crazysniffer.pl

一个rst守护程序

#!/usr/bin/perl
# Yet another network and password sniffer
#
# Written by Bastian Ballmann [ bytebeater@crazydj.de ]
# http://www.crazydj.de
#
# Last Update: 29.11.2002
#
# This code is licensed under the GPL

###[ Loading modules ]###

use Net::PcapUtils;                 # Sniffin around
use NetPacket::Ethernet qw(:strip); # Decoding Ethernet packets
use NetPacket::IP qw(:strip);       # Decoding IP packets
use NetPacket::TCP;                 # Decoding TCP packets
use Data::Hexdumper;                # Dump Hex
use Getopt::Std;                    # Parsing parameter
use path::config;                   # P.A.T.H. configuration

# Autoflush Output
$|=1;

# Are you root?
if($> != 0)
{
    die "You must be root...\n\n";
}

# Need help?
if($ARGV[0] eq "--help")
{
    print "Usage $0 -fimsStwxX\n\n";
    print "[-i interface]\n"; 
    print "[-X password sniffin]\n";
    print "[-t telnet sniffin]\n";
    print "[-m mail sniffin]\n";
    print "[-f 'pcap filter']\n";
    print "[-S print Sequence and Acknowledgement numbers]\n";
    print "[-s snaplen] \n";
    print "[-w save-to-file]\n";
    print "[-x dump hex]\n\n";
    exit(0);
}

# Create config object
my $cfg = config->new();

# Load GUI version?
if($ARGV[0] eq "--gui")
{
    require "crazysniffer-gui.pl";
}
else
{
# Read in parameter
getopts('w:s:i:f:SmtXx', \%args);
&start();
}


###[ Subroutines ]###

sub start
{

# Parameter verarbeiten
    $cfg->check(%args);
    
# Mit diesem Flag merken wir uns ob wir
# im Mail oder Telnet Modus schon die
# IPs / Ports ausgegeben haben
    %ips;
    
    print "Start sniffin on device " . $cfg->get_device . "...\n\n";
    
# Pcap Filter
    if($args{'f'})
    {
	$filter = $args{'f'};
    }
# Telnet sniffin mode
    elsif($args{'t'})
    {
	print "Telnet sniffin mode\n\n";
	$filter = "tcp and port 23";
    }
# Mail sniffin mode
    elsif($args{'m'})
    {
	print "Mail sniffin mode\n\n";
	$filter = "tcp and port 25 or port 110 or port 143";
    }
    else
    {
	$filter = "tcp";
    }
    
# Write payload to a file?
    $output = $args{'w'};
    
# Number of bytes to capture from each packet
    $snaplen = $args{'s'};
    
    %sequence;
    
    if($snaplen eq "")
    {
	$snaplen = 2048;
    }
    
    Net::PcapUtils::loop(\&sniffit,
			 PROMISC => 1,
			 SNAPLEN => $snaplen,
			 FILTER => $filter,
			 SAVEFILE => $output,
			 DEV => $cfg->get_device,
			 NUMPACKETS => -1) || die "Shit! There was an error!\n$!\n\n";
}

# Decode packets and payload
# Parse the payload
sub sniffit
{
    my ($opt, $header, $packet) = @_;
    $flag = 0;

    my $ip = NetPacket::IP->decode(eth_strip($packet));
    my $tcp = NetPacket::TCP->decode($ip->{data});
    my $dump = $tcp->{data};

if($ARGV[0] eq "--gui")
{
    $top->update();
}
# Print Payload in Hex?
if($args{'x'})
{
    unless($dump eq "")
    {
       $dump = Data::Hexdumper::Hexdump( data => $dump, format => "H" );
    }
}

# Telnet sniffin mode
# IPs + Portnummer wird nicht angezeigt
if($args{'t'})
{
    # Wurde die IP / Port schon ausgegeben?
    unless($ips{"$ip->{src_ip}:$tcp->{src_port} $ip->{dest_ip}:$tcp->{dest_port}"})
    {
	$ips{"$ip->{src_ip}:$tcp->{src_port} $ip->{dest_ip}:$tcp->{dest_port}"} = 1;
	print "$ip->{src_ip}:$tcp->{src_port} --> $ip->{dest_ip}:$tcp->{dest_port}\n\n";
    }

# Wurde das Paket schon verarbeitet?
    unless($sequence{$tcp->{seqnum}})
    {
	$sequence{$tcp->{seqnum}} = 1;
	$dump =~ s/\r\n/\n/g;
	print $dump;	
    }
}

# Mail sniffin mode
elsif($args{'m'})
{
    # Wurde die IP / Port schon ausgegeben?
    unless($ips{"$ip->{src_ip}:$tcp->{src_port} $ip->{dest_ip}:$tcp->{dest_port}"})
    {
	$ips{"$ip->{src_ip}:$tcp->{src_port} $ip->{dest_ip}:$tcp->{dest_port}"} = 1;
	print "$ip->{src_ip}:$tcp->{src_port} --> $ip->{dest_ip}:$tcp->{dest_port}\n\n";
    }

    print $dump;

    if($dump =~ /QUIT/)
    {
	print "-=" x 40 . "\n";
    }
}

# Password snffin mode
elsif($args{'X'})
{
    if( ($dump =~ /PASS/) || ($dump =~ /USER/) || ($dump =~ /Username/) || ($dump =~ /password/) )
    {
	print_dump($ip,$tcp,$dump);
    }
    elsif($dump =~ /login/)
    {
	print_dump($ip,$tcp,$dump);
	$flag = 1;
	return;
    }

    if( ($flag == 1) && ($dump =~ !/login/) && ($dump ne "") )
    {
	print_dump($ip,$tcp,$dump);
	$flag = 0;
    }
}
# Normal sniffin
else
{
    print_dump($ip,$tcp,$dump);
}
}


sub print_dump
{
    my($ip,$tcp,$dump) = @_;
    my $nase = "$ip->{src_ip}:$tcp->{src_port}  -->  $ip->{dest_ip}:$tcp->{dest_port}";

    # Print Sequence and Acknowledgement numbers?
    if($args{'S'})
    {
	$nase .= " Seq: " . $tcp->{seqnum} . " Ack: " . $tcp->{acknum};
    }

    if($ARGV[0] eq "--gui")
    {
	$result->insert(end,"$nase\n");
	$result->insert(end,"$dump\n\n");
	$top->update();
    }
    else
    {
	print "$nase\n";
	print "$dump\n\n";
    }
}