Class: BetterCap::Parsers::Rlogin

Inherits:
Base
  • Object
show all
Defined in:
lib/bettercap/sniffer/parsers/rlogin.rb

Overview

BSD rlogin authentication parser.

Instance Method Summary collapse

Methods inherited from Base

available, from_cmdline, inherited, load_by_names, load_custom

Constructor Details

#initializeRlogin

Returns a new instance of Rlogin.


17
18
19
# File 'lib/bettercap/sniffer/parsers/rlogin.rb', line 17

def initialize
  @name = 'RLOGIN'
end

Instance Method Details

#on_packet(pkt) ⇒ Object


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/bettercap/sniffer/parsers/rlogin.rb', line 20

def on_packet( pkt )
  begin
    if pkt.tcp_dst == 513
      # rlogin packet data = 0x00[client-username]0x00<server-username>0x00<terminal/speed>0x00

      # if client username, server username and terminal/speed were supplied...
      # regex starts at client username as the first null byte is stripped from pkt.payload.to_s
      if pkt.payload.to_s =~ /\A([a-z0-9_-]+)\x00([a-z0-9_-]+)\x00([a-z0-9_-]+\/[0-9]+)\x00\Z/i
        client_user = $1
        server_user = $2
        terminal = $3
        StreamLogger.log_raw( pkt, @name, "client-username=#{client_user} server-username=#{server_user} terminal=#{terminal}" )
      # else, if only server username and terminal/speed were supplied...
      # regex starts at 0x00 as the first null byte is stripped from pkt.payload.to_s and the client username is empty
      elsif pkt.payload.to_s =~ /\A\x00([a-z0-9_-]+)\x00([a-z0-9_-]+\/[0-9]+)\x00\Z/i
        server_user = $1
        terminal = $2
        StreamLogger.log_raw( pkt, @name, "server-username=#{server_user} terminal=#{terminal}" )
      end
    end
  rescue
  end
end