ettercap-common 1:0.8.2-2build1 / usr / share / ettercap / lua / scripts / http_requests.lua

This file is indexed.

/usr/share/ettercap/lua/scripts/http_requests.lua is in ettercap-common 1:0.8.2-2build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
--
-- Created by Ryan Linn and Mike Ryan
-- Copyright (C) 2012 Trustwave Holdings, Inc.

description = "Script to show HTTP requsts";

local http = require("http")
local packet = require("packet")
local bin = require("bit")

hook_point = http.hook 

packetrule = function(packet_object)

   -- If this isn't a tcp packet, it's not really a HTTP request
   -- since we're hooked in the HTTP dissector, we can assume that this
   -- should never fail, but it's a good sanity check
  if packet.is_tcp(packet_object) == false then
    return false
  end

  return true
end



-- Here's your action.
action = function(packet_object) 
   local p = packet_object
   
   -- Parse the http data into an HTTP object
   local hobj = http.parse_http(p)

   -- If there's no http object, get out
   if hobj == nil then
      return
   end

   -- Get out session key for tracking req->reply pairs
   local session_id = http.session_id(p,hobj)

   -- If we can't track sessions, this won't work, get out
   if session_id == nil then
      return
   end

   -- We have a session, lets get our registry space
   local reg = ettercap.reg.create_namespace(session_id)

   -- If it's a request, save the request to the registry
   -- We'll need this for the response
   if hobj.request then 
      reg.request = hobj
   
   -- we have a response object, let't put the log together
   elseif hobj.response then

      -- If we haven't seen the request, we don't have anything to share
      if not reg.request then
         return
      end

      -- Get the status code
      local code = hobj.status_code

      -- Build the request URL

      -- If we have a 2XX or 4XX or 5XX code, we won't need to log redirect
      -- so just log the request and code
      if code >= 200 and code < 300 or code >= 400 then
         ettercap.log("HTTP_REQ: %s:%d -> %s:%d %s %s %d (%s)\n",
            packet.dst_ip(p),
            packet.dst_port(p), 
            packet.src_ip(p), 
            packet.src_port(p), 
            reg.request.verb ,reg.request.url , hobj.status_code, hobj.status_msg)

      -- These codes require redirect, so log the redirect as well 
      elseif code >= 300 and code <= 303 then
         local redir = ""

         -- Get the redirect location
         if hobj.headers["Location"] then
            redir = hobj.headers["Location"]
         end

         -- Log the request/response with the redirect
         ettercap.log("HTTP_REQ: %s:%d -> %s:%d %s %s -> %s  %d (%s)\n",
            packet.dst_ip(p),
            packet.dst_port(p), 
            packet.src_ip(p), 
            packet.src_port(p), 
            reg.request.verb ,reg.request.url, redir, hobj.status_code, hobj.status_msg)
      end

   end
end

APT Browse - Built by Thomas Orozco.