Un simple sniffer en perl para capturar todo lo que pasa en los metodos GET y POST
El codigo :
Eso es todo.
El codigo :
Código:
#!usr/bin/perl
#DH Sniffer 0.3
#(C) Doddy Hackman 2014
#Credits :
#Based on :
#http://stackoverflow.com/questions/4777042/can-i-use-tcpdump-to-get-http-requests-response-header-and-response-body
#http://www.perlmonks.org/?node_id=656590
#http://stein.cshl.org/~lstein/talks/WWW6/sniffer/
#http://perlenespanol.com/foro/post36051.html
#Thanks to : Lincoln D. Stein , paulz and Explorer
use CGI;
use threads;
use URI::Escape;
$| = 1;
my $control = shift;
head();
if ( $control eq "" ) {
print "\n[+] Sintax : $0 <option>\n";
print "\n[++] Options :\n";
print "\n[+] -g : Capture method GET\n";
print "[+] -p : Capture method POST\n";
print "\n[+] Example : sudo perl $0 -pg\n";
copyright();
}
print "\n";
my $hilo_get = threads->new( \&sniffer_get );
my $hilo_post = threads->new( \&sniffer_post );
$hilo_get->join;
$hilo_post->join;
sub sniffer_get {
if ( $control =~ /g/ ) {
open( GET, "/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |" );
while (<GET>) {
if (/^\S/) {
while ( $contenido =~
/(GET|POST|WWW-Authenticate|Authorization).+/g )
{
print "\n[+] $ip = $name " . uri_unescape($&);
savefile( "logs", "\n[+] $ip = $name " . uri_unescape($&) );
}
undef $ip;
undef $name;
undef $contenido;
( $ip, $name ) =
/IP (\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/;
}
s/\s+//g;
s/0x[abcdef\d]+://i;
s/([0-9a-f]{2})/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;
$contenido .= $_;
}
}
}
sub sniffer_post {
if ( $control =~ /p/ ) {
open( POST,
"tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' |"
);
while (<POST>) {
if (/^\S/) {
my $code = $_;
$buscando = CGI->new($code);
my @params = $buscando->param;
foreach $par (@params) {
if ( $par =~ /\./ ) {
next;
}
else {
my $dataf = $buscando->param($par);
print "\n[+] $par " . " : " . $dataf;
savefile( "logs", "\n[+] $par " . " : " . $dataf );
}
}
}
}
}
}
sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1];
close SAVE;
}
sub head {
print "\n-- == DH Sniffer 0.3 == --\n";
}
sub copyright {
print "\n-- == (C) Doddy Hackman 2014 == --\n\n";
exit(1);
}
# The End ?