/usr/share/ettercap/lua/scripts/http_creds.lua is in ettercap-common 1:0.8.2-2build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | ---
--
-- Created by Ryan Linn and Mike Ryan
-- Copyright (C) 2012 Trustwave Holdings, Inc.
description = "Script to show HTTP requsts";
local http = require("http")
local packet = require("packet")
hook_point = http.hook
packetrule = function(packet_object)
-- If this isn't a tcp packet, it's not really a HTTP request
-- since we're hooked in the HTTP dissector, we can assume that this
-- should never fail, but it's a good sanity check
if packet.is_tcp(packet_object) == false then
return false
end
return true
end
-- Here's your action.
action = function(packet_object)
local p = packet_object
-- Parse the http data into an HTTP object
local hobj = http.parse_http(p)
-- If there's no http object, get out
if hobj == nil then
return
end
-- If it's a request, save the request to the registry
-- We'll need this for the response
if hobj.request then
if hobj.creds then
-- Log the request/response with the redirect
ettercap.log("HTTP_CREDS: %s:%d -> %s:%d %s %s [User:Pass = %s]\n",
packet.src_ip(p),
packet.src_port(p),
packet.dst_ip(p),
packet.dst_port(p),
hobj.verb ,hobj.url, hobj.creds)
end
end
end
|