| skipped 21 lines |
22 | 22 | | exit() |
23 | 23 | | import logging |
24 | 24 | | import argparse |
25 | | - | import string |
| 25 | + | #import string |
26 | 26 | | import os |
27 | 27 | | import re |
28 | 28 | | import socket |
| skipped 276 lines |
305 | 305 | | |
306 | 306 | | |
307 | 307 | | def ParseDataRegex(decoded, SrcPort, DstPort): |
308 | | - | HTTPUser = [] |
309 | | - | HTTPass = [] |
| 308 | + | HTTPUser = None |
| 309 | + | HTTPass = None |
310 | 310 | | for user in http_userfields: |
311 | | - | user = re.findall('(%s=[^\s]+)' % user, decoded['data'], re.IGNORECASE) |
| 311 | + | user = re.findall('(%s=[^&]+)' % user, decoded['data'], re.IGNORECASE) |
312 | 312 | | if user: |
313 | | - | HTTPUser.append(user) |
| 313 | + | HTTPUser = user |
314 | 314 | | |
315 | 315 | | for password in http_passfields: |
316 | | - | passw = re.findall('(%s=[^\s]+)' % password, decoded['data'], re.IGNORECASE) |
| 316 | + | passw = re.findall('(%s=[^&]+)' % password, decoded['data'], re.IGNORECASE) |
317 | 317 | | if passw: |
318 | | - | HTTPass.append(passw) |
| 318 | + | HTTPass = passw |
319 | 319 | | |
320 | 320 | | SMTPAuth = re.search('AUTH LOGIN|AUTH PLAIN', decoded['data']) |
321 | 321 | | Basic64 = re.findall('(?<=Authorization: Basic )[^\n]*', decoded['data']) |
| skipped 77 lines |
399 | 399 | | |
400 | 400 | | if DstPort == 80: |
401 | 401 | | if (HTTPUser and HTTPass): |
402 | | - | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
403 | 402 | | try: |
404 | | - | Message = 'Found possible HTTP authentication:' |
| 403 | + | host = re.findall("(Host: [^\n]+)", decoded['data']) |
| 404 | + | get_path = re.findall("(GET [^\n]+)", decoded['data']) |
| 405 | + | post_path = re.findall("(POST [^\n]+)", decoded['data']) |
| 406 | + | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| 407 | + | Message = 'Found possible HTTP authentication %s:%s\n' % (HTTPUser[0], HTTPass[0]) |
| 408 | + | if host: |
| 409 | + | Message += '%s\n' % host[0].strip('\r') |
| 410 | + | if get_path: |
| 411 | + | Message += 'Full path: %s\n' % get_path[0].strip('\r') |
| 412 | + | if post_path: |
| 413 | + | Message += 'Full path: %s\n' % post_path[0].strip('\r') |
405 | 414 | | if PrintPacket(Filename,Message): |
406 | 415 | | l.warning(HeadMessage) |
407 | 416 | | l.warning(Message) |
408 | 417 | | print HeadMessage+'\n'+Message |
409 | | - | print filter(lambda x: x in string.printable, decoded['data']) |
| 418 | + | #print filter(lambda x: x in string.printable, decoded['data']) |
410 | 419 | | except: |
411 | 420 | | pass |
412 | 421 | | |
| skipped 238 lines |