-
Notifications
You must be signed in to change notification settings - Fork 0
/
sniff.go
118 lines (99 loc) · 2.49 KB
/
sniff.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package main
import (
"net/http"
"regexp"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/unrolled/render"
)
var reUserAgent = regexp.MustCompile(`User-Agent: ([^\r\n]{1,600})`)
type DataHandler struct {
packets []*Packet
rend *render.Render
}
func NewDataHandler(iface string) (*DataHandler, error) {
dh := &DataHandler{}
dh.rend = render.New()
handle, err := pcap.OpenLive(iface, 262144, true, pcap.BlockForever)
if err != nil {
return nil, err
}
err = handle.SetBPFFilter("tcp and port 80")
if err != nil {
return nil, err
}
pktSrc := gopacket.NewPacketSource(handle, handle.LinkType())
go func() {
for packet := range pktSrc.Packets() {
dh.packets = append(dh.packets, NewPacket(packet))
}
}()
return dh, nil
}
func (dh *DataHandler) Handler() http.Handler {
m := http.NewServeMux()
m.HandleFunc("/data/dump", dh.serveData)
return m
}
func (dh *DataHandler) serveData(rw http.ResponseWriter, req *http.Request) {
dh.rend.JSON(rw, http.StatusOK, dh.packets)
}
type Packet struct {
IP struct {
Version uint8
IHL uint8
TOS uint8
Length uint16
Id uint16
Flags uint8
FragOffset uint16
TTL uint8
Protocol uint8
}
TCP struct {
Seq uint32
Ack uint32
DataOffset uint8
FIN, SYN, RST, PSH, ACK, URG, ECE, CWR, NS bool
Window uint16
Urgent uint16
}
UserAgent string
}
func NewPacket(goPkt gopacket.Packet) *Packet {
p := &Packet{}
if tcpLayer := goPkt.Layer(layers.LayerTypeTCP); tcpLayer != nil {
tcp, _ := tcpLayer.(*layers.TCP)
p.TCP.Seq = tcp.Seq
p.TCP.Ack = tcp.Ack
p.TCP.Window = tcp.Window
p.TCP.Urgent = tcp.Urgent
p.TCP.FIN = tcp.FIN
p.TCP.SYN = tcp.SYN
p.TCP.RST = tcp.RST
p.TCP.PSH = tcp.PSH
p.TCP.ACK = tcp.ACK
p.TCP.URG = tcp.URG
p.TCP.ECE = tcp.ECE
p.TCP.CWR = tcp.CWR
p.TCP.NS = tcp.NS
}
if ipLayer := goPkt.Layer(layers.LayerTypeIPv4); ipLayer != nil {
ip, _ := ipLayer.(*layers.IPv4)
p.IP.Flags = uint8(ip.Flags)
p.IP.FragOffset = ip.FragOffset
p.IP.IHL = ip.IHL
p.IP.Id = ip.Id
p.IP.Length = ip.Length
p.IP.Protocol = uint8(ip.Protocol)
p.IP.TOS = ip.TOS
p.IP.TTL = ip.TTL
p.IP.Version = ip.Version
}
ua := reUserAgent.FindString(string(goPkt.Data()))
if ua != "" {
p.UserAgent = ua
}
return p
}