| skipped 21 lines |
| 22 | 22 | | exit() |
| 23 | 23 | | import logging |
| 24 | 24 | | import argparse |
| 25 | | - | import string |
| | 25 | + | #import string |
| 26 | 26 | | import os |
| 27 | 27 | | import re |
| 28 | 28 | | import socket |
| skipped 276 lines |
| 305 | 305 | | |
| 306 | 306 | | |
| 307 | 307 | | def ParseDataRegex(decoded, SrcPort, DstPort): |
| 308 | | - | HTTPUser = [] |
| 309 | | - | HTTPass = [] |
| | 308 | + | HTTPUser = None |
| | 309 | + | HTTPass = None |
| 310 | 310 | | for user in http_userfields: |
| 311 | | - | user = re.findall('(%s=[^\s]+)' % user, decoded['data'], re.IGNORECASE) |
| | 311 | + | user = re.findall('(%s=[^&]+)' % user, decoded['data'], re.IGNORECASE) |
| 312 | 312 | | if user: |
| 313 | | - | HTTPUser.append(user) |
| | 313 | + | HTTPUser = user |
| 314 | 314 | | |
| 315 | 315 | | for password in http_passfields: |
| 316 | | - | passw = re.findall('(%s=[^\s]+)' % password, decoded['data'], re.IGNORECASE) |
| | 316 | + | passw = re.findall('(%s=[^&]+)' % password, decoded['data'], re.IGNORECASE) |
| 317 | 317 | | if passw: |
| 318 | | - | HTTPass.append(passw) |
| | 318 | + | HTTPass = passw |
| 319 | 319 | | |
| 320 | 320 | | SMTPAuth = re.search('AUTH LOGIN|AUTH PLAIN', decoded['data']) |
| 321 | 321 | | Basic64 = re.findall('(?<=Authorization: Basic )[^\n]*', decoded['data']) |
| skipped 77 lines |
| 399 | 399 | | |
| 400 | 400 | | if DstPort == 80: |
| 401 | 401 | | if (HTTPUser and HTTPass): |
| 402 | | - | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| 403 | 402 | | try: |
| 404 | | - | Message = 'Found possible HTTP authentication:' |
| | 403 | + | host = re.findall("(Host: [^\n]+)", decoded['data']) |
| | 404 | + | get_path = re.findall("(GET [^\n]+)", decoded['data']) |
| | 405 | + | post_path = re.findall("(POST [^\n]+)", decoded['data']) |
| | 406 | + | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| | 407 | + | Message = 'Found possible HTTP authentication %s:%s\n' % (HTTPUser[0], HTTPass[0]) |
| | 408 | + | if host: |
| | 409 | + | Message += '%s\n' % host[0].strip('\r') |
| | 410 | + | if get_path: |
| | 411 | + | Message += 'Full path: %s\n' % get_path[0].strip('\r') |
| | 412 | + | if post_path: |
| | 413 | + | Message += 'Full path: %s\n' % post_path[0].strip('\r') |
| 405 | 414 | | if PrintPacket(Filename,Message): |
| 406 | 415 | | l.warning(HeadMessage) |
| 407 | 416 | | l.warning(Message) |
| 408 | 417 | | print HeadMessage+'\n'+Message |
| 409 | | - | print filter(lambda x: x in string.printable, decoded['data']) |
| | 418 | + | #print filter(lambda x: x in string.printable, decoded['data']) |
| 410 | 419 | | except: |
| 411 | 420 | | pass |
| 412 | 421 | | |
| skipped 238 lines |
byt3bl33d3r
committed
9 years ago
1 parent 52048f82