#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright (c) 2016 Alvaro Nunez
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
----------------------------------------------------------------------------
SniffVPN -- Analyzer malicious urls over VPN
----------------------------------------------------------------------------
The author is not responsible for any misuse of the application!
"""
## LIBRARIES ##
import os
import subprocess
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
import argparse
from argparse import RawTextHelpFormatter
from scapy.all import *
from core.banners import get_banner
from core.logger import write_logger
from core.logjson import write_logjson
from core.vtanalyzer import vtanalyzer
from panel.server import *
## CONTEXT VARIABLES ##
version='0.2'
codename='Beta version'
interface='tun0' #Define the interface, tun0 for VPN
serverip = get_ip_address(interface)
serverport = 8000
count=0
logs=None
def parse_args():
parser = argparse.ArgumentParser(description="SniffVPN v{} - '{}'".format(version,codename)+"\nA tool to sniff all HTTP traffic passing through your VPN and analyzer malicious urls",
version="SniffVPN v{} - '{}'".format(version, codename),
usage='python SniffVPN.py [options]',
epilog="The author is not responsible for any misuse of the application",
formatter_class=RawTextHelpFormatter)
#parser.add_argument('-i', dest='interface', type=str, help="Interface to use for sniff, default tun0 for VPN")
parser.add_argument('--nologs', action='store_false', help="Disable logs")
return parser.parse_args()
#Function to detect if VPN is installed
def detectVPN():
#return(os.path.isdir("/etc/openvpn"))
output = subprocess.check_output("ifconfig | grep " + interface + " | wc -l", shell=True)
return output[0]
#Function to get the urls, http only
def packet(x):
getpacket=x.sprintf("{Raw:%Raw.load%\n}")
if getpacket[1:4]=="GET":
list=getpacket.split(r"\r\n")
if len(list)>2:
resource=list[0]
host=list[1]
url=host[6:]+resource[5:(len(resource)-9)]
#Info for logs
time=x.sprintf("%pkt.time%")
ipsrc=x.sprintf("%IP.src%")
ipdst=x.sprintf("%IP.dst%")
portsrc=x.sprintf("%IP.sport%")
portdst=x.sprintf("%IP.dport%")
iporig=getOriginalIP(ipsrc)
if host[6:] != (serverip + ":" + str(serverport)):
write_logjson(time,iporig,ipsrc,ipdst,portsrc,portdst,url)
vtanalyzer(url)
if logs:
write_logger(time,iporig,ipsrc,ipdst,portsrc,portdst,url)
return url+"\n"
#Function to get the original IP
def getOriginalIP(privip):
file=open('/var/log/openvpn-status.log','r')
for line in file:
if line.find(privip)==0:
ipOrig=line.split(',')
file.close()
return ipOrig[2].split(':')[0]
#Function main
def main():
#global interface
global logs
args=parse_args()
#interface=args.interface
logs=args.nologs
if detectVPN() == '1':
print get_banner()
start_server(serverport)
print chr(27) + "[0;92m" + '[*] Running server at ' + serverip + ':' + str(serverport) + '...'
print '[*] Can see statics and logs at ' + serverip + ':' + str(serverport) + '/panel\n' + chr(27) + "[0;0m"
#Start sniff, method from scapy
sniff(iface=interface, prn=packet, count=count)
else:
print 'Installing OpenVPN undetected\nPlease check OpenVPN is installed correctly'
main()
