adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd2da7c12a8564aba79be6ea17a8cb10ecfcd52e
metasploit-gs/data/exploits/psnuffle/url.rb
T
HD Moore 5e74e80c89 Update psnuffle modules to use payload_data 
git-svn-id: file:///home/svn/framework3/trunk@6899 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-25 14:11:55 +00:00

46 lines
1.1 KiB
Ruby
Raw Blame History

# Sniffer class for GET URL's
class SnifferURL < BaseProtocolParser
def register_sigs
self.sigs = {
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/si,
:host => /^Host\:\s+([^\n]+)/si
}
end
def parse(pkt)
# We want to return immediantly if we do not have a packet which is handled by us
return if not pkt[:tcp]
return if (pkt[:tcp].dst_port != 80)
# Ok it's a packet for us lets look fot the matching session
s = find_session("#{pkt[:ip].dst_ip}:#{pkt[:tcp].dst_port}-#{pkt[:ip].src_ip}:#{pkt[:tcp].src_port}","#{pkt[:ip].dst_ip}")
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
if(pkt[:tcp].payload_data =~ self.sigs[k])
matched = k
matches = $1
end
case matched
when :host
if(s[:get])
print "-> Get request sniffed: #{s[:host]}#{s[:get]}\n"
sessions.delete(s[:session])
return
end
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
end # end of URL sniffer
Reference in New Issue View Git Blame Copy Permalink