diff options
Diffstat (limited to 'packages/msn-cap/files/msn-cap.c')
-rw-r--r-- | packages/msn-cap/files/msn-cap.c | 315 |
1 files changed, 315 insertions, 0 deletions
diff --git a/packages/msn-cap/files/msn-cap.c b/packages/msn-cap/files/msn-cap.c new file mode 100644 index 0000000000..871859d6e1 --- /dev/null +++ b/packages/msn-cap/files/msn-cap.c @@ -0,0 +1,315 @@ +/* MSN CAPTURE is a software which capture packets of msn protocol and show to user in */ +/* a good format to see the important things in networks with hubs or switched (arpspoof). */ +/* This program use libpcap. */ +/* HOW TO USE: */ +/* YOU MUST BE ROOT !!!! */ +/* root@slack:/home/gabriel/pcap# gcc msn-cap.c -o msn-cap -lpcap */ +/* root@slack:/home/gabriel/pcap# msn-cap -n billgates@msn.com */ +/* ------------------------------------------------------------------------------------- */ +/* billgates@msn.com <10.6.6.6> talk to steve_ballmer@hotmail.com <10.6.6.24> and says: */ +/* how do you want destroy gpl??? */ +/* --------------------------------------------------------------------------------------- */ +/* ------------------------------------------------------------------------------------- */ +/* steve_ballmer@hotmail.com <10.6.6.24> talk to billgates@msn.com <10.6.6.6> and says: */ +/* a pact with devil is very good!!! */ +/* --------------------------------------------------------------------------------------- */ +/* ------------------------------------------------------------------------------------- */ +/* billgates@msn.com <10.6.6.6> talk to steve_ballmer@hotmail.com <10.6.6.24> and says: */ +/* but i already sold my soul to him... */ +/* --------------------------------------------------------------------------------------- */ +/* ------------------------------------------------------------------------------------- */ +/* steve_ballmer@hotmail.com <10.6.6.24> talk to billgates@msn.com <10.6.6.6> and says: */ +/* shit... */ +/* --------------------------------------------------------------------------------------- */ +/* */ +/* You need to get a few of packets to take some nicks, because this program works with lists and */ +/* take it when a packet of type "TypingUser" comes and it associates the nick with the IP to form */ +/* the structures. It is very fast!!!! In case appear a "Unknown User" in the place of original user*/ +/* , is question of time to get the real user. MUCH LITTLE TIME !!! */ +/* */ +/* Tested on Linux SlackWare 10.1 - 2.6.13 */ +/* */ +/* */ +/* */ +/* More about the use of program is below... */ +/* */ +/* Valew EccJr e a galera do SoftwareUpdateOnTheFuckers... */ +/* Created by Gabriel Menezes Nunes < dragao_branco > */ +/* UNESP -- IBILCE */ +/* */ + + + + + +#define __USE_BSD +#include <stdio.h> +#include <pcap.h> +#define __FAVOR_BSD +#include <netinet/tcp.h> +#include <netinet/ip.h> +#include <netinet/ip.h> +#include <netinet/udp.h> +#include <netinet/if_ether.h> +#include <unistd.h> + + + +struct user { + char ip[16]; + char nick[200]; + struct user *prox; +} *l; +char nick1[200], nick2[200], filename[200]; +int exclusive = 0, activate = 0; +FILE *fd; + +char *get_my_nick(struct user *l, char *ip); +void callfunc (u_char *args, const struct pcap_pkthdr *header, const u_char *packet); +void print_msg(char *msg, char *nick_src, char *nick_dst, char *ip_src, char *ip_dst); +void get_msg(u_char *payload, char *msg, int cont); +void get_nick(u_char *payload, char *nick); +struct user *insert(struct user *l, char *nick, char *ip); + +void callfunc (u_char *args, const struct pcap_pkthdr *header, const u_char *packet){ + struct ether_header *ethernet; + struct ip *ip; + struct tcphdr *tcp; + struct udphdr *udp; + int i = 0, k = 0, s1, len; + char ascii[1024], nick[200], ip_dst[16], ip_src[16], teste[200], nick_src[200], nick_dst[200], *asc; + char *payload, buffer[100], type[100], msg[200]; + ethernet = (struct ether_header*)(packet); + ip = (struct ip*)(packet + sizeof(struct ether_header)); + tcp = (struct tcphdr*)(packet + sizeof(struct ether_header) + sizeof(struct ip)); + payload = (char *)(packet + sizeof(struct ether_header) + sizeof(struct ip) + sizeof(struct tcphdr)); + len = (ntohs(ip->ip_len)) - 40; + asc = ascii; + while(--len >= 0 && k++ < 1022){ + s1 = *payload++; + if(s1 == '\r'){ + *asc++ = '\r'; + continue; + } + *(asc++) = (isgraph(s1) ? s1 : ' '); + } + *asc = '\0'; + if((strstr(ascii, "msmsgscontrol"))){ + get_nick(ascii, nick); + strcpy(ip_src, (char*)inet_ntoa(ip->ip_src)); + l = insert(l, nick, ip_src); + } + + if((strstr(ascii, "plain")) && strstr(ascii, "MSG")) { + + get_msg(ascii, msg, 5); + strcpy(ip_src, (char*)inet_ntoa(ip->ip_src)); + strcpy(ip_dst, (char*)inet_ntoa(ip->ip_dst)); + strncpy(nick_src, get_my_nick(l, ip_src), 199); + strncpy(nick_dst, get_my_nick(l, ip_dst), 199); + if(activate) + print_msg(msg, nick_src, nick_dst, ip_src, ip_dst); + if((!nick1[0]) && (!nick2[0])) + print_msg(msg, nick_src, nick_dst, ip_src, ip_dst); + if((nick1[0]) && (nick2[0])){ + if(!exclusive){ + if((!(strcmp(nick_src, nick1))) || (!(strcmp(nick_src, nick2))) || (!(strcmp(nick_dst, nick2))) || (!(strcmp(nick_dst, nick1)))) + print_msg(msg, nick_src, nick_dst, ip_src, ip_dst); + } + if(exclusive){ + if(((!(strcmp(nick_src, nick1))) && (!(strcmp(nick_dst, nick2)))) || ((!(strcmp(nick_src, nick2))) && (!(strcmp(nick_dst, nick1)))) ) + print_msg(msg, nick_src, nick_dst, ip_src, ip_dst); + } + } + if((nick1[0]) && (!nick2[0])){ + if((!(strcmp(nick_src, nick1))) || (!(strcmp(nick_dst, nick1)))) + print_msg(msg, nick_src, nick_dst, ip_src, ip_dst); + } + if((!nick1[0]) && (nick2[0])){ + if((!(strcmp(nick_src, nick2))) || (!(strcmp(nick_dst, nick2)))) + print_msg(msg, nick_src, nick_dst, ip_src, ip_dst); + } + } +} +main(int argc, char **argv){ + char *dev, errbuf[PCAP_ERRBUF_SIZE] , ip1[200], ip2[200], buffer[200], filter_app[200] = "(port 1863)"; + pcap_t *man; + struct bpf_program filter; + unsigned char packet[65535]; + bpf_u_int32 mask, net; + int control; + memset(nick1, '\0', sizeof(nick1)); + memset(nick2, '\0', sizeof(nick2)); + memset(ip1, '\0', sizeof(ip1)); + memset(ip2, '\0', sizeof(ip2)); + memset(filename, '\0', sizeof(filename)); + if(argc < 2){ + printf("---------------------------------------------------------------------------------------------\n"); + printf("\t\t\tMSN CAPTURE by < dragao_branco >\n\n"); + printf("You MUST be ROOT\n"); + printf("%s -a [0 or 1] -n [nick1] -m [nick2] -i [IP1] -y [IP2] -x [0 or 1] -f [filename]\n\n", argv[0]); + printf("-a --> ALL PACKETS!!!\n"); + printf("-x --> eXclusive\n"); + printf("-f --> filename to log the packets\n"); + printf("Choose 0 or 1 to activate or not the capture of ALL packets and the eXclusive mode\n"); + printf("You can choose one or two nicks to capture\n"); + printf("The same thing can be done with IPS\n"); + printf("Whether you choose the '-x' option, just the IPs or nicks (or both) will be capture\n"); + printf("Or you capture everything in your lan!!!\n"); + printf("Ex: %s -n smallville@hotmail.com\n", argv[0]); + printf("You will capture packets from/to this nick\n"); + printf("Ex: %s -n smallville@hotmail.com -m lex_luthor@msn.com\n", argv[0]); + printf("Will capture packets from/to this nicks\n"); + printf("Ex: %s -n smallville@hotmail.com -m lex_luthor@msn.com -x 1\n", argv[0]); + printf("Will capture packets ONLY between this nicks\n"); + printf("The same thing can be done with IPs\n"); + printf("---------------------------------------------------------------------------------------------\n"); + exit(-1); + } + while ((control = getopt(argc, argv, "n:m:i:y:x:a:f:")) != -1){ + switch(control){ + case 'n': strncpy(nick1, optarg, 199); + break; + case 'm': strncpy(nick2, optarg, 199); + break; + case 'i': strncpy(ip1, optarg, 199); + break; + case 'y': strncpy(ip2, optarg, 199); + break; + case 'x': exclusive = atoi(optarg); + break; + case 'a': activate = atoi(optarg); + break; + case 'f': strncpy(filename, optarg, 199); + fd = fopen(filename, "w"); + break; + } + } + if(activate){ + memset(nick1, '\0', sizeof(nick1)); + memset(nick2, '\0', sizeof(nick2)); + memset(ip1, '\0', sizeof(ip1)); + memset(ip2, '\0', sizeof(ip2)); + } + if(ip1[0] != '\0' && ip2[0] != '\0'){ + if(!exclusive) + sprintf(buffer, " and (host %s or host %s)", ip1, ip2); + else + sprintf(buffer, " and (host %s and host %s)", ip1, ip2); + strncat(filter_app, buffer, strlen(buffer)); + } + if(ip1[0] == '\0' && ip2[0] != '\0'){ + sprintf(buffer, " and host %s", ip2); + strncat(filter_app, buffer, strlen(buffer)); + } + if(ip1[0] != '\0' && ip2[0] == '\0'){ + sprintf(buffer, " and host %s", ip1); + strncat(filter_app, buffer, strlen(buffer)); + } + printf("Using the rule: %s\n", filter_app); + if(filename[0]) + printf("Save data in %s\n", filename); + dev = pcap_lookupdev(errbuf); + pcap_lookupnet(dev, &net, &mask, errbuf); + man = pcap_open_live(dev, BUFSIZ, 1, 0, errbuf); + pcap_compile(man, &filter, filter_app, 0, net); + pcap_setfilter(man, &filter); + pcap_loop(man, 1000000, callfunc, NULL); +} + + +void get_nick(u_char *payload, char *nick){ + int i, k = 0; + u_char *p = payload; + for(i = 0; i < 3; i++){ + while(*p != '\r') + p++; + p++;p++; + } + while(*p != ':') + p++; + p++;p++; + while(*p != '\r' && k++ < 199) + *nick++ = *p++; + *nick = '\0'; +} + +struct user *insert(struct user *l, char *nick, char *ip){ + struct user *q = l; + struct user *p = (struct user*)malloc(sizeof(struct user)); + if(!l){ + strncpy(p->nick, nick, 199); + strncpy(p->ip, ip, 15); + p->prox = NULL; + return p; + } + while(q){ + if(!(strcmp(q->ip, ip))){ + strncpy(q->nick, nick, 199); + break; + } + q = q->prox; + } + if(!q){ + strncpy(p->nick, nick, 199); + strncpy(p->ip, ip, 15); + p->prox = l; + return p; + } + return l; +} + +char *get_my_nick(struct user *l, char *ip){ + struct user *p = l; + while(p){ + if(!(strcmp(p->ip, ip)))//{ + return p->nick; + //} + p = p->prox; + } + return "Unknown User"; +} + +void get_msg(u_char *payload, char *msg, int cont){ + u_char *p = payload; + memset(msg, '\0', sizeof(msg)); + int i, j = 0; + for(i = 0; i < cont; i++){ + while(*p != '\r') + p++; + p++; p++; + } + if(cont == 2){ + strncpy(msg, p, 24); + msg[25] = '\0'; + } + if(cont == 5){ + while(*p && j++ < 1020) + *msg++ = *p++; + *msg = '\0'; + } +} +void print_msg(char *msg, char *nick_src, char *nick_dst, char *ip_src, char *ip_dst){ +if(!filename[0]){ + printf("-----------------------------------------------------------------------------------------------\n"); + + printf("%s <%s> talk to %s <%s> and says:\n", nick_src, ip_src, nick_dst, ip_dst); + + printf("%s\n", msg); + + printf("-----------------------------------------------------------------------------------------------\n"); +} +else { + fprintf(fd, "-----------------------------------------------------------------------------------------------\n"); + + fprintf(fd, "%s <%s> talk to %s <%s> and says:\n", nick_src, ip_src, nick_dst, ip_dst); + + fprintf(fd, "%s\n", msg); + + fprintf(fd, "-----------------------------------------------------------------------------------------------\n"); + fflush(fd); +} +} + + + |