Class: Rex::Post::Meterpreter::Extensions::Sniffer::Sniffer

Inherits:

Rex::Post::Meterpreter::Extension

• Object
• Rex::Post::Meterpreter::Extension
• Rex::Post::Meterpreter::Extensions::Sniffer::Sniffer

Defined in:

lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb

Overview

This meterpreter extension can be used to capture remote traffic

Instance Attribute Summary

Attributes inherited from Rex::Post::Meterpreter::Extension

#client, #name

Class Method Summary

• .extension_id ⇒ Object

Instance Method Summary

• #capture_dump(intf) ⇒ Object

  Buffer the current capture to a readable buffer.

• #capture_dump_read(intf, len = 16384) ⇒ Object

  Retrieve the packet data for the specified capture.

• #capture_release(intf) ⇒ Object

  Release packets from a current capture.

• #capture_start(intf, maxp = 200000, filter = "") ⇒ Object

  Start a packet capture on an opened interface.

• #capture_stats(intf) ⇒ Object

  Retrieve stats about a current capture.

• #capture_stop(intf) ⇒ Object

  Stop an active packet capture.

• #initialize(client) ⇒ Sniffer constructor

  A new instance of Sniffer.

• #interfaces ⇒ Object

  Enumerate the remote sniffable interfaces.

Constructor Details

#initialize(client) ⇒ Sniffer

Returns a new instance of Sniffer.

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 24

def initialize(client)
  super(client, 'sniffer')

  client.register_extension_aliases(
    [
      {
        'name' => 'sniffer',
        'ext'  => self
      },
    ])
end

Class Method Details

.extension_id ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 20

def self.extension_id
  EXTENSION_ID_SNIFFER
end

Instance Method Details

#capture_dump(intf) ⇒ Object

Buffer the current capture to a readable buffer

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 101

def capture_dump(intf)
  request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_DUMP)
  request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
  response = client.send_request(request, 3600)
  {
    :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT),
    :bytes   => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
    :linktype => response.get_tlv_value(TLV_TYPE_SNIFFER_INTERFACE_ID) || 1,
  }
end

#capture_dump_read(intf, len = 16384) ⇒ Object

Retrieve the packet data for the specified capture

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 113

def capture_dump_read(intf, len=16384)
  request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ)
  request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
  request.add_tlv(TLV_TYPE_SNIFFER_BYTE_COUNT, len.to_i)
  response = client.send_request(request, 3600)
  {
    :bytes   => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
    :data    => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET)
  }
end

#capture_release(intf) ⇒ Object

Release packets from a current capture

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 90

def capture_release(intf)
  request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_RELEASE)
  request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
  response = client.send_request(request)
  {
    :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT),
    :bytes   => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
  }
end

#capture_start(intf, maxp = 200000, filter = "") ⇒ Object

Start a packet capture on an opened interface

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 59

def capture_start(intf,maxp=200000,filter="")
  request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_START)
  request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
  request.add_tlv(TLV_TYPE_SNIFFER_PACKET_COUNT, maxp.to_i)
  request.add_tlv(TLV_TYPE_SNIFFER_ADDITIONAL_FILTER, filter) if filter.length > 0
  client.send_request(request)
end

#capture_stats(intf) ⇒ Object

Retrieve stats about a current capture

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 79

def capture_stats(intf)
  request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_STATS)
  request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
  response = client.send_request(request)
  {
    :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT),
    :bytes   => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
  }
end

#capture_stop(intf) ⇒ Object

Stop an active packet capture

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 68

def capture_stop(intf)
  request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_STOP)
  request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
  response = client.send_request(request)
  {
    :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT),
    :bytes   => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
  }
end

#interfaces ⇒ Object

Enumerate the remote sniffable interfaces

# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 38

def interfaces()
  ifaces = []
  request = Packet.create_request(COMMAND_ID_SNIFFER_INTERFACES)
  response = client.send_request(request)
  response.each(TLV_TYPE_SNIFFER_INTERFACES) { |p|
    vals  = p.tlvs.map{|x| x.value }
    iface = { }
    if vals.length == 8
      # Windows
      ikeys = %W{idx name description type mtu wireless usable dhcp}
    else
      # Mettle
      ikeys = %W{idx name description usable}
    end
    ikeys.each_index { |i| iface[ikeys[i]] = vals[i] }
    ifaces << iface
  }
  return ifaces
end