2
ettercap -- ncurses interface for data sniffing-logging
4
Copyright (C) 2001 ALoR <alor@users.sourceforge.net>, NaGA <crwm@freemail.it>
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20
$Id: ec_interface_sniff_data.c,v 1.6 2003/04/30 10:05:25 lordnaga Exp $
25
#ifdef HAVE_NCURSES // don't compile if ncurses interface is not supported
33
#include <sys/types.h>
34
#if defined(HAVE_SYS_POLL_H)
36
#elif defined (HAVE_POLL_H)
40
#include <ec_interface.h>
41
#include <ec_interface_inject.h>
42
#include <ec_interface_plugins.h>
43
#include <ec_decodedata.h>
44
#include <ec_dissector.h>
45
#include <ec_illithid.h>
46
#include <ec_buffer.h>
47
#include <ec_inet_structures.h>
48
#include <ec_binder.h>
49
#include <ec_thread.h>
51
#define PAD_BUFFER 1000 // buffered lines for sniffing
54
#define BOTTOM_COLOR 1 // color schemes
62
#define KEY_TAB '\t' // they aren't defined in ncurses.h :(
66
#define ASCII_VIEW 0 // data in the sniffing windows...
74
void Interface_Sniff_Data_Run(char *ips, int psource, char *ipd, int pdest, char *macs, char *macd, char proto, char *type, short mode, int connection);
75
void Interface_Sniff_Data_Redraw(void);
76
void Interface_Sniff_Data_KeyTab(void);
77
void Interface_Sniff_Data_SniffData(void);
78
void Interface_Sniff_Data_LogToFile(char proto);
79
void Interface_Sniff_Data_Winch(void);
80
void Interface_Sniff_Data_Reset(void);
81
void Interface_Sniff_Data_StopCont(void);
82
void Interface_Sniff_Data_View(short mode);
83
void Interface_Sniff_Data_Scroll(short direction);
84
void Interface_Sniff_Data_DrawScroller(void);
85
void Interface_Sniff_Data_Inject(char proto, char *app);
86
void Interface_Sniff_Data_Kill(char proto);
87
void Interface_Sniff_Data_Bind(char proto, char *ipsource, char *ipdest);
88
u_short Interface_Sniff_Data_WaitPort(void);
92
extern WINDOW *main_window, *bottom_window, *top_window;
93
WINDOW *data_source_win, *data_dest_win, *data_source, *data_dest;
95
WINDOW *data_joined_win, *data_joined;
98
extern int W_MAINX1, W_MAINY1, W_MAINX2, W_MAINY2;
99
extern int W_BOTTOMY2;
101
extern int Conn_Pointer;
103
short log_source, log_dest, log_joined;
109
int inject_tod=0, inject_tos=0;
111
short scroll_yd = 0, scroll_ys = 0, scroll_yj = 0;
113
FILE *file_source, *file_dest, *file_joined;
120
pthread_t Binder_pid=0;
122
int Connection_Sniffed;
123
//---------------------------
125
void Interface_Sniff_Data_Winch(void) // TODO better handling...
127
DEBUG_MSG("Interface_Sniff_Data_Winch\tTODO");
129
Interface_Sniff_Data_Redraw();
133
void Interface_Sniff_Data_Redraw(void)
138
DEBUG_MSG("Interface_Sniff_Data_Redraw");
142
redrawwin(data_joined_win);
144
wnoutrefresh(data_joined_win);
145
pnoutrefresh(data_joined, scroll_yj, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
149
redrawwin(data_dest_win);
150
redrawwin(data_source_win);
152
wnoutrefresh(data_dest_win);
153
wnoutrefresh(data_source_win);
154
pnoutrefresh(data_source, scroll_ys, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
155
pnoutrefresh(data_dest, scroll_yd, 0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
163
void Interface_Sniff_Data_KeyTab(void)
166
if (joined) return; // TAB isnt necessary in joined view
168
win_pointer = (win_pointer == data_source_win) ? data_dest_win : data_source_win;
170
wattroff(data_source_win, A_BOLD);
171
wattroff(data_dest_win, A_BOLD);
173
wattron(win_pointer, A_BOLD);
175
box(data_source_win,ACS_VLINE,ACS_HLINE);
176
box(data_dest_win,ACS_VLINE,ACS_HLINE);
178
mvwprintw(data_source_win, 0, 1, "%s:%d", ipsource, portsource);
179
mvwprintw(data_dest_win, 0, 1, "%s:%d", ipdest, portdest);
181
Interface_Sniff_Data_DrawScroller();
183
if (log_source) mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 / 2 - 10, "LOGGED");
184
if (log_dest) mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 / 2 - 10, "LOGGED");
189
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "ASCII");
190
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "ASCII");
193
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "HEX");
194
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "HEX");
198
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "EBCDIC");
199
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "EBCDIC");
203
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "TEXT");
204
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "TEXT");
208
if (stop) mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "STOPPED");
209
if (stop) mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "STOPPED");
211
mvwprintw(win_pointer, 0, W_MAINX2 / 2 - 10, "active");
213
redrawwin(data_dest_win);
214
redrawwin(data_source_win);
216
wnoutrefresh(data_dest_win);
217
wnoutrefresh(data_source_win);
218
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
219
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
228
void Interface_Sniff_Data_LogToFile(char proto)
230
WINDOW *question_window;
238
DEBUG_MSG("Interface_Sniff_Data_LogToFile");
243
snprintf(date, sizeof(date), "%04d%02d%02d", dd->tm_year+1900, dd->tm_mon+1, dd->tm_mday);
247
strcpy(question, "Do you want to log the trafic to this file ? (y/n)");
249
snprintf(filename, sizeof(filename), "%s-%c-%s[%d]-%s[%d]-FULL.log", date, proto, ipsource, portsource, ipdest, portdest);
251
snprintf(filename, sizeof(filename), "%s-%c-%s:%d-%s:%d-FULL.log", date, proto, ipsource, portsource, ipdest, portdest);
256
if (win_pointer == data_source_win)
258
strcpy(question, "Do you want to log SOURCE-to-DEST to this file ? (y/n)");
260
snprintf(filename, sizeof(filename), "%s-%c-%s[%d]-%s[%d].log", date, proto, ipsource, portsource, ipdest, portdest);
262
snprintf(filename, sizeof(filename), "%s-%c-%s:%d-%s:%d.log", date, proto, ipsource, portsource, ipdest, portdest);
267
strcpy(question, "Do you want to log DEST-to-SOURCE to this file ? (y/n)");
269
snprintf(filename, sizeof(filename), "%s-%c-%s[%d]-%s[%d].log", date, proto, ipdest, portdest, ipsource, portsource);
271
snprintf(filename, sizeof(filename), "%s-%c-%s:%d-%s:%d.log", date, proto, ipdest, portdest, ipsource, portsource);
276
question_window = newwin(7, strlen(question) + 8,0,0);
277
mvwin(question_window, W_MAINY1+(W_MAINY2-W_MAINY1)/2-2, W_MAINX2/2 - (strlen(question)+8)/2 );
278
wbkgdset(question_window, COLOR_PAIR(TITLE_COLOR));
279
wattron(question_window, A_BOLD);
280
box(question_window,ACS_VLINE,ACS_HLINE);
281
mvwprintw(question_window, 2, 4, "%s", question);
282
wnoutrefresh(question_window);
285
wbkgdset(question_window, COLOR_PAIR(HELP_COLOR));
286
if (joined) mvwprintw(question_window, 4, 2, "%s", filename);
287
else mvwprintw(question_window, 4, 6, "%s", filename);
288
answer = wgetch(question_window);
289
delwin(question_window);
291
if ( (answer == 'y') || (answer == 'Y') )
295
file_joined = fopen(filename, "a");
296
if (file_joined == NULL)
297
ERROR_MSG("fopen()");
299
mvwprintw(data_joined_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 - 15, "LOGGED");
303
if (win_pointer == data_source_win)
305
file_source = fopen(filename, "a");
306
if (file_source == NULL)
307
ERROR_MSG("fopen()");
309
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 / 2 - 10, "LOGGED");
313
file_dest = fopen(filename, "a");
314
if (file_dest == NULL)
315
ERROR_MSG("fopen()");
317
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 / 2 - 10, "LOGGED");
325
if (log_joined) fclose(file_joined);
327
wmove(data_joined_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 - 15);
328
whline(data_joined_win, ACS_HLINE, 6);
332
if (win_pointer == data_source_win)
334
if (log_source) fclose(file_source);
336
wmove(data_source_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 / 2 - 10);
337
whline(data_source_win, ACS_HLINE, 6);
341
if (log_dest) fclose(file_dest);
343
wmove(data_dest_win, W_MAINY2 - W_MAINY1 - 4, W_MAINX2 / 2 - 10);
344
whline(data_dest_win, ACS_HLINE, 6);
351
DEBUG_MSG("Interface_Sniff_Data_LogToFile returns -- %c", answer);
352
if ( (answer == 'y') || (answer == 'Y') ) DEBUG_MSG("\t %s", filename);
355
Interface_Sniff_Data_Redraw();
360
void Interface_Sniff_Data_StopCont(void)
362
DEBUG_MSG("Interface_Sniff_Data_StopCont");
369
mvwprintw(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2, "STOPPED");
373
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "STOPPED");
374
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "STOPPED");
382
wmove(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_joined_win, ACS_HLINE, 7);
386
wmove(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_source_win, ACS_HLINE, 7);
387
wmove(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_dest_win, ACS_HLINE, 7);
390
Interface_Sniff_Data_View(view);
397
redrawwin(data_joined_win);
399
wnoutrefresh(data_joined_win);
400
pnoutrefresh(data_joined, scroll_yj, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
404
redrawwin(data_dest_win);
405
redrawwin(data_source_win);
407
wnoutrefresh(data_dest_win);
408
wnoutrefresh(data_source_win);
409
pnoutrefresh(data_source, scroll_ys, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
410
pnoutrefresh(data_dest, scroll_yd, 0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
417
void Interface_Sniff_Data_Reset()
421
ConnBuffer_Flush(Conn_Between_Hosts[Connection_Sniffed].DataBuffer);
426
wmove(data_source, scroll_ys, 0);
427
wmove(data_dest, scroll_yd, 0);
432
wmove(data_joined, scroll_yj, 0);
437
void Interface_Sniff_Data_View(short mode)
439
DEBUG_MSG("Interface_Sniff_Data_View -- %d", mode);
446
wmove(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_joined_win, ACS_HLINE, 7);
447
mvwprintw(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2, "ASCII");
451
wmove(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_source_win, ACS_HLINE, 7);
452
wmove(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_dest_win, ACS_HLINE, 7);
453
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "ASCII");
454
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "ASCII");
461
wmove(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_joined_win, ACS_HLINE, 7);
462
mvwprintw(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2, "HEX");
466
wmove(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_source_win, ACS_HLINE, 7);
467
wmove(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_dest_win, ACS_HLINE, 7);
468
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "HEX");
469
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "HEX");
476
wmove(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_joined_win, ACS_HLINE, 7);
477
mvwprintw(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2, "TEXT");
481
wmove(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_source_win, ACS_HLINE, 7);
482
wmove(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_dest_win, ACS_HLINE, 7);
483
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "TEXT");
484
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "TEXT");
491
wmove(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_joined_win, ACS_HLINE, 7);
492
mvwprintw(data_joined_win, W_MAINY2 - W_MAINY1 - 4, 2, "EBCDIC");
496
wmove(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_source_win, ACS_HLINE, 7);
497
wmove(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2); whline(data_dest_win, ACS_HLINE, 7);
498
mvwprintw(data_source_win, W_MAINY2 - W_MAINY1 - 4, 2, "EBCDIC");
499
mvwprintw(data_dest_win, W_MAINY2 - W_MAINY1 - 4, 2, "EBCDIC");
507
delwin(data_joined_win);
510
redrawwin(main_window);
511
redrawwin(data_dest_win);
512
redrawwin(data_source_win);
514
wnoutrefresh(main_window);
515
wnoutrefresh(data_dest_win);
516
wnoutrefresh(data_source_win);
518
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
519
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
527
data_joined_win = newwin(W_MAINY2 - W_MAINY1 - 3, W_MAINX2 - 4, W_MAINY1 + 2, 2);
528
data_joined = newpad(PAD_BUFFER, W_MAINX2 - 6);
530
wbkgdset(data_joined_win, COLOR_PAIR(SNIFF_COLOR));
531
wattron(data_joined_win, A_BOLD);
532
box(data_joined_win, ACS_VLINE, ACS_HLINE);
533
mvwprintw(data_joined_win, 0, 1, "%s:%d - %s:%d", ipsource, portsource, ipdest, portdest);
534
scroll_yj = PAD_BUFFER - (W_MAINY2-10);
535
mvwprintw(data_joined_win, 0, W_MAINX2 - 15, "JOINED");
536
scrollok(data_joined_win, TRUE);
537
wmove(data_joined, scroll_yj, 0);
539
scrollok(data_joined, TRUE);
541
wnoutrefresh(data_joined_win);
542
pnoutrefresh(data_joined, scroll_yj, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
545
Interface_Sniff_Data_DrawScroller();
546
Interface_Sniff_Data_View(ASCII_VIEW);
558
redrawwin(data_joined_win);
560
wnoutrefresh(data_joined_win);
561
pnoutrefresh(data_joined, scroll_yj, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
565
redrawwin(data_dest_win);
566
redrawwin(data_source_win);
568
wnoutrefresh(data_dest_win);
569
wnoutrefresh(data_source_win);
570
pnoutrefresh(data_source, scroll_ys, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
571
pnoutrefresh(data_dest, scroll_yd, 0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
580
void Interface_Sniff_Data_SniffData(void)
582
SNIFFED_DATA data_from_illithid;
586
datalen = ConnBuffer_Get(Conn_Between_Hosts[Connection_Sniffed].DataBuffer, &data_from_illithid, sizeof(SNIFFED_DATA));
588
datalen = Buffer_Get(pipe_with_illithid_data, &data_from_illithid, sizeof(SNIFFED_DATA));
596
if (binder_pipe != -1 && Binder_pid)
597
Buffer_Put(binder_pipe, &data_from_illithid, sizeof(SNIFFED_DATA));
601
if (log_joined) { write(fileno(file_joined), &data_from_illithid.data, data_from_illithid.datasize); fflush(file_joined);}
604
if ( current_illithid_data.source_ip == data_from_illithid.fast_source_ip)
605
wbkgdset(data_joined, COLOR_PAIR(TITLE_COLOR));
607
wbkgdset(data_joined, COLOR_PAIR(BOTTOM_COLOR));
612
wprintw(data_joined, "%s", Decodedata_GetAsciiData(data_from_illithid.data, data_from_illithid.datasize));
613
pnoutrefresh(data_joined, scroll_yj,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
617
wprintw(data_joined, "%s", Decodedata_GetTextData(data_from_illithid.data, data_from_illithid.datasize));
618
pnoutrefresh(data_joined, scroll_yj,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
622
wprintw(data_joined, "%s", Decodedata_GetEBCDICData(data_from_illithid.data, data_from_illithid.datasize));
623
pnoutrefresh(data_joined, scroll_yj,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
627
if (data_from_illithid.proto == 'T') {
628
wprintw(data_joined, "\n> S %lx A %lx (%s) <\n%s",
629
data_from_illithid.seq,
630
data_from_illithid.ack_seq,
631
Decodedata_TCPFlags(data_from_illithid.flags),
632
Decodedata_GetHexData(data_from_illithid.data, data_from_illithid.datasize, (joined) ? W_MAINX2 : W_MAINX2/2 - 4));
634
wprintw(data_joined, "%s", Decodedata_GetHexData(data_from_illithid.data, data_from_illithid.datasize, (joined) ? W_MAINX2 : W_MAINX2/2 - 4));
636
pnoutrefresh(data_joined, scroll_yj,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
641
else if ( current_illithid_data.source_ip == data_from_illithid.fast_source_ip)
643
if (log_source) { write(fileno(file_source), &data_from_illithid.data, data_from_illithid.datasize); fflush(file_source);}
648
wprintw(data_source, "%s", Decodedata_GetAsciiData(data_from_illithid.data, data_from_illithid.datasize));
649
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
653
wprintw(data_source, "%s", Decodedata_GetTextData(data_from_illithid.data, data_from_illithid.datasize));
654
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
658
wprintw(data_source, "%s", Decodedata_GetEBCDICData(data_from_illithid.data, data_from_illithid.datasize));
659
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
663
if (data_from_illithid.proto == 'T')
664
wprintw(data_source, "\n> S %lx A %lx (%s) <\n%s",
665
data_from_illithid.seq,
666
data_from_illithid.ack_seq,
667
Decodedata_TCPFlags(data_from_illithid.flags),
668
Decodedata_GetHexData(data_from_illithid.data, data_from_illithid.datasize, W_MAINX2/2 - 4));
670
wprintw(data_source, "%s", Decodedata_GetHexData(data_from_illithid.data, data_from_illithid.datasize, W_MAINX2/2 - 4));
672
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
678
if (log_dest) { write(fileno(file_dest), &data_from_illithid.data, data_from_illithid.datasize); fflush(file_dest);}
683
wprintw(data_dest, "%s", Decodedata_GetAsciiData(data_from_illithid.data, data_from_illithid.datasize));
684
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
688
wprintw(data_dest, "%s", Decodedata_GetTextData(data_from_illithid.data, data_from_illithid.datasize));
689
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
693
wprintw(data_dest, "%s", Decodedata_GetEBCDICData(data_from_illithid.data, data_from_illithid.datasize));
694
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
698
if (data_from_illithid.proto == 'T')
699
wprintw(data_dest, "\n> S %lx A %lx (%s) <\n%s",
700
data_from_illithid.seq,
701
data_from_illithid.ack_seq,
702
Decodedata_TCPFlags(data_from_illithid.flags),
703
Decodedata_GetHexData(data_from_illithid.data, data_from_illithid.datasize, W_MAINX2/2 - 4));
705
wprintw(data_dest, "%s", Decodedata_GetHexData(data_from_illithid.data, data_from_illithid.datasize, W_MAINX2/2 - 4));
707
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
716
void Interface_Sniff_Data_DrawScroller(void)
718
short sheight = (W_MAINY2-10)*(W_MAINY2-10)/PAD_BUFFER;
719
short svpos = (W_MAINY2-6)*scroll_ys/PAD_BUFFER;
720
short dvpos = (W_MAINY2-6)*scroll_yd/PAD_BUFFER;
721
short jvpos = (W_MAINY2-6)*scroll_yj/PAD_BUFFER;
723
sheight = (sheight < 1) ? 1 : sheight;
725
svpos = (svpos == 0) ? 1 : svpos;
726
svpos = (svpos > W_MAINY2-9-sheight) ? W_MAINY2-9-sheight : svpos;
728
dvpos = (dvpos == 0) ? 1 : dvpos;
729
dvpos = (dvpos > W_MAINY2-9-sheight) ? W_MAINY2-9-sheight : dvpos;
731
jvpos = (jvpos == 0) ? 1 : jvpos;
732
jvpos = (jvpos > W_MAINY2-9-sheight) ? W_MAINY2-9-sheight : jvpos;
734
wattron(win_pointer, A_BOLD);
738
wmove(data_joined_win, 1, W_MAINX2 - 5);
739
wvline(data_joined_win, ACS_VLINE, W_MAINY2-10);
740
wattron(data_joined_win, A_REVERSE);
741
wmove(data_joined_win, jvpos, W_MAINX2 - 5);
742
wvline(data_joined_win, ' ', sheight);
743
wnoutrefresh(data_joined_win);
744
wattroff(data_joined_win, A_REVERSE);
748
wmove(data_source_win, 1, W_MAINX2 / 2 - 3);
749
wvline(data_source_win, ACS_VLINE, W_MAINY2-10);
750
wattron(data_source_win, A_REVERSE);
751
wmove(data_source_win, svpos, W_MAINX2 / 2 - 3);
752
wvline(data_source_win, ' ', sheight);
753
wnoutrefresh(data_source_win);
754
wattroff(data_source_win, A_REVERSE);
756
wmove(data_dest_win, 1, W_MAINX2 / 2 - 3);
757
wvline(data_dest_win, ACS_VLINE, W_MAINY2-10);
758
wattron(data_dest_win, A_REVERSE);
759
wmove(data_dest_win, dvpos, W_MAINX2 / 2 - 3);
760
wvline(data_dest_win, ' ', sheight);
761
wnoutrefresh(data_dest_win);
762
wattroff(data_dest_win, A_REVERSE);
768
void Interface_Sniff_Data_Scroll(short direction)
773
scroll_yj += direction;
774
scroll_yj = (scroll_yj < 0) ? 0 : scroll_yj;
775
scroll_yj = (scroll_yj > PAD_BUFFER - (W_MAINY2-10)) ? PAD_BUFFER - (W_MAINY2-10) : scroll_yj;
776
pnoutrefresh(data_joined, scroll_yj, 0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 - 4);
777
Interface_Sniff_Data_DrawScroller();
782
if (win_pointer == data_source_win)
784
scroll_ys += direction;
785
scroll_ys = (scroll_ys < 0) ? 0 : scroll_ys;
786
scroll_ys = (scroll_ys > PAD_BUFFER - (W_MAINY2-10)) ? PAD_BUFFER - (W_MAINY2-10) : scroll_ys;
787
pnoutrefresh(data_source, scroll_ys,0, W_MAINY1 + 3, 3, W_MAINY2 - 3 , W_MAINX2 / 2 - 2);
788
Interface_Sniff_Data_DrawScroller();
792
scroll_yd += direction;
793
scroll_yd = (scroll_yd < 0) ? 0 : scroll_yd;
794
scroll_yd = (scroll_yd > PAD_BUFFER - (W_MAINY2-10)) ? PAD_BUFFER - (W_MAINY2-10) : scroll_yd;
795
pnoutrefresh(data_dest, scroll_yd,0, W_MAINY1 + 3, W_MAINX2 / 2 + 2, W_MAINY2 - 3 , W_MAINX2 - 2);
796
Interface_Sniff_Data_DrawScroller();
805
void Interface_Sniff_Data_Inject(char proto, char *app)
808
INJECTED_DATA inject_data;
811
DEBUG_MSG("Interface_Sniff_Data_Inject");
815
Interface_PopUp("Injection is not possible while in JOINED view");
816
Interface_Sniff_Data_Redraw();
820
memset(&inject_data, 0, sizeof(INJECTED_DATA));
822
data_len = Interface_Inject_Run(inject_data.data, proto, app);
823
Interface_Sniff_Data_Redraw();
825
inject_data.proto = proto;
826
inject_data.datalen = data_len;
830
inject = 1; // on exit the connection must be RSTted
832
if (win_pointer == data_dest_win)
834
DEBUG_MSG("Interface_Sniff_Data_Inject -- INJECT -- %s", ipdest);
835
inject_data.source_ip = inet_addr(ipsource);
836
inject_data.dest_ip = inet_addr(ipdest);
837
inject_data.source_port = htons(portsource);
838
inject_data.dest_port = htons(portdest);
839
write(pipe_inject[1], &inject_data, sizeof(INJECTED_DATA));
840
wmove(bottom_window, 1, 30);
841
wbkgdset(bottom_window, COLOR_PAIR(BOTTOM_COLOR));
842
wprintw(bottom_window, "%d ", inject_tos += data_len);
843
wbkgdset(bottom_window, COLOR_PAIR(SNIFF_COLOR));
844
wprintw(bottom_window, "chars injected to %s", ipsource);
848
DEBUG_MSG("Interface_Sniff_Data_Inject -- INJECT -- %s", ipsource);
849
inject_data.source_ip = inet_addr(ipdest);
850
inject_data.dest_ip = inet_addr(ipsource);
851
inject_data.source_port = htons(portdest);
852
inject_data.dest_port = htons(portsource);
853
write(pipe_inject[1], &inject_data, sizeof(INJECTED_DATA));
854
wmove(bottom_window, 0, 30);
855
wbkgdset(bottom_window, COLOR_PAIR(BOTTOM_COLOR));
856
wprintw(bottom_window, "%d ", inject_tod += data_len);
857
wbkgdset(bottom_window, COLOR_PAIR(SNIFF_COLOR));
858
wprintw(bottom_window, "chars injected to %s", ipdest);
862
wnoutrefresh(bottom_window);
871
void Interface_Sniff_Data_Kill(char proto)
877
Interface_PopUp("Trying to kill an UDP connection ?!? Hey Kiddie, go home !!");
881
DEBUG_MSG("Interface_Sniff_Data_Kill -- %s:%d -> %s:%d ", ipsource, portsource, ipdest, portdest);
883
kill_data.source_ip = inet_addr(ipsource);
884
kill_data.dest_ip = inet_addr(ipdest);
885
kill_data.source_port = htons(portsource);
886
kill_data.dest_port = htons(portdest);
887
write(pipe_kill[1], &kill_data, sizeof(KILL_DATA));
889
strcpy(Conn_Between_Hosts[Conn_Pointer].status, "KILLED");
891
Interface_PopUp("Connection KILLED !!");
895
u_short Interface_Sniff_Data_WaitPort(void)
897
while(Global_Binder_Port==0)
899
return (Global_Binder_Port);
902
void Interface_Sniff_Data_Bind(char proto, char *ipsource, char *ipdest)
907
Interface_PopUp("Can't bind while in joined view");
912
Interface_PopUp("You can only bind TCP connections");
916
if (binder_pipe == -1)
917
binder_pipe = Buffer_Create(1.0e6);
919
s_ip = inet_addr(ipsource);
920
d_ip = inet_addr(ipdest);
922
if (Binder_pid) ECThread_destroy(Binder_pid);
924
Global_Binder_Port = 0;
926
if (win_pointer != data_source_win) {
927
Binder_pid = Binder_Start(s_ip, d_ip, portsource, portdest, proto);
928
Interface_PopUp("Binded Connection D-to-S on port %d", Interface_Sniff_Data_WaitPort());
930
Binder_pid = Binder_Start(d_ip, s_ip, portdest, portsource, proto);
931
Interface_PopUp("Binded Connection S-to-D on port %d", Interface_Sniff_Data_WaitPort());
938
void Interface_Sniff_Data_Run(char *ips, int psource, char *ipd, int pdest, char *macs, char *macd, char proto, char *type, short mode, int connection)
941
int dimY = W_MAINY2 - W_MAINY1 - 3;
942
int dimX = W_MAINX2 / 2 - 2;
943
#if defined(HAVE_SYS_POLL_H) || defined(HAVE_POLL_H)
944
struct pollfd poll_fd;
947
struct timeval TimeOut;
954
Connection_Sniffed = connection;
955
if (Options.buflen) ConnBuffer_Flush(Conn_Between_Hosts[Connection_Sniffed].DataBuffer);
957
strlcpy(ipsource, ips, sizeof(ipsource)); // save locally because other threads can
958
strlcpy(ipdest, ipd, sizeof(ipdest)); // realloc the array containing these values
959
portsource = psource;
962
strlcpy(macsource, macs, sizeof(macsource));
963
strlcpy(macdest, macd, sizeof(macdest));
964
strlcpy(app, type, sizeof(app));
966
DEBUG_MSG("Interface_Sniff_Data_Run -- %d -- %c [%s:%d] [%s:%d] [%s] [%s]", mode, proto, ipsource, portsource, ipdest, portdest, macsource, macdest );
968
data_source_win = newwin(dimY, dimX, W_MAINY1 + 2, 2);
969
data_dest_win = newwin(dimY, dimX, W_MAINY1 + 2, W_MAINX2 / 2 + 1);
970
data_source = newpad(PAD_BUFFER, dimX - 2);
971
data_dest = newpad(PAD_BUFFER, dimX - 2);
973
win_pointer = data_source_win;
975
wbkgdset(data_source_win, COLOR_PAIR(SNIFF_COLOR));
976
wbkgdset(data_dest_win, COLOR_PAIR(SNIFF_COLOR));
977
wattron(data_source_win, A_BOLD);
979
box(data_source_win,ACS_VLINE,ACS_HLINE);
980
box(data_dest_win,ACS_VLINE,ACS_HLINE);
982
mvwprintw(data_source_win, 0, 1, "%s:%d", ipsource, portsource);
983
mvwprintw(data_dest_win, 0, 1, "%s:%d", ipdest, portdest);
985
mvwprintw(data_source_win, 0, W_MAINX2 / 2 - 10, "active");
987
scrollok(data_source, TRUE);
988
scrollok(data_dest, TRUE);
990
scroll_yd = PAD_BUFFER - (W_MAINY2-10);
991
scroll_ys = PAD_BUFFER - (W_MAINY2-10);
993
wmove(data_source, scroll_ys, 0);
994
wmove(data_dest, scroll_yd, 0);
996
wbkgdset(main_window, COLOR_PAIR(MAIN_COLOR));
998
Interface_Sniff_Data_DrawScroller();
1000
werase(main_window);
1001
werase(bottom_window);
1003
wmove(bottom_window, 0, 1);
1004
wbkgdset(bottom_window, COLOR_PAIR(SNIFF_COLOR));
1005
wprintw(bottom_window, "Protocol: ");
1006
wbkgdset(bottom_window, COLOR_PAIR(BOTTOM_COLOR));
1008
wprintw(bottom_window, "TCP");
1010
wprintw(bottom_window, "UDP");
1011
wmove(bottom_window, 1, 1);
1012
wbkgdset(bottom_window, COLOR_PAIR(SNIFF_COLOR));
1013
wprintw(bottom_window, "Application: ");
1014
wbkgdset(bottom_window, COLOR_PAIR(BOTTOM_COLOR));
1015
wprintw(bottom_window, "%s", app);
1017
redrawwin(main_window);
1018
wnoutrefresh(main_window);
1019
wnoutrefresh(bottom_window);
1021
wnoutrefresh(data_source_win);
1022
wnoutrefresh(data_dest_win);
1025
if (Options.hexview)
1028
Options.hexview = 0;
1031
Interface_Sniff_Data_View(view); // default view
1033
#if defined(HAVE_SYS_POLL_H) || defined(HAVE_POLL_H)
1035
poll_fd.events = POLLIN;
1037
memset(&TimeOut, 0, sizeof(TimeOut)); // timeout = 0
1041
current_illithid_data.proto = proto;
1042
current_illithid_data.source_port = portsource;
1043
current_illithid_data.dest_port = portdest;
1045
if (inet_aton(ipsource, &addr))
1046
current_illithid_data.source_ip = ntohl(addr.s_addr);
1047
if (inet_aton(ipdest, &addr))
1048
current_illithid_data.dest_ip = ntohl(addr.s_addr);
1050
if (!Options.buflen) Buffer_Flush(pipe_with_illithid_data);
1054
Interface_Sniff_Data_SniffData();
1056
#ifdef PERMIT_PLUGINS
1057
Interface_Plugins_PluginOutput();
1060
#if defined(HAVE_SYS_POLL_H) || defined(HAVE_POLL_H)
1061
poll(&poll_fd, 1, 1);
1062
if (poll_fd.revents & POLLIN)
1065
select(FOPEN_MAX, &msk_fd, (fd_set *) 0, (fd_set *) 0, &TimeOut);
1066
if (FD_ISSET(0, &msk_fd))
1070
#ifdef PERMIT_PLUGINS
1071
Interface_Plugins_HidePluginOutput();
1074
KeyPress = wgetch(main_window);
1079
Interface_Sniff_Data_Scroll( +1 );
1083
Interface_Sniff_Data_Scroll( -1 );
1087
Interface_Sniff_Data_Scroll( W_MAINY2-10 ); //PGDOWN
1091
Interface_Sniff_Data_Scroll( -(W_MAINY2-10) ); //PGUP
1096
Interface_Sniff_Data_LogToFile(proto);
1097
Interface_Sniff_Data_Reset();
1102
Interface_Sniff_Data_View(ASCII_VIEW);
1103
Interface_Sniff_Data_Reset();
1108
Interface_Sniff_Data_View(HEX_VIEW);
1109
Interface_Sniff_Data_Reset();
1114
Interface_Sniff_Data_View(TEXT_VIEW);
1115
Interface_Sniff_Data_Reset();
1120
Interface_Sniff_Data_View(JOINED_VIEW);
1121
Interface_Sniff_Data_Reset();
1126
Interface_Sniff_Data_View(EBCDIC_VIEW);
1127
Interface_Sniff_Data_Reset();
1132
Interface_Sniff_Data_StopCont();
1137
if ( mode == ARPBASED )
1139
if (strstr(app, "ssh") || strstr(app, "SSH") || strstr(app, "HTTPS"))
1141
Interface_PopUp("You CAN'T inject in a crypted connection !!");
1142
Interface_Sniff_Data_Redraw();
1145
Interface_Sniff_Data_Inject(proto, app);
1149
Interface_PopUp("Characters injection is only supported in ARP Based mode !!");
1150
Interface_Sniff_Data_Redraw();
1156
Interface_Inject_SetFilter(mode);
1157
Interface_Sniff_Data_Redraw();
1162
Interface_Sniff_Data_Kill(proto);
1163
Interface_Sniff_Data_Redraw();
1167
Interface_Sniff_Data_KeyTab();
1170
case KEY_CTRL_L: // CTRL+L refresh the screen
1171
Interface_Sniff_Data_Redraw();
1174
#ifdef PERMIT_PLUGINS
1177
Interface_Plugins_Run();
1178
Interface_Sniff_Data_Redraw();
1183
Interface_Sniff_Data_Bind(proto, ipsource, ipdest);
1184
Interface_Sniff_Data_Redraw();
1190
static char *help[] = {
1191
"[qQ][F10] - quit (and stop sniffing)",
1192
"[tab] - switch between windows",
1193
"[pgUp] - scroll back (as well as UpArrow)",
1194
"[pgDw] - scroll forward (as well as DownArrow)",
1195
"[iI] - inject characters in the connection",
1196
"[fF] - set/edit filters chains",
1197
#ifdef PERMIT_PLUGINS
1198
"[pP] - run a plugin",
1200
"[kK] - kill the connection (be careful !)",
1201
"[aA] - ASCII view",
1203
"[tT] - TEXT (readable chars) only view",
1204
"[eE] - EBCDIC view",
1205
"[jJ] - join the two windows",
1206
"[sS] - stop/cont the sniff (only visualization)",
1207
"[lL] - Log to file",
1208
"[bB] - Bind the sniffed data to a port",
1210
Interface_HelpWindow(help);
1212
Interface_Sniff_Data_Redraw();
1218
if (log_dest) fclose(file_dest);
1219
if (log_source) fclose(file_source);
1220
if (log_joined) fclose(file_joined);
1221
if (Binder_pid) ECThread_destroy(Binder_pid);
1223
log_dest = log_source = log_joined = 0;
1225
inject_tod=0; inject_tos=0; // reset counter
1226
delwin(data_source_win);
1227
data_source_win = NULL; // for winching (see ec_signal.c)
1228
wbkgdset(bottom_window, COLOR_PAIR(BOTTOM_COLOR));
1229
wmove(top_window, 2, 55);
1230
whline(top_window, ' ', 20);
1233
delwin(data_joined_win);
1234
delwin(data_joined);
1237
delwin(data_dest_win);
1238
delwin(data_source);
1240
werase(bottom_window);
1241
wnoutrefresh(top_window);
1242
wnoutrefresh(bottom_window);
1243
wnoutrefresh(main_window);
1245
DEBUG_MSG("Interface_Sniff_Data_End");
1261
// vim:ts=3:expandtab
added
removed
src/interface/ncurses/ec_interface_sniff_data.c
