#!/usr/bin/env pythonimport dpkt, sys, time, getoptfrom socket import inet_nt

1. #!/usr/bin/env python
2.  
3. import dpkt, sys, time, getopt
4. from socket import inet_ntoa
5.  
6. messages = []
7. msg_filter = None
8. sleep_time = 0
9. loop = False
10. output_file = None
11. capture_file = None
12.  
13. def parse_response(json):
14.  
15.     global messages
16.     global msg_filter
17.     global output_file
18.    
19.     # convert to object
20.     parsed_json = None
21.     try: parsed_json = eval(json)
22.     except: return
23.    
24.     # make sure it's a msg type response
25.     if parsed_json['t'] != 'msg': return
26.    
27.     # find the actual msg object
28.     for msg in parsed_json['ms']:
29.         try:
30.             if 'type' in msg and msg['type'] == 'msg':
31.                
32.                 #make sure this isn't a duplicate message
33.                 if msg['msg']['msgID'] in messages: continue
34.    
35.                 f_message = "%s > %s : %s" % (msg['from_name'],msg['to_name'],msg['msg']['text'])
36.                
37.                 # if there is a filter only find if it matches
38.                 if msg_filter != None:
39.                     for filt in msg_filter:
40.                         filt = filt.strip()
41.                         if len(filt) == 0: continue
42.                         if filt in f_message:
43.                             print f_message
44.                             if output_file: output_file.write(f_message + "\n")
45.                             break
46.                 else:
47.                     print f_message
48.                     if output_file: output_file.write(f_message + "\n")
49.    
50.                 messages.append(msg['msg']['msgID'])
51.         except: pass # parsing exception
52.  
53. def start_sniffer(capture_file):
54.    
55.     # patterns used for parsing out json
56.     start_pattern = 'for (;;);'
57.     end_pattern = '}]}'
58.     start_pattern_l = len(start_pattern)
59.     end_pattern_l = len(end_pattern)
60.  
61.     f = None
62.     pc = None
63.    
64.     # read the capture file
65.     try:
66.         f = open(capture_file, 'rb')
67.         pc = dpkt.pcap.Reader(f)
68.     except:
69.         print "unable to open: %s" % (capture_file)
70.         sys.exit() 
71.     try:
72.         for ts, buf in pc:
73.    
74.             data = None
75.             try:
76.                 # make sure it's the right type
77.                 eth = dpkt.ethernet.Ethernet(buf)
78.                 if eth.type != dpkt.ethernet.ETH_TYPE_IP: continue
79.                 ip = eth.data
80.                 if ip.p != dpkt.ip.IP_PROTO_TCP: continue
81.                 data = ip.data.data
82.             except: continue
83.  
84.             try:
85.                
86.                 # find the start of the json
87.                 start_pos = data.find(start_pattern)
88.                 if start_pos != -1: data = data[start_pos+start_pattern_l:]
89.                 else: continue
90.                
91.                 # find the end of the json
92.                 end_pos = data.find(end_pattern)
93.                 if end_pos != -1: data = data[:end_pos+end_pattern_l]
94.                 else: continue
95.  
96.                 parse_response(data)
97.                
98.             except: pass
99.         f.close()
100.        
101.     except KeyboardInterrupt:
102.         print "CTRL-C closing..."
103.         if output_file: output_file.close()
104.         f.close()
105.         sys.exit()
106.     except: pass
107.     f.close()
108.  
109. def usage():
110.     print "usage: fbsniff.py [OPTIONS] -c <pcap file>"
111.     print
112.     print "-c <pcap file>"
113.     print "-f <msg filter> (comma separated)"
114.     print "-s <sleep time> (use with -l)"
115.     print "-o <output file>"
116.     print "-l (keep looking for new messages)"
117.     print "-h (show this message)"
118.     print
119.    
120. def parse_argv():
121.  
122.     global msg_filter
123.     global sleep_time
124.     global output_file
125.     global capture_file
126.     global loop
127.    
128.     opts = None
129.     args = None
130.    
131.     try: opts, args = getopt.getopt(sys.argv[1:], "hlc:f:o:s:")
132.     except:
133.         usage()
134.         sys.exit()
135.    
136.     if len(args) != 0:
137.         print "Unknown argument(s):",
138.         for arg in args: print arg,
139.         print
140.         print
141.         usage()
142.         sys.exit()
143.        
144.     for opt in opts:
145.         if opt[0] == '-c': capture_file = opt[1]
146.         elif opt[0] == '-f': msg_filter = opt[1].split(",")
147.         elif opt[0] == '-o':
148.             try: output_file = open(opt[1], 'w')
149.             except:
150.                 print "could not open output file"
151.                 sys.exit()
152.         elif opt[0] == '-s':
153.             try:
154.                 sleep_time = int(opt[1])
155.             except:
156.                 print "invalid sleep time"
157.                 sys.exit()
158.         elif opt[0] == '-h':
159.             usage()
160.             sys.exit()
161.         elif opt[0] == '-l': loop = True
162.    
163.     if capture_file == None:
164.         usage()
165.         sys.exit()
166.  
167. if __name__ == '__main__':
168.  
169.     print
170.     print "Facebook Chat Sniffer v0.3 by SB91"
171.     print
172.    
173.     parse_argv()
174.    
175.     start_sniffer(capture_file)
176.    
177.     # loop if the flag is up
178.     while loop:
179.         time.sleep(sleep_time)
180.         start_sniffer(capture_file)
181.     print