lib/bettercap/discovery/agents/ndp.rb", "lib/bettercap/discovery/agents/udp.rb", "lib/bettercap/discovery/thread.rb", "lib/bettercap/error.rb", "lib/bettercap/firewalls/base.rb", "lib/bettercap/firewalls/bsd.rb", "lib/bettercap/firewalls/linux.rb", "lib/bettercap/firewalls/redirection.rb", "lib/bettercap/loader.rb", "lib/bettercap/logger.rb", "lib/bettercap/monkey/celluloid/actor.rb", "lib/bettercap/monkey/celluloid/io/udp_socket.rb", "lib/bettercap/monkey/em-proxy/proxy.rb", "lib/bettercap/monkey/openssl/server.rb", "lib/bettercap/monkey/packetfu/pcap.rb", "lib/bettercap/monkey/packetfu/utils.rb", "lib/bettercap/monkey/system.rb", "lib/bettercap/network/arp_reader.rb", "lib/bettercap/network/hw-prefixes", "lib/bettercap/network/ndp_reader.rb", "lib/bettercap/network/network.rb", "lib/bettercap/network/packet_queue.rb", "lib/bettercap/network/protos/base.rb", "lib/bettercap/network/protos/dhcp.rb", "lib/bettercap/network/protos/mysql.rb", "lib/bettercap/network/protos/ntlm.rb", "lib/bettercap/network/protos/snmp.rb", "lib/bettercap/network/protos/teamviewer.rb", "lib/bettercap/network/servers/dnsd.rb", "lib/bettercap/network/servers/httpd.rb", "lib/bettercap/network/services", "lib/bettercap/network/target.rb", "lib/bettercap/network/validator.rb", "lib/bettercap/options/core_options.rb", "lib/bettercap/options/options.rb", "lib/bettercap/options/proxy_options.rb", "lib/bettercap/options/server_options.rb", "lib/bettercap/options/sniff_options.rb", "lib/bettercap/options/spoof_options.rb", "lib/bettercap/pluggable.rb", "lib/bettercap/proxy/http/module.rb", "lib/bettercap/proxy/http/modules/injectcss.rb", "lib/bettercap/proxy/http/modules/injecthtml.rb", "lib/bettercap/proxy/http/modules/injectjs.rb", "lib/bettercap/proxy/http/modules/redirect.rb", "lib/bettercap/proxy/http/proxy.rb", "lib/bettercap/proxy/http/request.rb", "lib/bettercap/proxy/http/response.rb", "lib/bettercap/proxy/http/ssl/authority.rb", "lib/bettercap/proxy/http/ssl/bettercap-ca.pem", "lib/bettercap/proxy/http/ssl/server.rb", "lib/bettercap/proxy/http/sslstrip/cookiemonitor.rb", "lib/bettercap/proxy/http/sslstrip/lock.ico", "lib/bettercap/proxy/http/sslstrip/strip.rb", "lib/bettercap/proxy/http/streamer.rb", "lib/bettercap/proxy/stream_logger.rb", "lib/bettercap/proxy/tcp/module.rb", "lib/bettercap/proxy/tcp/proxy.rb", "lib/bettercap/proxy/thread_pool.rb", "lib/bettercap/proxy/udp/module.rb", "lib/bettercap/proxy/udp/pool.rb", "lib/bettercap/proxy/udp/proxy.rb", "lib/bettercap/shell.rb", "lib/bettercap/sniffer/parsers/base.rb", "lib/bettercap/sniffer/parsers/cookie.rb", "lib/bettercap/sniffer/parsers/custom.rb", "lib/bettercap/sniffer/parsers/dhcp.rb", "lib/bettercap/sniffer/parsers/dict.rb", "lib/bettercap/sniffer/parsers/ftp.rb", "lib/bettercap/sniffer/parsers/httpauth.rb", "lib/bettercap/sniffer/parsers/https.rb", "lib/bettercap/sniffer/parsers/irc.rb", "lib/bettercap/sniffer/parsers/mail.rb", "lib/bettercap/sniffer/parsers/mpd.rb", "lib/bettercap/sniffer/parsers/mysql.rb", "lib/bettercap/sniffer/parsers/nntp.rb", "lib/bettercap/sniffer/parsers/ntlmss.rb", "lib/bettercap/sniffer/parsers/pgsql.rb", "lib/bettercap/sniffer/parsers/post.rb", "lib/bettercap/sniffer/parsers/redis.rb", "lib/bettercap/sniffer/parsers/rlogin.rb", "lib/bettercap/sniffer/parsers/snmp.rb", "lib/bettercap/sniffer/parsers/snpp.rb", "lib/bettercap/sniffer/parsers/teamviewer.rb", "lib/bettercap/sniffer/parsers/url.rb", "lib/bettercap/sniffer/parsers/whatsapp.rb", "lib/bettercap/sniffer/sniffer.rb", "lib/bettercap/spoofers/arp.rb", "lib/bettercap/spoofers/base.rb", "lib/bettercap/spoofers/icmp.rb", "lib/bettercap/spoofers/ndp.rb", "lib/bettercap/spoofers/none.rb", "lib/bettercap/update_checker.rb", "lib/bettercap/version.rb"]
s.files = ["LICENSE.md", "README.md", "bin/bettercap", "lib/bettercap.rb", "lib/bettercap/banner", "lib/bettercap/context.rb", "lib/bettercap/discovery/agents/arp.rb", "lib/bettercap/discovery/agents/base.rb", "lib/bettercap/discovery/agents/icmp.rb", "lib/bettercap/discovery/agents/mdns.rb", "lib/bettercap/discovery/agents/ndp.rb", "lib/bettercap/discovery/agents/udp.rb", "lib/bettercap/discovery/agents/upnp.rb", "lib/bettercap/discovery/agents/wsd.rb", "lib/bettercap/discovery/thread.rb", "lib/bettercap/error.rb", "lib/bettercap/firewalls/base.rb", "lib/bettercap/firewalls/bsd.rb", "lib/bettercap/firewalls/linux.rb", "lib/bettercap/firewalls/redirection.rb", "lib/bettercap/loader.rb", "lib/bettercap/logger.rb", "lib/bettercap/monkey/celluloid/actor.rb", "lib/bettercap/monkey/celluloid/io/udp_socket.rb", "lib/bettercap/monkey/em-proxy/proxy.rb", "lib/bettercap/monkey/openssl/server.rb", "lib/bettercap/monkey/packetfu/pcap.rb", "lib/bettercap/monkey/packetfu/utils.rb", "lib/bettercap/monkey/system.rb", "lib/bettercap/network/arp_reader.rb", "lib/bettercap/network/hw-prefixes", "lib/bettercap/network/ndp_reader.rb", "lib/bettercap/network/network.rb", "lib/bettercap/network/packet_queue.rb", "lib/bettercap/network/protos/base.rb", "lib/bettercap/network/protos/dhcp.rb", "lib/bettercap/network/protos/mysql.rb", "lib/bettercap/network/protos/ntlm.rb", "lib/bettercap/network/protos/snmp.rb", "lib/bettercap/network/protos/teamviewer.rb", "lib/bettercap/network/servers/dnsd.rb", "lib/bettercap/network/servers/httpd.rb", "lib/bettercap/network/services", "lib/bettercap/network/target.rb", "lib/bettercap/network/validator.rb", "lib/bettercap/options/core_options.rb", "lib/bettercap/options/options.rb", "lib/bettercap/options/proxy_options.rb", "lib/bettercap/options/server_options.rb", "lib/bettercap/options/sniff_options.rb", "lib/bettercap/options/spoof_options.rb", "lib/bettercap/pluggable.rb", "lib/bettercap/proxy/http/module.rb", "lib/bettercap/proxy/http/modules/injectcss.rb", "lib/bettercap/proxy/http/modules/injecthtml.rb", "lib/bettercap/proxy/http/modules/injectjs.rb", "lib/bettercap/proxy/http/modules/redirect.rb", "lib/bettercap/proxy/http/proxy.rb", "lib/bettercap/proxy/http/request.rb", "lib/bettercap/proxy/http/response.rb", "lib/bettercap/proxy/http/ssl/authority.rb", "lib/bettercap/proxy/http/ssl/bettercap-ca.pem", "lib/bettercap/proxy/http/ssl/server.rb", "lib/bettercap/proxy/http/sslstrip/cookiemonitor.rb", "lib/bettercap/proxy/http/sslstrip/lock.ico", "lib/bettercap/proxy/http/sslstrip/strip.rb", "lib/bettercap/proxy/http/streamer.rb", "lib/bettercap/proxy/stream_logger.rb", "lib/bettercap/proxy/tcp/module.rb", "lib/bettercap/proxy/tcp/proxy.rb", "lib/bettercap/proxy/thread_pool.rb", "lib/bettercap/proxy/udp/module.rb", "lib/bettercap/proxy/udp/pool.rb", "lib/bettercap/proxy/udp/proxy.rb", "lib/bettercap/shell.rb", "lib/bettercap/sniffer/parsers/asterisk.rb", "lib/bettercap/sniffer/parsers/base.rb", "lib/bettercap/sniffer/parsers/bfd.rb", "lib/bettercap/sniffer/parsers/cookie.rb", "lib/bettercap/sniffer/parsers/custom.rb", "lib/bettercap/sniffer/parsers/dhcp.rb", "lib/bettercap/sniffer/parsers/dict.rb", "lib/bettercap/sniffer/parsers/ftp.rb", "lib/bettercap/sniffer/parsers/hsrp.rb", "lib/bettercap/sniffer/parsers/httpauth.rb", "lib/bettercap/sniffer/parsers/https.rb", "lib/bettercap/sniffer/parsers/irc.rb", "lib/bettercap/sniffer/parsers/mail.rb", "lib/bettercap/sniffer/parsers/mpd.rb", "lib/bettercap/sniffer/parsers/mysql.rb", "lib/bettercap/sniffer/parsers/nntp.rb", "lib/bettercap/sniffer/parsers/ntlmss.rb", "lib/bettercap/sniffer/parsers/pgsql.rb", "lib/bettercap/sniffer/parsers/post.rb", "lib/bettercap/sniffer/parsers/radius.rb", "lib/bettercap/sniffer/parsers/redis.rb", "lib/bettercap/sniffer/parsers/rlogin.rb", "lib/bettercap/sniffer/parsers/snmp.rb", "lib/bettercap/sniffer/parsers/snpp.rb", "lib/bettercap/sniffer/parsers/teamtalk.rb", "lib/bettercap/sniffer/parsers/teamviewer.rb", "lib/bettercap/sniffer/parsers/url.rb", "lib/bettercap/sniffer/parsers/whatsapp.rb", "lib/bettercap/sniffer/parsers/wol.rb", "lib/bettercap/sniffer/sniffer.rb", "lib/bettercap/spoofers/arp.rb", "lib/bettercap/spoofers/base.rb", "lib/bettercap/spoofers/hsrp.rb", "lib/bettercap/spoofers/icmp.rb", "lib/bettercap/spoofers/mac.rb", "lib/bettercap/spoofers/ndp.rb", "lib/bettercap/spoofers/none.rb", "lib/bettercap/update_checker.rb", "lib/bettercap/version.rb"]
s.homepage = "https://github.com/evilsocket/bettercap"
s.licenses = ["GPL-3.0"]
s.rdoc_options = ["--charset=UTF-8"]
......
......@@ -7,7 +7,7 @@
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : http://www.evilsocket.net/
Blog : https://www.evilsocket.net/
This project is released under the GPL 3 license.
......
......@@ -147,7 +147,7 @@ class Context
ip = ip.succ
end
tend = Time.now
Logger.info "[#{'DISCOVERY'.green}] Done in #{(tend - tstart) * 1000.0} ms"
Logger.info "[#{'DISCOVERY'.green}] Done in #{'%.01f' % ((tend - tstart) * 1000.0)} ms"
end
end
......
# encoding: UTF-8
=begin
BETTERCAP
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : https://www.evilsocket.net/
mDNS DNS-SD broadcast discovery agent:
Author : Brendan Coles
Email : bcoles[at]gmail.com
This project is released under the GPL 3 license.
=end
# Send a broadcast mDNS query trying to fill the ARP table.
module BetterCap
module Discovery
module Agents
# Class responsible for sending mDNS broadcast queries to the network.
class Mdns
# Create a thread which will send an mDNS broadcast query
# in order to populate the ARP cache with active targets.
# http://www.multicastdns.org/
# http://www.ietf.org/rfc/rfc6762.txt
# https://en.wikipedia.org/wiki/Multicast_DNS
# https://en.wikipedia.org/wiki/Zero-configuration_networking#DNS-SD_with_multicast
def initialize( ctx, address = nil )
pkt = PacketFu::UDPPacket.new
pkt.eth_saddr = ctx.iface.mac
pkt.eth_daddr = '01:00:5e:00:00:fb'
pkt.ip_saddr = ctx.iface.ip
pkt.ip_daddr = '224.0.0.251'
pkt.udp_src = (rand((2 ** 16) - 1024) + 1024).to_i
pkt.udp_dst = 5353
query = "\x09_services\x07_dns-sd\x04_udp\x05local"
payload = "\x00\x01" # Transaction ID
payload << "\x00\x00" # Flags
payload << "\x00\x01" # Number of questions
payload << "\x00\x00" # Number of answers
payload << "\x00\x00" # Number of authority resource records
payload << "\x00\x00" # Number of additional resource records
payload << query # Query
payload << "\x00" # Terminator
payload << "\x00\x0c" # Type (PTR)
payload << "\x00\x01" # Class
pkt.payload = payload
pkt.recalc
ctx.packets.push(pkt)
end
end
end
end
end
# encoding: UTF-8
=begin
BETTERCAP
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : https://www.evilsocket.net/
UPnP SSDP broadcast discovery agent:
Author : Brendan Coles
Email : bcoles[at]gmail.com
This project is released under the GPL 3 license.
=end
# Send a broadcast UPnP query trying to fill the ARP table.
module BetterCap
module Discovery
module Agents
# Class responsible for sending UPnP SSDP broadcast queries to the network.
class Upnp
# Create a thread which will send a UPnP SSDP M-SEARCH broadcast query
# in order to populate the ARP cache with active targets.
# https://tools.ietf.org/html/draft-cai-ssdp-v1-03#section-4
# https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
# https://en.wikipedia.org/wiki/Zero-configuration_networking#SSDP
def initialize( ctx, address = nil )
host = '239.255.255.250'
port = 1900
pkt = PacketFu::UDPPacket.new
pkt.eth_saddr = ctx.iface.mac
pkt.eth_daddr = '01:00:5e:7f:ff:fa'
pkt.ip_saddr = ctx.iface.ip
pkt.ip_daddr = host
pkt.udp_src = (rand((2 ** 16) - 1024) + 1024).to_i
pkt.udp_dst = port
query = []
query << 'M-SEARCH * HTTP/1.1'
query << "Host: #{host}:#{port}"
query << 'Man: ssdp:discover'
query << 'ST: ssdp:all' # Search Target
query << 'MX: 2' # Delay response (2 seconds)
payload = query.join("\r\n").to_s
payload << "\r\n"
pkt.payload = payload
pkt.recalc
ctx.packets.push(pkt)
end
end
end
end
end
# encoding: UTF-8
=begin
BETTERCAP
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : https://www.evilsocket.net/
WS-Discovery broadcast discovery agent:
Author : Brendan Coles
Email : bcoles[at]gmail.com
This project is released under the GPL 3 license.
=end
# Send a broadcast WS-Discovery query trying to fill the ARP table.
module BetterCap
module Discovery
module Agents
# Class responsible for sending WS-Discovery broadcast queries to the network.
class Wsd
# Create a thread which will send a WS-Discovery broadcast query
# in order to populate the ARP cache with active targets.
# References:
# - https://msdn.microsoft.com/en-us/library/windows/desktop/bb513684(v=vs.85).aspx
# - http://specs.xmlsoap.org/ws/2005/04/discovery/ws-discovery.pdf
# - https://en.wikipedia.org/wiki/Web_Services_for_Devices
# - https://en.wikipedia.org/wiki/WS-Discovery
# - https://en.wikipedia.org/wiki/Zero-configuration_networking#WS-Discovery
def initialize( ctx, address = nil )
pkt = PacketFu::UDPPacket.new
pkt.eth_saddr = ctx.iface.mac
pkt.eth_daddr = '01:00:5e:7f:ff:fa'
pkt.ip_saddr = ctx.iface.ip
pkt.ip_daddr = '239.255.255.250'
pkt.udp_src = (rand((2 ** 16) - 1024) + 1024).to_i
pkt.udp_dst = 3702
uuid = SecureRandom.uuid
payload = '<?xml version="1.0" encoding="utf-8" ?>'
payload << '<soap:Envelope'
payload << ' xmlns:soap="http://www.w3.org/2003/05/soap-envelope"'
payload << ' xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"'
payload << ' xmlns:wsd="http://schemas.xmlsoap.org/ws/2005/04/discovery"'
payload << ' xmlns:wsdp="http://schemas.xmlsoap.org/ws/2006/02/devprof">'
payload << '<soap:Header>'
# WS-Discovery
payload << '<wsa:To>urn:schemas-xmlsoap-org:ws:2005:04:discovery</wsa:To>'
# Action (Probe)
payload << "<wsa:Action>http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe</wsa:Action>"
# Message identifier (unique GUID)
payload << "<wsa:MessageID>urn:uuid:#{uuid}</wsa:MessageID>"
payload << '</soap:Header>'
payload << '<soap:Body>'
payload << '<wsd:Probe/>' # WS-Discovery type (blank)
payload << '</soap:Body>'
payload << '</env:Envelope>'
pkt.payload = payload
pkt.recalc
ctx.packets.push(pkt)
end
end
end
end
end
......@@ -75,8 +75,6 @@ class Linux < Base
# Ipv6 uses a different ip + port representation
cal_dst_address = "[#{r.dst_address}]"
end
# post route
Shell.execute("#{table} -t nat -I POSTROUTING -s 0/0 -j MASQUERADE")
# accept all
Shell.execute("#{table} -P FORWARD ACCEPT")
# add redirection
......@@ -92,8 +90,6 @@ class Linux < Base
# Ipv6 uses a different ip + port representation
cal_dst_address = "[#{r.dst_address}]"
end
# remove post route
Shell.execute("#{table} -t nat -D POSTROUTING -s 0/0 -j MASQUERADE")
# remove redirection
Shell.execute("#{table} -t nat -D PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{cal_dst_address}:#{r.dst_port}")
end
......
......@@ -13,6 +13,53 @@ This project is released under the GPL 3 license.
module BetterCap
# Class responsible for console and file logging.
module Logger
L_RAW = 0
L_DBG = 1
L_INF = 2
L_WRN = 3
L_ERR = 4
class Entry
def initialize( ts, level, message )
@timestamp = ts
@level = level
@message = message
end
def create
case @level
when Logger::L_RAW
formatted_message( @message, nil )
when Logger::L_DBG
formatted_message( @message, 'D' ).light_black
when Logger::L_INF
formatted_message( @message, 'I' )
when Logger::L_WRN
formatted_message( @message, 'W' ).yellow
when Logger::L_ERR
formatted_message( @message, 'E' ).red
end
end
private
# Format +message+ for the given +message_type+.
def formatted_message(message, message_type)
# raw message?
if message_type.nil?
if @timestamp and !message.strip.empty?
"[#{Time.now}] #{message}"
else
message
end
elsif @timestamp
"[#{Time.now}] [#{message_type}] #{message}"
else
"[#{message_type}] #{message}"
end
end
end
class << self
@@ctx = nil
@@queue = Queue.new
......@@ -39,48 +86,45 @@ module Logger
"Message : #{e.message}\n" +
"Backtrace :\n\n #{e.backtrace.join("\n ")}\n"
if BetterCap::VERSION.end_with?('b')
self.warn(msg)
else
self.debug(msg)
end
self.debug(msg)
end
# Log an error +message+.
def error(message)
@@queue.push formatted_message(message, 'E').red
@@queue.push Logger::Entry.new( @@timestamp, Logger::L_ERR, message )
end
# Log an information +message+.
def info(message)
@@queue.push( formatted_message(message, 'I') ) unless @@silent
@@queue.push( Logger::Entry.new( @@timestamp, Logger::L_INF, message ) ) unless @silent
end
# Log a warning +message+.
def warn(message)
@@queue.push formatted_message(message, 'W').yellow
@@queue.push Logger::Entry.new( @@timestamp, Logger::L_WRN, message )
end
# Log a debug +message+.
def debug(message)
if @@debug and not @@silent
@@queue.push formatted_message(message, 'D').light_black
@@queue.push Logger::Entry.new( @@timestamp, Logger::L_DBG, message )
end
end
# Log a +message+ as it is.
def raw(message)
@@queue.push( formatted_message( message, nil ) ) unless @@silent
@@queue.push( Logger::Entry.new( @@timestamp, Logger::L_RAW, message ) ) unless @silent
end
# Wait for the messages queue to be empty.
def wait!
while not @@queue.empty?
if @@thread.nil?
emit @@queue.pop
else
sleep 0.3
msg = @@queue.pop(true) rescue nil
if msg
emit msg.create
end
sleep(0.3) if msg.nil?
end
end
......@@ -89,15 +133,16 @@ module Logger
# Main logger logic.
def worker
loop do
message = @@queue.pop
if @@ctx.nil? or @@ctx.running
msg = @@queue.pop(true) rescue nil
if msg and ( @@ctx.nil? or @@ctx.running )
begin
emit message
emit msg.create
rescue Exception => e
Logger.warn "Logger error: #{e.message}"
Logger.exception e
end
end
sleep(0.3) if msg.nil?
end
end
......@@ -110,22 +155,6 @@ module Logger
f.close
end
end
# Format +message+ for the given +message_type+.
def formatted_message(message, message_type)
# raw message?
if message_type.nil?
if @@timestamp and !message.strip.empty?
"[#{Time.now}] #{message}"
else
message
end
elsif @@timestamp
"[#{Time.now}] [#{message_type}] #{message}"
else
"[#{message_type}] #{message}"
end
end
end
end
end
......@@ -142,7 +142,7 @@ class << self
if ctx.options.core.use_ipv6
BetterCap::Loader.load("BetterCap::Discovery::Agents::Ndp").new(ctx, address)
else
[ 'Icmp', 'Udp', 'Arp' ].each do |name|
[ 'Icmp', 'Udp', 'Arp', 'Mdns', 'Upnp', 'Wsd' ].each do |name|
BetterCap::Loader.load("BetterCap::Discovery::Agents::#{name}").new(ctx, address)
end
end
......
......@@ -119,7 +119,7 @@ class CoreOptions
opts.on( '-h', '--help', 'Display the available options.') do
puts opts
puts "\nFor examples & docs please visit " + "https://bettercap.org/docs/".bold
puts "\nFor examples & docs please visit " + "https://bettercap.org/".bold
exit
end
......
......@@ -5,7 +5,7 @@ BETTERCAP
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : http://www.evilsocket.net/
Blog : https://www.evilsocket.net/
This project is released under the GPL 3 license.
......
......@@ -136,7 +136,7 @@ class Proxy
# ip addresses.
def is_self_request?(request)
begin
return @local_ips.include? IPSocket.getaddress(request.host)
return @local_ips.include? request.host
rescue; end
false
end
......@@ -146,12 +146,7 @@ class Proxy
request = Request.new @upstream_port
begin
Logger.debug 'Reading request ...'
request.read(client)
Logger.debug 'Request parsed.'
# stripped request
if @streamer.was_stripped?( request, client )
@streamer.handle( request, client )
......@@ -163,11 +158,8 @@ class Proxy
@streamer.handle( request, client )
end
Logger.debug "#{@type} client served."
rescue SocketError => se
Logger.debug "Socket error while serving client: #{se.message}"
# Logger.exception se
rescue Errno::EPIPE => ep
Logger.debug "Connection closed while serving client."
rescue EOFError => eof
......
......@@ -195,7 +195,7 @@ class Strip
response = nil
# check for cookies.
unless @cookies.is_clean?(request)
Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Sending expired cookies for '#{request.host}'."
expired = @cookies.get_expired_headers!(request)
response = Response.redirect( request.to_url(nil), expired )
end
......@@ -222,14 +222,14 @@ class Strip
end
request.port = 443
Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{url}', proxying via SSL ( #{request.to_url} )."
Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found stripped HTTPS link '#{url}', proxying via SSL ( #{request.to_url} )."
end
end
# If +request+ is the favicon of a stripped host, send our spoofed lock icon.
def spoof_favicon!(request)
if was_stripped?(request) and is_favicon?(request)
Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Sending spoofed favicon '#{request.to_url }'."
Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Sending spoofed favicon '#{request.to_url }'."
return @favicon
end
nil
......@@ -254,14 +254,14 @@ class Strip
# no cookies set, just a normal http -> https redirect
if response['Set-Cookie'].empty?
Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{original}' -> '#{stripped}'."
Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS '#{original}' -> '#{stripped}'."
# The request will be retried on port 443 if MAX_REDIRECTS is not reached.
request.port = 443
# retry the request if possible
return true
# cookies set, this is probably a redirect after a login.
else
Logger.info "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS ( with cookies ) '#{original}' -> '#{stripped}'."
Logger.debug "[#{'SSLSTRIP'.green} #{request.client}] Found redirect to HTTPS ( with cookies ) '#{original}' -> '#{stripped}'."
# we know this session, do not kill it!
@cookies.add!( request )
# remove the 'secure' flag from every cookie.
......
=begin
BETTERCAP
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : https://www.evilsocket.net/
Asterisk Call Manager authentication parser:
Author : Brendan Coles
Email : bcoles[at]gmail.com
This project is released under the GPL 3 license.
=end
module BetterCap
module Parsers
# Asterisk Call Manager authentication parser.
class Asterisk < Base
def initialize
@name = 'Asterisk'
end
def on_packet( pkt )
return unless pkt.tcp_dst == 5038
return unless pkt.to_s =~ /action:\s+login\r?\n/i
if pkt.to_s =~ /username:\s+(.+?)\r?\n/i && pkt.to_s =~ /secret:\s+(.+?)\r?\n/i
user = pkt.to_s.scan(/username:\s+(.+?)\r?\n/i).flatten.first
pass = pkt.to_s.scan(/secret:\s+(.+?)\r?\n/i).flatten.first
StreamLogger.log_raw( pkt, @name, "username=#{user} password=#{pass}" )
end
rescue
end
end
end
end
# encoding: UTF-8
=begin
BETTERCAP
Author : Simone 'evilsocket' Margaritelli
Email : evilsocket@gmail.com
Blog : https://www.evilsocket.net/
Bidirectional Forwarding Detection (BFD) packet and authentication parser:
Author : Brendan Coles
Email : bcoles[at]gmail.com
This project is released under the GPL 3 license.
=end
module BetterCap
module Parsers
#
# Bidirectional Forwarding Detection (BFD) packet and authentication parser.
#
# References:
# - https://tools.ietf.org/html/rfc5880#section-4
# - https://en.wikipedia.org/wiki/Bidirectional_Forwarding_Detection
#
class Bfd < Base
def initialize