Chinaunix首页 | 论坛 | 博客
  • 博客访问: 5361722
  • 博文数量: 1144
  • 博客积分: 11974
  • 博客等级: 上将
  • 技术积分: 12312
  • 用 户 组: 普通用户
  • 注册时间: 2005-04-13 20:06
文章存档

2017年(2)

2016年(14)

2015年(10)

2014年(28)

2013年(23)

2012年(29)

2011年(53)

2010年(86)

2009年(83)

2008年(43)

2007年(153)

2006年(575)

2005年(45)

分类: LINUX

2009-12-02 13:53:28

#!/usr/bin/perl -w
# quick dirty msn sniffer
#
# $Id: msndump.pl,v 1.4 2004/11/18 11:52:41 meh Exp $

# you need Net::Pcap and Net::Packet
# use cpan or get manually
#
#

my $filter = 'tcp and port 1863';

# no modify below
use Getopt::Std;
use Net::Pcap;
use NetPacket::IP qw (:strip);
use NetPacket::Ethernet qw (:strip);
use NetPacket::TCP;
use Fcntl;
$|=1;
my $flags |= O_NONBLOCK;

my %opts;
getopt("wicr",\%opts);
if ( (!($opts{i})) && (!($opts{r})) ) {
print "[ msndump - miscname.com ]\n Usage:\n\t-i rl0 || -r file.pcap\n\t-c X - capture X packets\n\t-w freshIMz.txt\n\t-v show all msn IM data\n\n";
exit;
}

if ((!$opts{r}) && ($> != '0')) {
die ("you need uid 0\n");
}

# trap sigs
$SIG{INT} = $SIG{TERM} = $SIG{HUP} = \&exitd;

# create pcap
my $pcap = &cap_pkt;
if (!($pcap)) {
die ("cant capture\n");
}

# open fh if -w set
if ($opts{w}) {
open (FILEOUT,">$opts{w}") || die ("cant open $opts{w} ($!)\n");
fcntl(FILEOUT, F_SETFL, $flags) or die ("couldn't set nonblock for $opts{w} ($!)\n");
}

# main capture
if (($opts{c}) && ($opts{c} =~ /(\d+)/)) {
print "stopping after $1 packets\n";
       Net::Pcap::loop($pcap, $1, \&proc_pkt, 0);
&exitd;
} else {
       Net::Pcap::loop($pcap, -1, \&proc_pkt, 0);
my %stats;
Net::Pcap::stats($pcap, \%stats);
unless ($opts{r}) {
print "saw $stats{ps_recv} packets, dropped $stats{ps_drop}\n";
}
}


# sub procs
sub exitd {
# free
Net::Pcap::close($pcap);
# close fh
if ($opts{w}) {
print "wrote $opts{w}.\n";
close FILEOUT;
}
}

sub cap_pkt {

my ($pcap,$dev,$err,$mask,$net,$filter2);
my $snaplen = 4096; # seen some big im's :(
my $promisc = 1; # promisc of course
my $timeout = 0; # timeout

# file.pcap?
if ($opts{r}) {
# open offline
$pcap = Net::Pcap::open_offline($opts{r}, \$err);
if (!($pcap)) {
die("error opening $opts{r} ($err)\n");
    } else {
print "reading from '$opts{r}'\n";
}
} else {
# set dev from cmdline
$dev = $opts{i};

# get netmask for filter
if ((Net::Pcap::lookupnet($dev, \$net, \$mask, \$err)) == -1 ) {
       die ("Net::Pcap::lookupnet failed ($err) for device '$dev'\n");
    }
   
# open it
$pcap = Net::Pcap::open_live($dev, $snaplen, $promisc, $timeout, \$err);
if (!($pcap)) {
die ("can't create packet fd ($err) on device '$dev'\n");
} else {
print "dumping on '$dev'\n";
}
}
  
# sanity check
if (!($pcap)) {
die ("sanity check failed - \$pcap null\n");
} elsif (!($mask)) {
$mask = '0'; # for open_offline
}

# make filter struct
if (Net::Pcap::compile($pcap, \$filter2, $filter, 1, $mask) != '0') {
die ("broken filter ($filter)\n");
}
# apply
Net::Pcap::setfilter($pcap, $filter2);

return $pcap;
}

sub proc_pkt {

my($user_data, $hdr, $pkt) = @_;
my ($user,$msg);

# get tcp section only from packet
my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt))); # stripping ip header makes =~ faster

# verbose shows all traf
if ($opts{v}) {
if (!($opts{w})) {
print "$tcp_obj->{data}\n";
} else {
print FILEOUT "$tcp_obj->{data}\n";
}
} elsif (($tcp_obj->{data} !~ /MSG/m) || ($tcp_obj->{data} =~ /P2P-Dest:/m)) {
# skip if its a message (or a p2p file transfer)
# if your reading this, include 'P2P-Dest:' in your message body to avoid sniffer ;)
;
} else {
# extract goodies
if ( $tcp_obj->{data} =~ /MSG (.*)\s|TypingUser: (.*)\s|P4-Context: (.*)\s/ ) {
$user = $1;
}
if ($tcp_obj->{data} =~ /X-MMS-IM-Format:\s\S*\s\S*\s\S*\s\S*\s\S*\s*(.*)/m) {
$msg = $1;
}
# display if we have both
if (($user) && ($msg)) {
if (!($opts{w})) {
print "\n----------------------------------------------------\n";
print "TIME: " . localtime($hdr->{tv_sec}) . "\n";
print "TO/FROM: $user\nMESSAGE:\n$msg\n";
} else {
print FILEOUT "\n----------------------------------------------------\n";
print FILEOUT "TIME: " . localtime($hdr->{tv_sec}) . "\n";
print FILEOUT "TO/FROM: $user\nMESSAGE: \n$msg\n\n";
}
}
}
}

#e0f
阅读(1069) | 评论(1) | 转发(0) |
给主人留下些什么吧!~~

chinaunix网友2009-12-07 13:28:38

msndump.pl # quick dirty msn sniffer 还是没说明是干嘛用的.