Class: Rex::Post::Meterpreter::Extensions::Sniffer::Sniffer
- Inherits:
-
Rex::Post::Meterpreter::Extension
- Object
- Rex::Post::Meterpreter::Extension
- Rex::Post::Meterpreter::Extensions::Sniffer::Sniffer
- Defined in:
- lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
Overview
This meterpreter extension can be used to capture remote traffic
Instance Attribute Summary
Attributes inherited from Rex::Post::Meterpreter::Extension
Instance Method Summary collapse
-
#capture_dump(intf) ⇒ Object
Buffer the current capture to a readable buffer.
-
#capture_dump_read(intf, len = 16384) ⇒ Object
Retrieve the packet data for the specified capture.
-
#capture_release(intf) ⇒ Object
Release packets from a current capture.
-
#capture_start(intf, maxp = 200000, filter = "") ⇒ Object
Start a packet capture on an opened interface.
-
#capture_stats(intf) ⇒ Object
Retrieve stats about a current capture.
-
#capture_stop(intf) ⇒ Object
Stop an active packet capture.
-
#initialize(client) ⇒ Sniffer
constructor
A new instance of Sniffer.
-
#interfaces ⇒ Object
Enumerate the remote sniffable interfaces.
Constructor Details
#initialize(client) ⇒ Sniffer
Returns a new instance of Sniffer.
20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 20 def initialize(client) super(client, 'sniffer') client.register_extension_aliases( [ { 'name' => 'sniffer', 'ext' => self }, ]) end |
Instance Method Details
#capture_dump(intf) ⇒ Object
Buffer the current capture to a readable buffer
92 93 94 95 96 97 98 99 100 101 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 92 def capture_dump(intf) request = Packet.create_request('sniffer_capture_dump') request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i) response = client.send_request(request, 3600) { :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT), :bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT), :linktype => response.get_tlv_value(TLV_TYPE_SNIFFER_INTERFACE_ID) || 1, } end |
#capture_dump_read(intf, len = 16384) ⇒ Object
Retrieve the packet data for the specified capture
104 105 106 107 108 109 110 111 112 113 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 104 def capture_dump_read(intf, len=16384) request = Packet.create_request('sniffer_capture_dump_read') request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i) request.add_tlv(TLV_TYPE_SNIFFER_BYTE_COUNT, len.to_i) response = client.send_request(request, 3600) { :bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT), :data => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET) } end |
#capture_release(intf) ⇒ Object
Release packets from a current capture
81 82 83 84 85 86 87 88 89 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 81 def capture_release(intf) request = Packet.create_request('sniffer_capture_release') request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i) response = client.send_request(request) { :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT), :bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT), } end |
#capture_start(intf, maxp = 200000, filter = "") ⇒ Object
Start a packet capture on an opened interface
50 51 52 53 54 55 56 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 50 def capture_start(intf,maxp=200000,filter="") request = Packet.create_request('sniffer_capture_start') request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i) request.add_tlv(TLV_TYPE_SNIFFER_PACKET_COUNT, maxp.to_i) request.add_tlv(TLV_TYPE_SNIFFER_ADDITIONAL_FILTER, filter) if filter.length > 0 response = client.send_request(request) end |
#capture_stats(intf) ⇒ Object
Retrieve stats about a current capture
70 71 72 73 74 75 76 77 78 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 70 def capture_stats(intf) request = Packet.create_request('sniffer_capture_stats') request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i) response = client.send_request(request) { :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT), :bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT), } end |
#capture_stop(intf) ⇒ Object
Stop an active packet capture
59 60 61 62 63 64 65 66 67 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 59 def capture_stop(intf) request = Packet.create_request('sniffer_capture_stop') request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i) response = client.send_request(request) { :packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT), :bytes => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT), } end |
#interfaces ⇒ Object
Enumerate the remote sniffable interfaces
34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb', line 34 def interfaces() ifaces = [] ifacei = 0 request = Packet.create_request('sniffer_interfaces') response = client.send_request(request) response.each(TLV_TYPE_SNIFFER_INTERFACES) { |p| vals = p.tlvs.map{|x| x.value } iface = { } ikeys = %W{idx name description type mtu wireless usable dhcp} ikeys.each_index { |i| iface[ikeys[i]] = vals[i] } ifaces << iface } return ifaces end |