Merge pull request #646 from sten13/feature/sniff-basic-auth

Feature/sniff basic auth
2025-03-12 04:36:03 -07:00 · 2019-11-04 12:42:58 +01:00 · 2019-11-04 12:42:58 +01:00 · 6755d8c880
commit 6755d8c880
parent e51e097e43 20a46151de
2 changed files with 34 additions and 14 deletions
--- a/modules/events_stream/events_view_http.go
+++ b/modules/events_stream/events_view_http.go
@ -6,11 +6,11 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"github.com/bettercap/bettercap/modules/net_sniff"
 	"net/url"
 	"regexp"
 	"strings"

+	"github.com/bettercap/bettercap/modules/net_sniff"
 	"github.com/bettercap/bettercap/session"

 	"github.com/evilsocket/islazy/tui"
--- a/modules/net_sniff/net_sniff_http.go
+++ b/modules/net_sniff/net_sniff_http.go
@ -119,19 +119,39 @@ func toSerializableResponse(res *http.Response) HTTPResponse {
 func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
 	data := tcp.Payload
 	if req, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(data))); err == nil {
-		NewSnifferEvent(
-			pkt.Metadata().Timestamp,
-			"http.request",
-			ip.SrcIP.String(),
-			req.Host,
-			toSerializableRequest(req),
-			"%s %s %s %s%s",
-			tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"),
-			vIP(ip.SrcIP),
-			tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method),
-			tui.Yellow(req.Host),
-			vURL(req.URL.String()),
-		).Push()
+		if user, pass, ok := req.BasicAuth(); ok {
+			NewSnifferEvent(
+				pkt.Metadata().Timestamp,
+				"http.request",
+				ip.SrcIP.String(),
+				req.Host,
+				toSerializableRequest(req),
+				"%s %s %s %s%s - %s %s, %s %s",
+				tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"),
+				vIP(ip.SrcIP),
+				tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method),
+				tui.Yellow(req.Host),
+				vURL(req.URL.String()),
+				tui.Bold("USER"),
+				tui.Red(user),
+				tui.Bold("PASS"),
+				tui.Red(pass),
+			).Push()
+		} else {
+			NewSnifferEvent(
+				pkt.Metadata().Timestamp,
+				"http.request",
+				ip.SrcIP.String(),
+				req.Host,
+				toSerializableRequest(req),
+				"%s %s %s %s%s",
+				tui.Wrap(tui.BACKRED+tui.FOREBLACK, "http"),
+				vIP(ip.SrcIP),
+				tui.Wrap(tui.BACKLIGHTBLUE+tui.FOREBLACK, req.Method),
+				tui.Yellow(req.Host),
+				vURL(req.URL.String()),
+			).Push()
+		}

 		return true
 	} else if res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(data)), nil); err == nil {