#!/usr/bin/env python # -*- coding: utf-8 -*- # Copyright (c) 2016 Alvaro Nunez # #This program is free software: you can redistribute it and/or modify #it under the terms of the GNU General Public License as published by #the Free Software Foundation, either version 3 of the License, or #(at your option) any later version. # #This program is distributed in the hope that it will be useful, #but WITHOUT ANY WARRANTY; without even the implied warranty of #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #GNU General Public License for more details. # #You should have received a copy of the GNU General Public License #along with this program. If not, see <http://www.gnu.org/licenses/>. """ ---------------------------------------------------------------------------- SniffVPN -- Analyzer malicious urls over VPN ---------------------------------------------------------------------------- The author is not responsible for any misuse of the application! """ ## LIBRARIES ## import os import subprocess import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) import argparse from argparse import RawTextHelpFormatter from scapy.all import * from core.banners import get_banner from core.logger import write_logger from core.logjson import write_logjson from core.vtanalyzer import vtanalyzer from panel.server import * ## CONTEXT VARIABLES ## version='0.2' codename='Beta version' interface='tun0' #Define the interface, tun0 for VPN serverip = get_ip_address(interface) serverport = 8000 count=0 logs=None def parse_args(): parser = argparse.ArgumentParser(description="SniffVPN v{} - '{}'".format(version,codename)+"\nA tool to sniff all HTTP traffic passing through your VPN and analyzer malicious urls", version="SniffVPN v{} - '{}'".format(version, codename), usage='python SniffVPN.py [options]', epilog="The author is not responsible for any misuse of the application", formatter_class=RawTextHelpFormatter) #parser.add_argument('-i', dest='interface', type=str, help="Interface to use for sniff, default tun0 for VPN") parser.add_argument('--nologs', action='store_false', help="Disable logs") return parser.parse_args() #Function to detect if VPN is installed def detectVPN(): #return(os.path.isdir("/etc/openvpn")) output = subprocess.check_output("ifconfig | grep " + interface + " | wc -l", shell=True) return output[0] #Function to get the urls, http only def packet(x): getpacket=x.sprintf("{Raw:%Raw.load%\n}") if getpacket[1:4]=="GET": list=getpacket.split(r"\r\n") if len(list)>2: resource=list[0] host=list[1] url=host[6:]+resource[5:(len(resource)-9)] #Info for logs time=x.sprintf("%pkt.time%") ipsrc=x.sprintf("%IP.src%") ipdst=x.sprintf("%IP.dst%") portsrc=x.sprintf("%IP.sport%") portdst=x.sprintf("%IP.dport%") iporig=getOriginalIP(ipsrc) if host[6:] != (serverip + ":" + str(serverport)): write_logjson(time,iporig,ipsrc,ipdst,portsrc,portdst,url) vtanalyzer(url) if logs: write_logger(time,iporig,ipsrc,ipdst,portsrc,portdst,url) return url+"\n" #Function to get the original IP def getOriginalIP(privip): file=open('/var/log/openvpn-status.log','r') for line in file: if line.find(privip)==0: ipOrig=line.split(',') file.close() return ipOrig[2].split(':')[0] #Function main def main(): #global interface global logs args=parse_args() #interface=args.interface logs=args.nologs if detectVPN() == '1': print get_banner() start_server(serverport) print chr(27) + "[0;92m" + '[*] Running server at ' + serverip + ':' + str(serverport) + '...' print '[*] Can see statics and logs at ' + serverip + ':' + str(serverport) + '/panel\n' + chr(27) + "[0;0m" #Start sniff, method from scapy sniff(iface=interface, prn=packet, count=count) else: print 'Installing OpenVPN undetected\nPlease check OpenVPN is installed correctly' main()