metasploit-framework/data/exploits/psnuffle/url.rb

49 lines
1.2 KiB
Ruby

# Psnuffle password sniffer add-on class for HTTP GET URL's
# part of psnuffle sniffer auxiliary module
#
# Very simple example how to write sniffer extensions
#
# Sniffer class for GET URL's
class SnifferURL < BaseProtocolParser
def register_sigs
self.sigs = {
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i,
:webhost => /^HOST\:\s+([^\n\r]+)/i,
}
end
def parse(pkt)
# We want to return immediantly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 80 and pkt.tcp_dport != 80)
s = find_session((pkt.tcp_sport == 80) ? get_session_src(pkt) : get_session_dst(pkt))
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
sessions[s[:session]].merge!({k => matches})
end
case matched
when :webhost
sessions[s[:session]].merge!({k => matches})
if(s[:get])
print_status("HTTP GET: #{s[:session]} http://#{s[:webhost]}#{s[:get]}")
sessions.delete(s[:session])
return
end
when nil
# No matches, no saved state
end # end case matched
end # end of each_key
end # end of parse
end # end of URL sniffer