From 130883fac8c6d0f74b9a3966fc818955e5fe99de Mon Sep 17 00:00:00 2001 From: Biandratti Date: Sun, 15 Sep 2024 20:29:21 +0200 Subject: [PATCH] rename packages --- src/fingerprint_http.rs | 121 ++++++++++++++++------------------------ src/main.rs | 10 ++-- 2 files changed, 52 insertions(+), 79 deletions(-) diff --git a/src/fingerprint_http.rs b/src/fingerprint_http.rs index b51895a..67a42bd 100644 --- a/src/fingerprint_http.rs +++ b/src/fingerprint_http.rs @@ -1,87 +1,60 @@ +use pnet::packet::ethernet::{EtherTypes, EthernetPacket}; +use pnet::packet::ipv4::Ipv4Packet; use pnet::packet::{ipv6::Ipv6Packet, tcp::TcpPacket, Packet}; -use regex::Regex; -use std::net::Ipv6Addr; -pub fn process_packet(packet: &[u8]) { - if let Some(ipv6_packet) = Ipv6Packet::new(packet) { - let client_ip = ipv6_packet.get_source(); - let server_ip = ipv6_packet.get_destination(); - - if let Some(tcp_packet) = TcpPacket::new(ipv6_packet.payload()) { - let client_port = tcp_packet.get_source(); - let server_port = tcp_packet.get_destination(); - let payload = tcp_packet.payload(); - - process_http_payload(payload, client_ip, client_port, server_ip, server_port); +pub fn handle_ethernet_packet(packet: EthernetPacket) { + match packet.get_ethertype() { + EtherTypes::Ipv4 => { + let ipv4_packet = Ipv4Packet::new(packet.payload()).unwrap(); + if ipv4_packet.get_next_level_protocol() == pnet::packet::ip::IpNextHeaderProtocols::Tcp + { + handle_ipv4_packet(ipv4_packet); + } + } + EtherTypes::Ipv6 => { + let ipv6_packet = Ipv6Packet::new(packet.payload()).unwrap(); + if ipv6_packet.get_next_header() == pnet::packet::ip::IpNextHeaderProtocols::Tcp { + handle_ipv6_packet(ipv6_packet); + } } + _ => {} } } -fn process_http_payload( - payload: &[u8], - client_ip: Ipv6Addr, - client_port: u16, - server_ip: Ipv6Addr, - server_port: u16, -) { - let payload_str = match std::str::from_utf8(payload) { - Ok(v) => v, - Err(_) => return, // Not valid UTF-8, skip processing - }; - log_http_signature(client_ip, client_port, server_ip, server_port, payload_str); -} - -fn log_http_signature( - client_ip: Ipv6Addr, - client_port: u16, - server_ip: Ipv6Addr, - server_port: u16, - headers: &str, -) { - let user_agent = extract_user_agent(headers).unwrap_or("Unknown".to_string()); - let os = detect_os_from_user_agent(&user_agent); +fn handle_ipv4_packet(packet: Ipv4Packet) { + let tcp_packet = TcpPacket::new(packet.payload()).unwrap(); println!( - ".-[ {}/{} -> {}/{} ]-", - client_ip, client_port, server_ip, server_port + "TCP Packet IPV4 from {}:{} to {}:{}", + packet.get_source(), + tcp_packet.get_source(), + packet.get_destination(), + tcp_packet.get_destination() ); - println!("|"); - println!("| client = {}/{}", client_ip, client_port); - println!("| headers = {}", headers); - println!("| raw_sig = {}", extract_raw_signature(headers)); - println!("| os = {}", os); - println!("|"); - println!("`----"); -} - -fn extract_raw_signature(headers: &str) -> String { - headers.to_string() -} -fn extract_user_agent(payload: &str) -> Option { - // Basic regex to find User-Agent - let re = Regex::new(r"(?i)User-Agent: (.+)").unwrap(); - re.captures(payload).map(|caps| { - caps.get(1) - .map_or("Unknown".to_string(), |m| m.as_str().to_string()) - }) + // Access TCP-specific fields + println!("Sequence number: {}", tcp_packet.get_sequence()); + println!( + "Acknowledgment number: {}", + tcp_packet.get_acknowledgement() + ); + println!("Flags: {:?}", tcp_packet.get_flags()); } -fn detect_os_from_user_agent(user_agent: &str) -> String { - // Define patterns and corresponding OS names - let os_patterns = vec![ - (r"Windows NT 10\.0", "Windows 10"), - (r"Windows NT 6\.3", "Windows 8.1"), - (r"Macintosh; Intel Mac OS X", "Mac OS X"), - (r"Android", "Android"), - (r"Linux", "Linux"), - // Add more patterns as needed - ]; - - for (pattern, os_name) in os_patterns { - if user_agent.contains(pattern) { - return os_name.to_string(); - } - } +fn handle_ipv6_packet(packet: Ipv6Packet) { + let tcp_packet = TcpPacket::new(packet.payload()).unwrap(); + println!( + "TCP Packet IPV6 from {}:{} to {}:{}", + packet.get_source(), + tcp_packet.get_source(), + packet.get_destination(), + tcp_packet.get_destination() + ); - "Unknown".to_string() + // Access TCP-specific fields + println!("Sequence number: {}", tcp_packet.get_sequence()); + println!( + "Acknowledgment number: {}", + tcp_packet.get_acknowledgement() + ); + println!("Flags: {:?}", tcp_packet.get_flags()); } diff --git a/src/main.rs b/src/main.rs index 729ae80..cc5fd49 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,7 +1,8 @@ mod fingerprint_http; use clap::Parser; -use fingerprint_http::process_packet; +use fingerprint_http::handle_ethernet_packet; use pnet::datalink::{self, Channel::Ethernet, Config, NetworkInterface}; +use pnet::packet::ethernet::EthernetPacket; #[derive(Parser, Debug)] #[command(version, about, long_about = None)] @@ -34,11 +35,10 @@ fn main() { loop { match rx.next() { Ok(packet) => { - process_packet(packet); - } - Err(_) => { - eprintln!("Failed to capture packet"); + let ethernet_packet = EthernetPacket::new(packet).unwrap(); + handle_ethernet_packet(ethernet_packet); } + Err(e) => eprintln!("Failed to read: {}", e), } } }