Class: BetterCap::Parsers::Https

Inherits:
Base
  • Object
show all
Defined in:
lib/bettercap/sniffer/parsers/https.rb

Overview

HTTPS connections parser.

Constant Summary collapse

@@prev = 
nil
@@lock = 
Mutex.new

Instance Method Summary collapse

Methods inherited from Base

available, from_cmdline, from_exclusion_list, inherited, #initialize, load_by_names, load_custom, #match_port?

Constructor Details

This class inherits a constructor from BetterCap::Parsers::Base

Instance Method Details

#on_packet(pkt) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/bettercap/sniffer/parsers/https.rb', line 21

def on_packet( pkt )
  # poor man's TLS Client Hello with SNI extension parser :P
  if pkt.respond_to?(:tcp_dst) and \
    pkt.payload[0] == "\x16" and \
    pkt.payload[1] == "\x03" and \
    pkt.payload =~ /\x00\x00.{4}\x00.{2}([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,6})\x00/
    hostname = $1
    if pkt.tcp_dst != 443
      hostname += ":#{pkt.tcp_dst}"
    end

    @@lock.synchronize {
      if @@prev.nil? or @@prev != hostname
        StreamLogger.log_raw( pkt, 'HTTPS', "https://#{hostname}/" )
        @@prev = hostname
      end
    }
  end
rescue
end