diff --git a/caplets/local-sniffer.cap b/caplets/local-sniffer.cap
index feb49537..e3103d0a 100644
--- a/caplets/local-sniffer.cap
+++ b/caplets/local-sniffer.cap
@@ -1,7 +1,7 @@
events.stream off
events.clear
-set events.stream.filter net.sniff
-events.stream on
+# set events.stream.filter net.sniff
+# events.stream on
set net.sniff.verbose false
set net.sniff.local true
diff --git a/modules/net_sniff_dns.go b/modules/net_sniff_dns.go
index bda356c1..a73054dc 100644
--- a/modules/net_sniff_dns.go
+++ b/modules/net_sniff_dns.go
@@ -34,14 +34,23 @@ func dnsParser(ip *layers.IPv4, pkt gopacket.Packet, udp *layers.UDP) bool {
}
for hostname, ips := range m {
- SniffPrinter("[%s] %s %s > %s : %s is %s\n",
+ NewSnifferEvent(
+ pkt.Metadata().Timestamp,
+ "dns",
+ ip.SrcIP.String(),
+ ip.DstIP.String(),
+ SniffData{
+ "Hostname": hostname,
+ "Addresses": ips,
+ },
+ "[%s] %s %s > %s : %s is %s",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_DGRAY+core.FG_WHITE, "dns"),
vIP(ip.SrcIP),
vIP(ip.DstIP),
core.Yellow(hostname),
core.Dim(strings.Join(ips, ", ")),
- )
+ ).Push()
}
return true
diff --git a/modules/net_sniff_event.go b/modules/net_sniff_event.go
new file mode 100644
index 00000000..2b37276d
--- /dev/null
+++ b/modules/net_sniff_event.go
@@ -0,0 +1,36 @@
+package modules
+
+import (
+ "fmt"
+ "time"
+
+ "github.com/evilsocket/bettercap-ng/session"
+)
+
+type SniffData map[string]interface{}
+
+type SnifferEvent struct {
+ PacketTime time.Time
+ Protocol string
+ Source string
+ Destination string
+ Data SniffData
+ Message string
+}
+
+func NewSnifferEvent(t time.Time, proto string, src string, dst string, data SniffData, format string, args ...interface{}) SnifferEvent {
+ return SnifferEvent{
+ PacketTime: t,
+ Protocol: proto,
+ Source: src,
+ Destination: dst,
+ Data: data,
+ Message: fmt.Sprintf(format, args...),
+ }
+}
+
+func (e SnifferEvent) Push() {
+ fmt.Printf("%s\n", e.Message)
+ session.I.Events.Add("net.sniff.leak."+e.Protocol, e.Data)
+ session.I.Input.Refresh()
+}
diff --git a/modules/net_sniff_http.go b/modules/net_sniff_http.go
index 092c654a..fdf97d1a 100644
--- a/modules/net_sniff_http.go
+++ b/modules/net_sniff_http.go
@@ -26,25 +26,40 @@ func httpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
return false
}
+ method := string(m[1])
+ hostname := string(m[2])
+ path := string(m[3])
ua := ""
mu := uaRe.FindSubmatch(data)
if len(mu) == 2 {
ua = string(mu[1])
}
- url := fmt.Sprintf("%s", core.Yellow(string(m[3])))
+ url := fmt.Sprintf("%s", core.Yellow(path))
if tcp.DstPort != 80 {
url += fmt.Sprintf(":%s", vPort(tcp.DstPort))
}
- url += fmt.Sprintf("%s", string(m[2]))
+ url += fmt.Sprintf("%s", hostname)
- SniffPrinter("[%s] %s %s %s %s %s\n",
+ NewSnifferEvent(
+ pkt.Metadata().Timestamp,
+ "http",
+ ip.SrcIP.String(),
+ hostname,
+ SniffData{
+ "Method": method,
+ "Hostname": hostname,
+ "URL": url,
+ "UA": ua,
+ },
+ "[%s] %s %s %s %s %s",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_RED+core.FG_BLACK, "http"),
vIP(ip.SrcIP),
- core.W(core.BG_LBLUE+core.FG_BLACK, vURL(string(m[1]))),
+ core.W(core.BG_LBLUE+core.FG_BLACK, method),
vURL(url),
- core.Dim(ua))
+ core.Dim(ua),
+ ).Push()
return true
}
diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go
index f1bcfcf1..6a4b88a0 100644
--- a/modules/net_sniff_parsers.go
+++ b/modules/net_sniff_parsers.go
@@ -5,20 +5,11 @@ import (
"github.com/evilsocket/bettercap-ng/core"
"github.com/evilsocket/bettercap-ng/log"
- "github.com/evilsocket/bettercap-ng/session"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)
-type SniffPrinterType func(format string, args ...interface{}) (int, error)
-
-var SniffPrinter = SniffPrinterType(func(format string, args ...interface{}) (n int, e error) {
- n, e = fmt.Printf(format, args...)
- session.I.Input.Refresh()
- return
-})
-
func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP)
@@ -29,14 +20,23 @@ func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
}
if verbose == true {
- SniffPrinter("[%s] %s %s:%s > %s:%s %s\n",
+ NewSnifferEvent(
+ pkt.Metadata().Timestamp,
+ "tcp",
+ fmt.Sprintf("%s:%s", ip.SrcIP, vPort(tcp.SrcPort)),
+ fmt.Sprintf("%s:%s", ip.DstIP, vPort(tcp.DstPort)),
+ SniffData{
+ "Size": len(ip.Payload),
+ },
+ "[%s] %s %s:%s > %s:%s %s",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_LBLUE+core.FG_BLACK, "tcp"),
vIP(ip.SrcIP),
vPort(tcp.SrcPort),
vIP(ip.DstIP),
vPort(tcp.DstPort),
- core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))))
+ core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))),
+ ).Push()
}
}
@@ -48,25 +48,43 @@ func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
}
if verbose == true {
- SniffPrinter("[%s] %s %s:%s > %s:%s %s\n",
+ NewSnifferEvent(
+ pkt.Metadata().Timestamp,
+ "udp",
+ fmt.Sprintf("%s:%s", ip.SrcIP, vPort(udp.SrcPort)),
+ fmt.Sprintf("%s:%s", ip.DstIP, vPort(udp.DstPort)),
+ SniffData{
+ "Size": len(ip.Payload),
+ },
+ "[%s] %s %s:%s > %s:%s %s",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_DGRAY+core.FG_WHITE, "udp"),
vIP(ip.SrcIP),
vPort(udp.SrcPort),
vIP(ip.DstIP),
vPort(udp.DstPort),
- core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))))
+ core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))),
+ ).Push()
}
}
func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
if verbose == true {
- SniffPrinter("[%s] [%s] %s > %s (%d bytes)\n",
- vTime(pkt.Metadata().Timestamp),
- pkt.TransportLayer().LayerType(),
+ NewSnifferEvent(
+ pkt.Metadata().Timestamp,
+ pkt.TransportLayer().LayerType().String(),
vIP(ip.SrcIP),
vIP(ip.DstIP),
- len(ip.Payload))
+ SniffData{
+ "Size": len(ip.Payload),
+ },
+ "[%s] %s %s > %s %s",
+ vTime(pkt.Metadata().Timestamp),
+ core.W(core.BG_DGRAY+core.FG_WHITE, pkt.TransportLayer().LayerType().String()),
+ vIP(ip.SrcIP),
+ vIP(ip.DstIP),
+ core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))),
+ ).Push()
}
}
diff --git a/modules/net_sniff_sni.go b/modules/net_sniff_sni.go
index b6e7612b..935b51ec 100644
--- a/modules/net_sniff_sni.go
+++ b/modules/net_sniff_sni.go
@@ -31,11 +31,20 @@ func sniParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
domain = fmt.Sprintf("%s:%d", domain, tcp.DstPort)
}
- SniffPrinter("[%s] %s %s > %s\n",
+ NewSnifferEvent(
+ pkt.Metadata().Timestamp,
+ "sni",
+ ip.SrcIP.String(),
+ domain,
+ SniffData{
+ "Domain": domain,
+ },
+ "[%s] %s %s > %s",
vTime(pkt.Metadata().Timestamp),
core.W(core.BG_YELLOW+core.FG_WHITE, "sni"),
vIP(ip.SrcIP),
- core.Yellow("https://"+domain))
+ core.Yellow("https://"+domain),
+ ).Push()
return true
}