Attachment #204357 for bug #237879

View | Details | Raw Unified | Return to bug 237879
Collapse All | Expand All

Lines 3-9 Link Here

(-)Makefile (-1 / +1 lines)
3		3
4	PORTNAME= dsniff	4	PORTNAME= dsniff
5	DISTVERSION= 2.4b1	5	DISTVERSION= 2.4b1
6	PORTREVISION= 2	6	PORTREVISION= 3
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= http://www.monkey.org/~dugsong/${PORTNAME}/beta/ \	8	MASTER_SITES= http://www.monkey.org/~dugsong/${PORTNAME}/beta/ \
9	LOCAL/sbz	9	LOCAL/sbz




--- Makefile.in.orig	2019-05-13 13:40:23 UTC
+++ Makefile.in
@@ -26,7 +26,7 @@ LNETINC = @LNETINC@
 LNETLIB = @LNETLIB@

 
 INSTALL	= @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -76,23 +75,24 @@ CONFIGS	= dsniff.magic dsniff.services dnsspoof.hosts
 .c.o:
 	$(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c
 

-	$(RANLIB) $@
+nfs_prot.c: nfs_prot.x nfs_prot.h
+	rpcgen -c nfs_prot.x -o $@
 
+nfs_prot.h: nfs_prot.x
+	rpcgen -h nfs_prot.x -o $@
+
+filesnarf.c: nfs_prot.h
+
 dsniff: $(HDRS) $(SRCS) $(OBJS)
 	$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
 
@@ -156,7 +156,7 @@ install:
 	done
 




--- arpspoof.c.orig	2019-05-13 13:40:23 UTC
+++ arpspoof.c
@@ -13,7 +13,10 @@
 
 #include <sys/types.h>

 static struct ether_addr spoof_mac, target_mac;
 static in_addr_t spoof_ip, target_ip;
 static char *intf;
@@ -41,47 +44,49 @@ usage(void)
 }
 
 static int

 }
 
 #ifdef __linux__
@@ -119,7 +124,7 @@ arp_find(in_addr_t ip, struct ether_addr *mac)
 		/* XXX - force the kernel to arp. feh. */
 		arp_force(ip);
 #else

 #endif
 		sleep(1);
 	}
@@ -136,9 +141,9 @@ cleanup(int sig)
 	if (arp_find(spoof_ip, &spoof_mac)) {
 		for (i = 0; i < 3; i++) {
 			/* XXX - on BSD, requires ETHERSPOOF kernel. */

 				 target_ip);
 			sleep(1);
 		}
@@ -151,7 +156,8 @@ main(int argc, char *argv[])
 {
 	extern char *optarg;
 	extern int optind;

 	int c;
 	
 	intf = NULL;
@@ -163,7 +169,7 @@ main(int argc, char *argv[])
 			intf = optarg;
 			break;
 		case 't':

 				usage();
 			break;
 		default:
@@ -176,26 +182,26 @@ main(int argc, char *argv[])
 	if (argc != 1)
 		usage();
 	




--- dnsspoof.c.orig	2019-05-13 13:40:23 UTC
+++ dnsspoof.c
@@ -38,7 +38,7 @@ SLIST_HEAD(, dnsent) dns_entries;
 
 pcap_t		*pcap_pd = NULL;
 int		 pcap_off = -1;

 u_long		 lnet_ip = -1;
 
 static void
@@ -90,19 +90,18 @@ static void
 dns_init(char *dev, char *filename)
 {
 	FILE *f;

 
 	SLIST_INIT(&dns_entries);
 	
@@ -180,7 +179,7 @@ dns_lookup_ptr(const char *name)
 static void
 dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt)
 {

 	struct libnet_udp_hdr *udp;
 	HEADER *dns;
 	char name[MAXHOSTNAMELEN];
@@ -189,7 +188,7 @@ dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr,
 	in_addr_t dst;
 	u_short type, class;
 

 	udp = (struct libnet_udp_hdr *)(pkt + pcap_off + (ip->ip_hl * 4));
 	dns = (HEADER *)(udp + 1);
 	p = (u_char *)(dns + 1);
@@ -212,7 +211,7 @@ dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr,
 	if (class != C_IN)
 		return;
 

 	
 	if (type == T_A) {
 		if ((dst = dns_lookup_a(name)) == -1)
@@ -234,38 +233,38 @@ dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr,
 		anslen += 12;
 	}
 	else return;

 	pcap_close(pcap_pd);
 	exit(0);
 }
@@ -276,6 +275,7 @@ main(int argc, char *argv[])
 	extern char *optarg;
 	extern int optind;
 	char *p, *dev, *hosts, buf[1024];

 	int i;
 
 	dev = hosts = NULL;
@@ -306,7 +306,7 @@ main(int argc, char *argv[])
 		strlcpy(buf, p, sizeof(buf));
 	}
 	else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",

 	
 	if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
 		errx(1, "couldn't initialize sniffing");
@@ -314,10 +314,10 @@ main(int argc, char *argv[])
 	if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
 		errx(1, "couldn't determine link layer offset");
 	




--- dsniff.8.orig	2000-12-15 16:05:36 UTC
+++ dsniff.8
@@ -10,7 +10,7 @@ password sniffer
 .nf
 .fi
 \fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
 [\fB-t \fItrigger[,...]\fR]]
 [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
 .SH DESCRIPTION
@@ -45,6 +45,9 @@ Enable automatic protocol detection.
 Do not resolve IP addresses to hostnames.
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Rather than processing the contents of packets observed upon the network 
+process the given PCAP capture file.
 .IP "\fB-s \fIsnaplen\fR"
 Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
 rather than the default of 1024.




--- dsniff.c.orig	2001-03-15 08:33:03 UTC
+++ dsniff.c
@@ -46,8 +46,9 @@ static void
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
-		"              [-t trigger[,...]] [-r|-w savefile] [expression]\n");
+		"Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
+		"              [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
+		"              [expression]\n");
 	exit(1);
 }
 
@@ -79,7 +80,7 @@ main(int argc, char *argv[])
 
 	services = savefile = triggers = NULL;
 	
-	while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
+	while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
 		switch (c) {
 		case 'c':
 			Opt_client = 1;
@@ -99,6 +100,9 @@ main(int argc, char *argv[])
 		case 'n':
 			Opt_dns = 0;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'r':
 			Opt_read = 1;
 			savefile = optarg;
@@ -168,10 +172,23 @@ main(int argc, char *argv[])
 	else nids_register_tcp(trigger_tcp);
 	
 	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
+		if (nids_params.filename == NULL) {
+			warnx("listening on %s [%s]", nids_params.device,
+		        nids_params.pcap_filter);
+		}
+		else {
+			warnx("using %s [%s]", nids_params.filename,
+		        nids_params.pcap_filter);
+		}
 	}
-	else warnx("listening on %s", nids_params.device);
+	else {
+		if (nids_params.filename == NULL) {
+			warnx("listening on %s", nids_params.device);
+		}
+		else {
+			warnx("using %s", nids_params.filename);
+		}
+	}
 	
 	nids_run();
 	




--- filesnarf.8.orig	2000-11-19 06:23:33 UTC
+++ filesnarf.8
@@ -9,7 +9,7 @@ sniff files from NFS traffic
 .na
 .nf
 .fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -18,6 +18,8 @@ working directory.
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 files.

Lines 1-6 Link Here

(-)files/patch-filesnarf.c (-4 / +59 lines)
1	--- ./filesnarf.c.orig 2001-03-15 09:33:03.000000000 +0100	1	--- filesnarf.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./filesnarf.c 2014-07-22 13:20:14.000000000 +0200	2	+++ filesnarf.c
3	@@ -134,8 +134,8 @@	3	@@ -51,7 +51,7 @@ static void
		4	usage(void)
		5	{
		6	fprintf(stderr, "Version: " VERSION "\n"
		7	- "Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
		8	+ "Usage: filesnarf [-i interface \| -p pcapfile] [[-v] pattern [expression]]\n");
		9	exit(1);
		10	}
		11
		12	@@ -134,8 +134,8 @@ nfs_save(struct tuple4 addr, struct myreadargs ma, u
4	int fd;	13	int fd;
5		14
6	warnx("%s.%d > %s.%d: %s (%d@%d)",	15	warnx("%s.%d > %s.%d: %s (%d@%d)",
Lines 11-17 Link Here
11	ma->filename, len, ma->offset);	20	ma->filename, len, ma->offset);
12		21
13	if ((fd = open(ma->filename, O_WRONLY\|O_CREAT, 0644)) >= 0) {	22	if ((fd = open(ma->filename, O_WRONLY\|O_CREAT, 0644)) >= 0) {
14	@@ -353,7 +353,7 @@	23	@@ -353,7 +353,7 @@ decode_nfs(struct tuple4 addr, u_char buf, int len)
15	}	24	}
16		25
17	static void	26	static void
Lines 20-22 Link Here
20	{	29	{
21	static struct tuple4 addr;	30	static struct tuple4 addr;
22	struct libnet_udp_hdr *udp;	31	struct libnet_udp_hdr *udp;
		32	@@ -464,11 +464,14 @@ main(int argc, char *argv[])
		33	extern int optind;
		34	int c;
		35
		36	- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
		37	+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
		38	switch (c) {
		39	case 'i':
		40	nids_params.device = optarg;
		41	break;
		42	+ case 'p':
		43	+ nids_params.filename = optarg;
		44	+ break;
		45	case 'v':
		46	Opt_invert = 1;
		47	break;
		48	@@ -498,11 +501,24 @@ main(int argc, char *argv[])
		49	nids_register_ip(decode_udp_nfs);
		50	nids_register_tcp(decode_tcp_nfs);
		51
		52	- if (nids_params.pcap_filter != NULL) {
		53	- warnx("listening on %s [%s]", nids_params.device,
		54	- nids_params.pcap_filter);
		55	- }
		56	- else warnx("listening on %s", nids_params.device);
		57	+ if (nids_params.pcap_filter != NULL) {
		58	+ if (nids_params.filename == NULL) {
		59	+ warnx("listening on %s [%s]", nids_params.device,
		60	+ nids_params.pcap_filter);
		61	+ }
		62	+ else {
		63	+ warnx("using %s [%s]", nids_params.filename,
		64	+ nids_params.pcap_filter);
		65	+ }
		66	+ }
		67	+ else {
		68	+ if (nids_params.filename == NULL) {
		69	+ warnx("listening on %s", nids_params.device);
		70	+ }
		71	+ else {
		72	+ warnx("using %s", nids_params.filename);
		73	+ }
		74	+ }
		75
		76	nids_run();
		77




--- macof.c.orig	2019-05-13 13:40:23 UTC
+++ macof.c
@@ -48,8 +48,8 @@ usage(void)
 static void
 gen_mac(u_char *mac)
 {

 }
 
 int
@@ -59,22 +59,23 @@ main(int argc, char *argv[])
 	extern int optind;
 	int c, i;
 	struct libnet_link_int *llif;

 			break;
 		case 'e':
 			Tha = (u_char *)ether_aton(optarg);
@@ -101,13 +102,13 @@ main(int argc, char *argv[])
 	if (argc != 0)
 		usage();
 	

 	
 	for (i = 0; i != Repeat; i++) {
 		
@@ -117,39 +118,39 @@ main(int argc, char *argv[])
 		else memcpy(tha, Tha, sizeof(tha));
 		
 		if (Src != 0) src = Src;

+		else dport = libnet_get_prand(LIBNET_PRu16);
 
-		seq = libnet_get_prand(PRu32);
+		seq = libnet_get_prand(LIBNET_PRu32);
 		
-		libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);
-		
-		libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,
-				IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);
-		
 		
 		libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,
-				 0, NULL, 0, pkt + ETH_H + IP_H);
+				 0, 0, LIBNET_TCP_H, NULL, 0, l, 0);




--- mailsnarf.8.orig	2000-11-19 06:09:28 UTC
+++ mailsnarf.8
@@ -9,7 +9,7 @@ sniff mail messages in Berkeley mbox format
 .na
 .nf
 .fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -19,6 +19,8 @@ your favorite mail reader (mail(1), pine(1), etc.).
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 messages.




--- mailsnarf.c.orig	2001-03-15 08:33:04 UTC
+++ mailsnarf.c
@@ -59,7 +59,7 @@ static void
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -344,11 +344,14 @@ main(int argc, char *argv[])
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+                case 'p':
+                        nids_params.filename = optarg;
+                        break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -378,10 +381,23 @@ main(int argc, char *argv[])
 	nids_register_tcp(sniff_pop_session);
 
 	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
+                if (nids_params.filename == NULL) {
+		        warnx("listening on %s [%s]", nids_params.device,
+		              nids_params.pcap_filter);
+                }
+                else {
+		        warnx("using %s [%s]", nids_params.filename,
+		              nids_params.pcap_filter);
+                }
 	}
-	else warnx("listening on %s", nids_params.device);
+	else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 	
 	nids_run();
 	




--- msgsnarf.8.orig	2000-11-19 06:10:50 UTC
+++ msgsnarf.8
@@ -9,7 +9,7 @@ sniff chat messages
 .na
 .nf
 .fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -19,6 +19,8 @@ sessions.
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 messages.




--- msgsnarf.c.orig	2001-03-15 08:33:04 UTC
+++ msgsnarf.c
@@ -44,7 +44,7 @@ static void
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -632,11 +632,14 @@ main(int argc, char *argv[])
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -665,11 +668,24 @@ main(int argc, char *argv[])
 	
 	nids_register_tcp(sniff_msgs);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	

Lines 1-4 Link Here

(-)files/patch-pcaputil.c (-2 / +2 lines)
1	--- pcaputil.c.orig 2001-03-15 08:33:04 UTC	1	--- pcaputil.c.orig 2019-05-13 13:40:23 UTC
2	+++ pcaputil.c	2	+++ pcaputil.c
3	@@ -17,20 +17,9 @@	3	@@ -17,20 +17,9 @@
4	#include <string.h>	4	#include <string.h>
Lines 21-27 Link Here
21	int	21	int
22	pcap_dloff(pcap_t *pd)	22	pcap_dloff(pcap_t *pd)
23	{	23	{
24	@@ -87,12 +76,6 @@ pcap_init(char intf, char filter, int	24	@@ -87,12 +76,6 @@ pcap_init(char intf, char filter, int snaplen)
25	pcap_perror(pd, "pcap_compile");	25	pcap_perror(pd, "pcap_compile");
26	return (NULL);	26	return (NULL);
27	}	27	}

Lines 1-6 Link Here

(-)files/patch-record.c (-3 / +3 lines)
1	--- ./record.c.orig 2001-03-15 09:33:04.000000000 +0100	1	--- record.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./record.c 2014-07-22 13:20:14.000000000 +0200	2	+++ record.c
3	@@ -65,8 +65,8 @@	3	@@ -65,8 +65,8 @@ record_print(struct rec *rec)
4	tm = localtime(&rec->time);	4	tm = localtime(&rec->time);
5	strftime(tstr, sizeof(tstr), "%x %X", tm);	5	strftime(tstr, sizeof(tstr), "%x %X", tm);
6		6

Lines 1-6 Link Here

(-)files/patch-sshcrypto.c (-2 / +2 lines)
1	$OpenBSD: patch-sshcrypto_c,v 1.3 2015/05/29 15:57:29 jca Exp $	1	$OpenBSD: patch-sshcrypto_c,v 1.3 2015/05/29 15:57:29 jca Exp $
2	--- sshcrypto.c.orig Tue Nov 28 22:23:28 2000	2	--- sshcrypto.c.orig 2019-05-13 13:40:23 UTC
3	+++ sshcrypto.c Fri May 29 17:56:22 2015	3	+++ sshcrypto.c
4	@@ -15,7 +15,9 @@	4	@@ -15,7 +15,9 @@
5	#include <sys/types.h>	5	#include <sys/types.h>
6	#include <openssl/ssl.h>	6	#include <openssl/ssl.h>




--- sshmitm.c.orig	2019-05-13 13:40:23 UTC
+++ sshmitm.c
@@ -41,7 +41,7 @@ int	 mitm_fd;
 int	 client_fd, server_fd;
 SSH_CTX	*ssh_client_ctx, *ssh_server_ctx;
 SSH	*ssh_client, *ssh_server;
-struct	 sockaddr_in csin, ssin;
+struct	 sockaddr_in _________csin, ssin;
 int	 sig_pipe[2];
 
 static void
@@ -148,7 +148,7 @@ mitm_child(void)
 	
 	if (Opt_debug)
 		warnx("new connection from %s.%d",
-		      inet_ntoa(csin.sin_addr), ntohs(csin.sin_port));
+		      inet_ntoa(_________csin.sin_addr), ntohs(_________csin.sin_port));
 	
 	if (fcntl(client_fd, F_SETFL, 0) == -1)
 		err(1, "fcntl");
@@ -237,10 +237,10 @@ mitm_child(void)
 				}
 				else {
 					pass_done = 1;
-					record(csin.sin_addr.s_addr,
+					record(_________csin.sin_addr.s_addr,
 					       ssin.sin_addr.s_addr,
 					       IPPROTO_TCP,
-					       ntohs(csin.sin_port),
+					       ntohs(_________csin.sin_port),
 					       ntohs(ssin.sin_port), "ssh",
 					       userpass, strlen(userpass));
 				}
@@ -326,7 +326,7 @@ mitm_run(void)
 			if (errno != EINTR)
 				err(1, "select");
 		}
-		i = sizeof(csin);
+		i = sizeof(_________csin);
 		
 		if (FD_ISSET(sig_pipe[0], &fds)) {
 			while (read(sig_pipe[0], buf, 1) == 1)
@@ -336,7 +336,7 @@ mitm_run(void)
 		}
 		if (FD_ISSET(mitm_fd, &fds)) {
 			client_fd = accept(mitm_fd,
-					   (struct sockaddr *)&csin, &i);
+					   (struct sockaddr *)&_________csin, &i);
 
 			if (client_fd >= 0) {
 				if (fork() == 0) {
@@ -389,7 +389,7 @@ main(int argc, char *argv[])
 	if (argc < 1)
 		usage();
 	




--- sshow.8.orig	2001-03-17 05:37:47 UTC
+++ sshow.8
@@ -9,7 +9,7 @@ SSH traffic analysis tool
 .na
 .nf
 .fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
 .SH DESCRIPTION
 .ad
 .fi
@@ -28,6 +28,8 @@ The following advisory describes the attacks implement
 Enable verbose debugging output.
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP "\fIexpression\fR"
 Specify a tcpdump(8) filter expression to select traffic to sniff.
 .SH "SEE ALSO"




--- sshow.c.orig	2001-03-19 06:52:15 UTC
+++ sshow.c
@@ -81,7 +81,7 @@ static clock_t now;
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+	fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
 	exit(1);
 }
 
@@ -615,7 +615,7 @@ main(int argc, char *argv[])
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "di:h?")) != -1) {
+	while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
 		switch (c) {
 		case 'd':
 			debug++;
@@ -623,6 +623,9 @@ main(int argc, char *argv[])
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		default:
 			usage();
 			break;
@@ -651,11 +654,24 @@ main(int argc, char *argv[])
 	
 	nids_register_tcp(process_event);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	

Lines 1-6 Link Here

(-)files/patch-tcp_raw.c (-4 / +4 lines)
1	--- ./tcp_raw.c.orig 2001-03-15 09:33:04.000000000 +0100	1	--- tcp_raw.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./tcp_raw.c 2014-07-22 13:20:14.000000000 +0200	2	+++ tcp_raw.c
3	@@ -119,7 +119,7 @@	3	@@ -119,7 +119,7 @@ tcp_raw_reassemble(struct tcp_conn *conn, int minlen)
4	}	4	}
5		5
6	struct iovec *	6	struct iovec *
Lines 9-15 Link Here
9	{	9	{
10	struct tha tha;	10	struct tha tha;
11	struct tcp_conn *conn;	11	struct tcp_conn *conn;
12	@@ -131,7 +131,7 @@	12	@@ -131,7 +131,7 @@ tcp_raw_input(struct libnet_ip_hdr *ip, struct libnet_
13		13
14	/* Verify TCP checksum. */	14	/* Verify TCP checksum. */
15	cksum = tcp->th_sum;	15	cksum = tcp->th_sum;

Lines 1-6 Link Here

(-)files/patch-tcp_raw.h (-3 / +3 lines)
1	--- ./tcp_raw.h.orig 2001-03-15 09:33:06.000000000 +0100	1	--- tcp_raw.h.orig 2019-05-13 13:40:23 UTC
2	+++ ./tcp_raw.h 2014-07-22 13:20:14.000000000 +0200	2	+++ tcp_raw.h
3	@@ -15,7 +15,7 @@	3	@@ -15,7 +15,7 @@ typedef void (*tcp_raw_callback_t)(in_addr_t src, in_a
4	u_short sport, u_short dport,	4	u_short sport, u_short dport,
5	u_char *buf, int len);	5	u_char *buf, int len);
6		6




--- tcpkill.c.orig	2019-05-13 13:40:23 UTC
+++ tcpkill.c
@@ -39,17 +39,18 @@ usage(void)
 static void
 tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
 {

 	if (ip->ip_p != IPPROTO_TCP)
 		return;
 	
@@ -57,35 +58,32 @@ tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pc
 	if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST))
 		return;
 

+		libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
+				 seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, 
+				 NULL, 0, l, 0);
 		
+		libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
+				  libnet_get_prand(LIBNET_PRu16), 0, 64,
+				  IPPROTO_TCP, 0, ip->ip_dst.s_addr,

+		
+		if (libnet_write(l) < 0)
+			warn("write");
+		
 		fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq);
 	}
 }
@@ -95,8 +93,10 @@ main(int argc, char *argv[])
 {
 	extern char *optarg;
 	extern int optind;

 	pcap_t *pd;
 	
 	intf = NULL;
@@ -136,14 +136,14 @@ main(int argc, char *argv[])
 	if ((pcap_off = pcap_dloff(pd)) < 0)
 		errx(1, "couldn't determine link layer offset");
 	

Lines 1-6 Link Here

(-)files/patch-tcpnice.c (-8 / +8 lines)
1	--- ./tcpnice.c.orig 2001-03-17 08:41:51.000000000 +0100	1	--- tcpnice.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./tcpnice.c 2014-07-22 13:20:14.000000000 +0200	2	+++ tcpnice.c
3	@@ -41,107 +41,106 @@	3	@@ -41,107 +41,106 @@ usage(void)
4	}	4	}
5		5
6	static void	6	static void
Lines 106-113 Link Here
106	+ memcpy((u_char )icmp + LIBNET_ICMPV4_MASK_H, (u_char )ip, len);	106	+ memcpy((u_char )icmp + LIBNET_ICMPV4_MASK_H, (u_char )ip, len);
107		107
108	- libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len);	108	- libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len);
109	-
110	- len += (IP_H + ICMP_MASK_H);
111	+ len += LIBNET_ICMPV4_MASK_H;	109	+ len += LIBNET_ICMPV4_MASK_H;
112	+	110	+
113	+ libnet_build_ipv4(LIBNET_IPV4_H + len, 4,	111	+ libnet_build_ipv4(LIBNET_IPV4_H + len, 4,
Lines 115-120 Link Here
115	+ 0, ip->ip_dst.s_addr, ip->ip_src.s_addr,	113	+ 0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
116	+ (u_int8_t *) icmp, len, l, 0);	114	+ (u_int8_t *) icmp, len, l, 0);
117		115
		116	- len += (IP_H + ICMP_MASK_H);
		117	-
118	- if (libnet_write_ip(sock, buf, len) != len)	118	- if (libnet_write_ip(sock, buf, len) != len)
119	+ if (libnet_write(l) != len)	119	+ if (libnet_write(l) != len)
120	warn("write");	120	warn("write");
Lines 149-155 Link Here
149	if (ip->ip_p != IPPROTO_TCP)	149	if (ip->ip_p != IPPROTO_TCP)
150	return;	150	return;
151		151
152	@@ -151,11 +150,11 @@	152	@@ -151,11 +150,11 @@ tcp_nice_cb(u_char user, const struct pcap_pkthdr pc
153		153
154	if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) {	154	if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) {
155	if (Opt_icmp)	155	if (Opt_icmp)
Lines 164-170 Link Here
164	}	164	}
165	}	165	}
166		166
167	@@ -164,8 +163,10 @@	167	@@ -164,8 +163,10 @@ main(int argc, char *argv[])
168	{	168	{
169	extern char *optarg;	169	extern char *optarg;
170	extern int optind;	170	extern int optind;
Lines 176-182 Link Here
176	pcap_t *pd;	176	pcap_t *pd;
177		177
178	intf = NULL;	178	intf = NULL;
179	@@ -209,14 +210,14 @@	179	@@ -209,14 +210,14 @@ main(int argc, char *argv[])
180	if ((pcap_off = pcap_dloff(pd)) < 0)	180	if ((pcap_off = pcap_dloff(pd)) < 0)
181	errx(1, "couldn't determine link layer offset");	181	errx(1, "couldn't determine link layer offset");
182		182




--- trigger.c.orig	2019-05-13 13:40:23 UTC
+++ trigger.c
@@ -276,7 +276,7 @@ trigger_dump(void)
 }
 	
 void

 {
 	struct trigger *t, tr;
 	u_char *buf;
@@ -305,7 +305,7 @@ trigger_ip(struct libnet_ip_hdr *ip)
 
 /* libnids needs a nids_register_udp()... */
 void

 {
 	struct trigger *t, tr;
 	struct libnet_udp_hdr *udp;
@@ -437,7 +437,7 @@ trigger_tcp(struct tcp_stream *ts, void **conn_save)
 }
 
 void

Lines 1-6 Link Here

(-)files/patch-trigger.h (-3 / +3 lines)
1	--- ./trigger.h.orig 2001-03-15 09:33:06.000000000 +0100	1	--- trigger.h.orig 2019-05-13 13:40:23 UTC
2	+++ ./trigger.h 2014-07-22 13:20:14.000000000 +0200	2	+++ trigger.h
3	@@ -24,10 +24,10 @@	3	@@ -24,10 +24,10 @@ int trigger_set_udp(int port, char *name);
4	int trigger_set_tcp(int port, char *name);	4	int trigger_set_tcp(int port, char *name);
5	int trigger_set_rpc(int program, char *name);	5	int trigger_set_rpc(int program, char *name);
6		6




--- urlsnarf.8.orig	2000-11-19 06:24:51 UTC
+++ urlsnarf.8
@@ -9,7 +9,7 @@ sniff HTTP requests in Common Log Format
 .na
 .nf
 .fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -21,6 +21,9 @@ offline post-processing with your favorite web log ana
 .IP \fB-n\fR
 Do not resolve IP addresses to hostnames.
 .IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 URLs.

Lines 1-6 Link Here

(-)files/patch-urlsnarf.c (-3 / +55 lines)
1	--- ./urlsnarf.c.orig 2001-03-15 10:26:13.000000000 +0100	1	--- urlsnarf.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./urlsnarf.c 2014-07-22 13:20:14.000000000 +0200	2	+++ urlsnarf.c
3	@@ -145,14 +145,14 @@	3	@@ -41,7 +41,7 @@ static void
		4	usage(void)
		5	{
		6	fprintf(stderr, "Version: " VERSION "\n"
		7	- "Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
		8	+ "Usage: urlsnarf [-n] [-i interface \| -p pcapfile] [[-v] pattern [expression]]\n");
		9	exit(1);
		10	}
		11
		12	@@ -145,14 +145,14 @@ process_http_request(struct tuple4 addr, u_char data
4	if (user == NULL)	13	if (user == NULL)
5	user = "-";	14	user = "-";
6	if (vhost == NULL)	15	if (vhost == NULL)
Lines 17-19 Link Here
17	user, timestamp(), req, vhost, uri, referer, agent);	26	user, timestamp(), req, vhost, uri, referer, agent);
18	}	27	}
19	fflush(stdout);	28	fflush(stdout);
		29	@@ -201,11 +201,14 @@ main(int argc, char *argv[])
		30	extern int optind;
		31	int c;
		32
		33	- while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
		34	+ while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
		35	switch (c) {
		36	case 'i':
		37	nids_params.device = optarg;
		38	break;
		39	+ case 'p':
		40	+ nids_params.filename = optarg;
		41	+ break;
		42	case 'n':
		43	Opt_dns = 0;
		44	break;
		45	@@ -238,8 +241,24 @@ main(int argc, char *argv[])
		46
		47	nids_register_tcp(sniff_http_client);
		48
		49	- warnx("listening on %s [%s]", nids_params.device,
		50	- nids_params.pcap_filter);
		51	+ if (nids_params.pcap_filter != NULL) {
		52	+ if (nids_params.filename == NULL) {
		53	+ warnx("listening on %s [%s]", nids_params.device,
		54	+ nids_params.pcap_filter);
		55	+ }
		56	+ else {
		57	+ warnx("using %s [%s]", nids_params.filename,
		58	+ nids_params.pcap_filter);
		59	+ }
		60	+ }
		61	+ else {
		62	+ if (nids_params.filename == NULL) {
		63	+ warnx("listening on %s", nids_params.device);
		64	+ }
		65	+ else {
		66	+ warnx("using %s", nids_params.filename);
		67	+ }
		68	+ }
		69
		70	nids_run();
		71




--- webmitm.c.orig	2019-05-13 13:40:23 UTC
+++ webmitm.c
@@ -43,7 +43,7 @@ int	 http_fd, https_fd;
 int	 client_fd, server_fd;
 SSL_CTX	*ssl_client_ctx, *ssl_server_ctx;
 SSL	*ssl_client, *ssl_server;
-struct	 sockaddr_in csin, ssin;
+struct	 sockaddr_in _________csin, ssin;
 int	 do_ssl, sig_pipe[2];
 in_addr_t	static_host = 0;
 
@@ -101,8 +101,8 @@ grep_passwords(char *buf, int len)
 	char obuf[1024];
 	
 	if ((len = decode_http(buf, len, obuf, sizeof(obuf))) > 0) {
-		record(csin.sin_addr.s_addr, ssin.sin_addr.s_addr,
-		       IPPROTO_TCP, ntohs(csin.sin_port), ntohs(ssin.sin_port),
+		record(_________csin.sin_addr.s_addr, ssin.sin_addr.s_addr,
+		       IPPROTO_TCP, ntohs(_________csin.sin_port), ntohs(ssin.sin_port),
 		       "http", obuf, len);
 	}
 }
@@ -242,7 +242,7 @@ server_init(char *buf, int size)
 			word = buf_tok(&msg, "/", 1);
 			vhost = buf_strdup(word);
 		}

 		free(vhost);
 		
 		if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
@@ -355,7 +355,7 @@ mitm_child(void)
 	
 	if (Opt_debug)
 		warnx("new connection from %s.%d",
-		      inet_ntoa(csin.sin_addr), ntohs(csin.sin_port));
+		      inet_ntoa(_________csin.sin_addr), ntohs(_________csin.sin_port));
 
 	client_init();
 	
@@ -363,7 +363,7 @@ mitm_child(void)
 		err(1, "client_request");
 
 	if (Opt_debug)
-		warnx("%d bytes from %s", i, inet_ntoa(csin.sin_addr));
+		warnx("%d bytes from %s", i, inet_ntoa(_________csin.sin_addr));
 	
 	if (Opt_debug > 1)
 		write(STDERR_FILENO, buf, i);
@@ -393,7 +393,7 @@ mitm_child(void)
 			
 			if (Opt_debug)
 				warnx("%d bytes from %s",
-				      i, inet_ntoa(csin.sin_addr));
+				      i, inet_ntoa(_________csin.sin_addr));
 
 			if (Opt_debug > 1)
 				write(STDERR_FILENO, buf, i);
@@ -456,7 +456,7 @@ mitm_run(void)
 			if (errno != EINTR)
 				err(1, "select");
 		}
-		i = sizeof(csin);
+		i = sizeof(_________csin);
 		
 		if (FD_ISSET(sig_pipe[0], &fds)) {
 			while (read(sig_pipe[0], &i, 1) == 1)
@@ -466,11 +466,11 @@ mitm_run(void)
 			continue;
 		}
 		if (FD_ISSET(http_fd, &fds)) {
-			client_fd = accept(http_fd, (struct sockaddr *)&csin, &i);
+			client_fd = accept(http_fd, (struct sockaddr *)&_________csin, &i);
 			do_ssl = 0;
 		}
 		else if (FD_ISSET(https_fd, &fds)) {
-			client_fd = accept(https_fd, (struct sockaddr *)&csin, &i);
+			client_fd = accept(https_fd, (struct sockaddr *)&_________csin, &i);
 			do_ssl = 1;
 		}
 		else errx(1, "select failure");
@@ -510,7 +510,7 @@ main(int argc, char *argv[])
 	argv += optind;
 
 	if (argc == 1) {




--- webspy.8.orig	2000-11-14 15:51:05 UTC
+++ webspy.8
@@ -9,7 +9,7 @@ display sniffed URLs in Netscape in real-time
 .na
 .nf
 .fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
 .SH DESCRIPTION
 .ad
 .fi
@@ -20,6 +20,8 @@ running on your local X display ahead of time.
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fIhost\fR
 Specify the web client to spy on.
 .SH "SEE ALSO"

Lines 1-6 Link Here

(-)files/patch-webspy.c (-4 / +44 lines)
1	--- ./webspy.c.orig 2001-03-15 09:33:05.000000000 +0100	1	--- webspy.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./webspy.c 2014-07-22 13:20:14.000000000 +0200	2	+++ webspy.c
3	@@ -126,7 +126,7 @@	3	@@ -42,7 +42,7 @@ static void
		4	usage(void)
		5	{
		6	fprintf(stderr, "Version: " VERSION "\n"
		7	- "Usage: %s [-i interface] host\n", progname);
		8	+ "Usage: %s [-i interface \| -p pcapfile] host\n", progname);
		9	exit(1);
		10	}
		11
		12	@@ -126,7 +126,7 @@ process_http_request(struct tuple4 addr, u_char data
4	if (auth == NULL)	13	if (auth == NULL)
5	auth = "";	14	auth = "";
6	if (vhost == NULL)	15	if (vhost == NULL)
Lines 9-15 Link Here
9		18
10	snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)",	19	snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)",
11	auth, *auth ? "@" : "", vhost, uri);	20	auth, *auth ? "@" : "", vhost, uri);
12	@@ -202,7 +202,7 @@	21	@@ -184,11 +184,14 @@ main(int argc, char *argv[])
		22	extern int optind;
		23	int c;
		24
		25	- while ((c = getopt(argc, argv, "i:h?V")) != -1) {
		26	+ while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
		27	switch (c) {
		28	case 'i':
		29	nids_params.device = optarg;
		30	break;
		31	+ case 'p':
		32	+ nids_params.filename = optarg;
		33	+ break;
		34	default:
		35	usage();
		36	}
		37	@@ -202,7 +205,7 @@ main(int argc, char *argv[])
13	cmdtab[0] = cmd;	38	cmdtab[0] = cmd;
14	cmdtab[1] = NULL;	39	cmdtab[1] = NULL;
15		40
Lines 18-20 Link Here
18	errx(1, "unknown host");	43	errx(1, "unknown host");
19		44
20	if ((dpy = XOpenDisplay(NULL)) == NULL)	45	if ((dpy = XOpenDisplay(NULL)) == NULL)
		46	@@ -216,7 +219,13 @@ main(int argc, char *argv[])
		47
		48	nids_register_tcp(sniff_http_client);
		49
		50	- warnx("listening on %s", nids_params.device);
		51	+ if (nids_params.filename == NULL) {
		52	+ warnx("listening on %s", nids_params.device);
		53	+ }
		54	+ else {
		55	+ warnx("using %s", nids_params.filename);
		56	+ }
		57	+
		58
		59	nids_run();
		60

Return to bug 237879

Lines 1-4 Link Here

(-)files/patch-Makefile.in (-4 / +5 lines)
1	--- Makefile.in.orig 2001-03-15 08:34:42 UTC	1	--- Makefile.in.orig 2019-05-13 13:40:23 UTC
2	+++ Makefile.in	2	+++ Makefile.in
3	@@ -26,7 +26,7 @@ LNETINC = @LNETINC@	3	@@ -26,7 +26,7 @@ LNETINC = @LNETINC@
4	LNETLIB = @LNETLIB@	4	LNETLIB = @LNETLIB@
Lines 21-27 Link Here
21		21
22	INSTALL = @INSTALL@	22	INSTALL = @INSTALL@
23	INSTALL_PROGRAM = @INSTALL_PROGRAM@	23	INSTALL_PROGRAM = @INSTALL_PROGRAM@
24	@@ -76,22 +75,23 @@ CONFIGS = dsniff.magic dsniff.services d	24	@@ -76,23 +75,24 @@ CONFIGS = dsniff.magic dsniff.services dnsspoof.hosts
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c	26	$(CC) $(CFLAGS) $(INCS) -c $(srcdir)/$*.c
27		27
Lines 48-61 Link Here
48	- $(RANLIB) $@	48	- $(RANLIB) $@
49	+nfs_prot.c: nfs_prot.x nfs_prot.h	49	+nfs_prot.c: nfs_prot.x nfs_prot.h
50	+ rpcgen -c nfs_prot.x -o $@	50	+ rpcgen -c nfs_prot.x -o $@
51	+	51
52	+nfs_prot.h: nfs_prot.x	52	+nfs_prot.h: nfs_prot.x
53	+ rpcgen -h nfs_prot.x -o $@	53	+ rpcgen -h nfs_prot.x -o $@
54	+	54	+
55	+filesnarf.c: nfs_prot.h	55	+filesnarf.c: nfs_prot.h
56		56	+
57	dsniff: $(HDRS) $(SRCS) $(OBJS)	57	dsniff: $(HDRS) $(SRCS) $(OBJS)
58	$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)	58	$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(NIDSLIB) $(PCAPLIB) $(LNETLIB) $(DBLIB) $(SSLLIB)
		59
59	@@ -156,7 +156,7 @@ install:	60	@@ -156,7 +156,7 @@ install:
60	done	61	done
61		62

Lines 1-5 Link Here

(-)files/patch-arpspoof.c (-8 / +8 lines)
1	--- ./arpspoof.c.orig 2001-03-15 09:32:58.000000000 +0100	1	--- arpspoof.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./arpspoof.c 2014-07-22 13:21:17.000000000 +0200	2	+++ arpspoof.c
3	@@ -13,7 +13,10 @@	3	@@ -13,7 +13,10 @@
4		4
5	#include <sys/types.h>	5	#include <sys/types.h>
Lines 27-33 Link Here
27	static struct ether_addr spoof_mac, target_mac;	27	static struct ether_addr spoof_mac, target_mac;
28	static in_addr_t spoof_ip, target_ip;	28	static in_addr_t spoof_ip, target_ip;
29	static char *intf;	29	static char *intf;
30	@@ -41,47 +44,49 @@	30	@@ -41,47 +44,49 @@ usage(void)
31	}	31	}
32		32
33	static int	33	static int
Lines 94-100 Link Here
94	}	94	}
95		95
96	#ifdef __linux__	96	#ifdef __linux__
97	@@ -119,7 +124,7 @@	97	@@ -119,7 +124,7 @@ arp_find(in_addr_t ip, struct ether_addr *mac)
98	/* XXX - force the kernel to arp. feh. */	98	/* XXX - force the kernel to arp. feh. */
99	arp_force(ip);	99	arp_force(ip);
100	#else	100	#else
Lines 103-109 Link Here
103	#endif	103	#endif
104	sleep(1);	104	sleep(1);
105	}	105	}
106	@@ -136,9 +141,9 @@	106	@@ -136,9 +141,9 @@ cleanup(int sig)
107	if (arp_find(spoof_ip, &spoof_mac)) {	107	if (arp_find(spoof_ip, &spoof_mac)) {
108	for (i = 0; i < 3; i++) {	108	for (i = 0; i < 3; i++) {
109	/* XXX - on BSD, requires ETHERSPOOF kernel. */	109	/* XXX - on BSD, requires ETHERSPOOF kernel. */
Lines 116-122 Link Here
116	target_ip);	116	target_ip);
117	sleep(1);	117	sleep(1);
118	}	118	}
119	@@ -151,7 +156,8 @@	119	@@ -151,7 +156,8 @@ main(int argc, char *argv[])
120	{	120	{
121	extern char *optarg;	121	extern char *optarg;
122	extern int optind;	122	extern int optind;
Lines 126-132 Link Here
126	int c;	126	int c;
127		127
128	intf = NULL;	128	intf = NULL;
129	@@ -163,7 +169,7 @@	129	@@ -163,7 +169,7 @@ main(int argc, char *argv[])
130	intf = optarg;	130	intf = optarg;
131	break;	131	break;
132	case 't':	132	case 't':
Lines 135-141 Link Here
135	usage();	135	usage();
136	break;	136	break;
137	default:	137	default:
138	@@ -176,26 +182,26 @@	138	@@ -176,26 +182,26 @@ main(int argc, char *argv[])
139	if (argc != 1)	139	if (argc != 1)
140	usage();	140	usage();
141		141

Lines 1-6 Link Here

(-)files/patch-dnsspoof.c (-11 / +11 lines)
1	--- ./dnsspoof.c.orig 2001-03-15 09:33:03.000000000 +0100	1	--- dnsspoof.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./dnsspoof.c 2014-07-22 13:20:14.000000000 +0200	2	+++ dnsspoof.c
3	@@ -38,7 +38,7 @@	3	@@ -38,7 +38,7 @@ SLIST_HEAD(, dnsent) dns_entries;
4		4
5	pcap_t *pcap_pd = NULL;	5	pcap_t *pcap_pd = NULL;
6	int pcap_off = -1;	6	int pcap_off = -1;
Lines 9-15 Link Here
9	u_long lnet_ip = -1;	9	u_long lnet_ip = -1;
10		10
11	static void	11	static void
12	@@ -90,19 +90,18 @@	12	@@ -90,19 +90,18 @@ static void
13	dns_init(char dev, char filename)	13	dns_init(char dev, char filename)
14	{	14	{
15	FILE *f;	15	FILE *f;
Lines 36-42 Link Here
36		36
37	SLIST_INIT(&dns_entries);	37	SLIST_INIT(&dns_entries);
38		38
39	@@ -180,7 +179,7 @@	39	@@ -180,7 +179,7 @@ dns_lookup_ptr(const char *name)
40	static void	40	static void
41	dns_spoof(u_char u, const struct pcap_pkthdr pkthdr, const u_char *pkt)	41	dns_spoof(u_char u, const struct pcap_pkthdr pkthdr, const u_char *pkt)
42	{	42	{
Lines 45-51 Link Here
45	struct libnet_udp_hdr *udp;	45	struct libnet_udp_hdr *udp;
46	HEADER *dns;	46	HEADER *dns;
47	char name[MAXHOSTNAMELEN];	47	char name[MAXHOSTNAMELEN];
48	@@ -189,7 +188,7 @@	48	@@ -189,7 +188,7 @@ dns_spoof(u_char u, const struct pcap_pkthdr pkthdr,
49	in_addr_t dst;	49	in_addr_t dst;
50	u_short type, class;	50	u_short type, class;
51		51
Lines 54-60 Link Here
54	udp = (struct libnet_udp_hdr )(pkt + pcap_off + (ip->ip_hl 4));	54	udp = (struct libnet_udp_hdr )(pkt + pcap_off + (ip->ip_hl 4));
55	dns = (HEADER *)(udp + 1);	55	dns = (HEADER *)(udp + 1);
56	p = (u_char *)(dns + 1);	56	p = (u_char *)(dns + 1);
57	@@ -212,7 +211,7 @@	57	@@ -212,7 +211,7 @@ dns_spoof(u_char u, const struct pcap_pkthdr pkthdr,
58	if (class != C_IN)	58	if (class != C_IN)
59	return;	59	return;
60		60
Lines 63-69 Link Here
63		63
64	if (type == T_A) {	64	if (type == T_A) {
65	if ((dst = dns_lookup_a(name)) == -1)	65	if ((dst = dns_lookup_a(name)) == -1)
66	@@ -234,38 +233,38 @@	66	@@ -234,38 +233,38 @@ dns_spoof(u_char u, const struct pcap_pkthdr pkthdr,
67	anslen += 12;	67	anslen += 12;
68	}	68	}
69	else return;	69	else return;
Lines 117-123 Link Here
117	pcap_close(pcap_pd);	117	pcap_close(pcap_pd);
118	exit(0);	118	exit(0);
119	}	119	}
120	@@ -276,6 +275,7 @@	120	@@ -276,6 +275,7 @@ main(int argc, char *argv[])
121	extern char *optarg;	121	extern char *optarg;
122	extern int optind;	122	extern int optind;
123	char p, dev, *hosts, buf[1024];	123	char p, dev, *hosts, buf[1024];
Lines 125-131 Link Here
125	int i;	125	int i;
126		126
127	dev = hosts = NULL;	127	dev = hosts = NULL;
128	@@ -306,7 +306,7 @@	128	@@ -306,7 +306,7 @@ main(int argc, char *argv[])
129	strlcpy(buf, p, sizeof(buf));	129	strlcpy(buf, p, sizeof(buf));
130	}	130	}
131	else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",	131	else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
Lines 134-140 Link Here
134		134
135	if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)	135	if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
136	errx(1, "couldn't initialize sniffing");	136	errx(1, "couldn't initialize sniffing");
137	@@ -314,10 +314,10 @@	137	@@ -314,10 +314,10 @@ main(int argc, char *argv[])
138	if ((pcap_off = pcap_dloff(pcap_pd)) < 0)	138	if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
139	errx(1, "couldn't determine link layer offset");	139	errx(1, "couldn't determine link layer offset");
140		140

Line 0 Link Here

(-)files/patch-dsniff.8 (+21 lines)
	1	--- dsniff.8.orig 2000-12-15 16:05:36 UTC
	2	+++ dsniff.8
	3	@@ -10,7 +10,7 @@ password sniffer
	4	.nf
	5	.fi
	6	\fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
	7	-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
	8	+\fIinterface\fR \| \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
	9	[\fB-t \fItrigger[,...]\fR]]
	10	[\fB-r\fR\|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
	11	.SH DESCRIPTION
	12	@@ -45,6 +45,9 @@ Enable automatic protocol detection.
	13	Do not resolve IP addresses to hostnames.
	14	.IP "\fB-i \fIinterface\fR"
	15	Specify the interface to listen on.
	16	+.IP "\fB-p \fIpcapfile\fR"
	17	+Rather than processing the contents of packets observed upon the network
	18	+process the given PCAP capture file.
	19	.IP "\fB-s \fIsnaplen\fR"
	20	Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
	21	rather than the default of 1024.

Line 0 Link Here

(-)files/patch-dsniff.c (+60 lines)
	1	--- dsniff.c.orig 2001-03-15 08:33:03 UTC
	2	+++ dsniff.c
	3	@@ -46,8 +46,9 @@ static void
	4	usage(void)
	5	{
	6	fprintf(stderr, "Version: " VERSION "\n"
	7	- "Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
	8	- " [-t trigger[,...]] [-r\|-w savefile] [expression]\n");
	9	+ "Usage: dsniff [-cdmn] [-i interface \| -p pcapfile] [-s snaplen]\n"
	10	+ " [-f services] [-t trigger[,...]] [-r\|-w savefile]\n"
	11	+ " [expression]\n");
	12	exit(1);
	13	}
	14
	15	@@ -79,7 +80,7 @@ main(int argc, char *argv[])
	16
	17	services = savefile = triggers = NULL;
	18
	19	- while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
	20	+ while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
	21	switch (c) {
	22	case 'c':
	23	Opt_client = 1;
	24	@@ -99,6 +100,9 @@ main(int argc, char *argv[])
	25	case 'n':
	26	Opt_dns = 0;
	27	break;
	28	+ case 'p':
	29	+ nids_params.filename = optarg;
	30	+ break;
	31	case 'r':
	32	Opt_read = 1;
	33	savefile = optarg;
	34	@@ -168,10 +172,23 @@ main(int argc, char *argv[])
	35	else nids_register_tcp(trigger_tcp);
	36
	37	if (nids_params.pcap_filter != NULL) {
	38	- warnx("listening on %s [%s]", nids_params.device,
	39	- nids_params.pcap_filter);
	40	+ if (nids_params.filename == NULL) {
	41	+ warnx("listening on %s [%s]", nids_params.device,
	42	+ nids_params.pcap_filter);
	43	+ }
	44	+ else {
	45	+ warnx("using %s [%s]", nids_params.filename,
	46	+ nids_params.pcap_filter);
	47	+ }
	48	}
	49	- else warnx("listening on %s", nids_params.device);
	50	+ else {
	51	+ if (nids_params.filename == NULL) {
	52	+ warnx("listening on %s", nids_params.device);
	53	+ }
	54	+ else {
	55	+ warnx("using %s", nids_params.filename);
	56	+ }
	57	+ }
	58
	59	nids_run();
	60

Line 0 Link Here

(-)files/patch-filesnarf.8 (+20 lines)
	1	--- filesnarf.8.orig 2000-11-19 06:23:33 UTC
	2	+++ filesnarf.8
	3	@@ -9,7 +9,7 @@ sniff files from NFS traffic
	4	.na
	5	.nf
	6	.fi
	7	-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	8	+\fBfilesnarf\fR [\fB-i \fIinterface\fR \| \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	9	.SH DESCRIPTION
	10	.ad
	11	.fi
	12	@@ -18,6 +18,8 @@ working directory.
	13	.SH OPTIONS
	14	.IP "\fB-i \fIinterface\fR"
	15	Specify the interface to listen on.
	16	+.IP "\fB-p \fIpcapfile\fR"
	17	+Process packets from the specified PCAP capture file instead of the network.
	18	.IP \fB-v\fR
	19	"Versus" mode. Invert the sense of matching, to select non-matching
	20	files.

Lines 1-6 Link Here

(-)files/patch-macof.c (-9 / +9 lines)
1	--- ./macof.c.orig 2001-03-15 09:33:04.000000000 +0100	1	--- macof.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./macof.c 2014-07-22 13:20:14.000000000 +0200	2	+++ macof.c
3	@@ -48,8 +48,8 @@	3	@@ -48,8 +48,8 @@ usage(void)
4	static void	4	static void
5	gen_mac(u_char *mac)	5	gen_mac(u_char *mac)
6	{	6	{
Lines 11-17 Link Here
11	}	11	}
12		12
13	int	13	int
14	@@ -59,22 +59,23 @@	14	@@ -59,22 +59,23 @@ main(int argc, char *argv[])
15	extern int optind;	15	extern int optind;
16	int c, i;	16	int c, i;
17	struct libnet_link_int *llif;	17	struct libnet_link_int *llif;
Lines 39-45 Link Here
39	break;	39	break;
40	case 'e':	40	case 'e':
41	Tha = (u_char *)ether_aton(optarg);	41	Tha = (u_char *)ether_aton(optarg);
42	@@ -101,13 +102,13 @@	42	@@ -101,13 +102,13 @@ main(int argc, char *argv[])
43	if (argc != 0)	43	if (argc != 0)
44	usage();	44	usage();
45		45
Lines 58-64 Link Here
58		58
59	for (i = 0; i != Repeat; i++) {	59	for (i = 0; i != Repeat; i++) {
60		60
61	@@ -117,39 +118,39 @@	61	@@ -117,39 +118,39 @@ main(int argc, char *argv[])
62	else memcpy(tha, Tha, sizeof(tha));	62	else memcpy(tha, Tha, sizeof(tha));
63		63
64	if (Src != 0) src = Src;	64	if (Src != 0) src = Src;
Lines 78-90 Link Here
78	+ else dport = libnet_get_prand(LIBNET_PRu16);	78	+ else dport = libnet_get_prand(LIBNET_PRu16);
79		79
80	- seq = libnet_get_prand(PRu32);	80	- seq = libnet_get_prand(PRu32);
81	-	81	+ seq = libnet_get_prand(LIBNET_PRu32);
		82
82	- libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);	83	- libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);
83	-	84	-
84	- libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,	85	- libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,
85	- IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);	86	- IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);
86	+ seq = libnet_get_prand(LIBNET_PRu32);	87	-
87
88	libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,	88	libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,
89	- 0, NULL, 0, pkt + ETH_H + IP_H);	89	- 0, NULL, 0, pkt + ETH_H + IP_H);
90	+ 0, 0, LIBNET_TCP_H, NULL, 0, l, 0);	90	+ 0, 0, LIBNET_TCP_H, NULL, 0, l, 0);

Line 0 Link Here

(-)files/patch-mailsnarf.8 (+20 lines)
	1	--- mailsnarf.8.orig 2000-11-19 06:09:28 UTC
	2	+++ mailsnarf.8
	3	@@ -9,7 +9,7 @@ sniff mail messages in Berkeley mbox format
	4	.na
	5	.nf
	6	.fi
	7	-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	8	+\fBmailsnarf\fR [\fB-i \fIinterface\fR \| \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	9	.SH DESCRIPTION
	10	.ad
	11	.fi
	12	@@ -19,6 +19,8 @@ your favorite mail reader (mail(1), pine(1), etc.).
	13	.SH OPTIONS
	14	.IP "\fB-i \fIinterface\fR"
	15	Specify the interface to listen on.
	16	+.IP "\fB-p \fIpcapfile\fR"
	17	+Process packets from the specified PCAP capture file instead of the network.
	18	.IP \fB-v\fR
	19	"Versus" mode. Invert the sense of matching, to select non-matching
	20	messages.

Line 0 Link Here

(-)files/patch-mailsnarf.c (+54 lines)
	1	--- mailsnarf.c.orig 2001-03-15 08:33:04 UTC
	2	+++ mailsnarf.c
	3	@@ -59,7 +59,7 @@ static void
	4	usage(void)
	5	{
	6	fprintf(stderr, "Version: " VERSION "\n"
	7	- "Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
	8	+ "Usage: mailsnarf [-i interface \| -p pcapfile] [[-v] pattern [expression]]\n");
	9	exit(1);
	10	}
	11
	12	@@ -344,11 +344,14 @@ main(int argc, char *argv[])
	13	extern int optind;
	14	int c;
	15
	16	- while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
	17	+ while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
	18	switch (c) {
	19	case 'i':
	20	nids_params.device = optarg;
	21	break;
	22	+ case 'p':
	23	+ nids_params.filename = optarg;
	24	+ break;
	25	case 'v':
	26	Opt_invert = 1;
	27	break;
	28	@@ -378,10 +381,23 @@ main(int argc, char *argv[])
	29	nids_register_tcp(sniff_pop_session);
	30
	31	if (nids_params.pcap_filter != NULL) {
	32	- warnx("listening on %s [%s]", nids_params.device,
	33	- nids_params.pcap_filter);
	34	+ if (nids_params.filename == NULL) {
	35	+ warnx("listening on %s [%s]", nids_params.device,
	36	+ nids_params.pcap_filter);
	37	+ }
	38	+ else {
	39	+ warnx("using %s [%s]", nids_params.filename,
	40	+ nids_params.pcap_filter);
	41	+ }
	42	}
	43	- else warnx("listening on %s", nids_params.device);
	44	+ else {
	45	+ if (nids_params.filename == NULL) {
	46	+ warnx("listening on %s", nids_params.device);
	47	+ }
	48	+ else {
	49	+ warnx("using %s", nids_params.filename);
	50	+ }
	51	+ }
	52
	53	nids_run();
	54

Line 0 Link Here

(-)files/patch-msgsnarf.8 (+20 lines)
	1	--- msgsnarf.8.orig 2000-11-19 06:10:50 UTC
	2	+++ msgsnarf.8
	3	@@ -9,7 +9,7 @@ sniff chat messages
	4	.na
	5	.nf
	6	.fi
	7	-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	8	+\fBmsgsnarf\fR [\fB-i \fIinterface\fR \| \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	9	.SH DESCRIPTION
	10	.ad
	11	.fi
	12	@@ -19,6 +19,8 @@ sessions.
	13	.SH OPTIONS
	14	.IP "\fB-i \fIinterface\fR"
	15	Specify the interface to listen on.
	16	+.IP "\fB-p \fIpcapfile\fR"
	17	+Process packets from the specified PCAP capture file instead of the network.
	18	.IP \fB-v\fR
	19	"Versus" mode. Invert the sense of matching, to select non-matching
	20	messages.

Line 0 Link Here

(-)files/patch-msgsnarf.c (+57 lines)
	1	--- msgsnarf.c.orig 2001-03-15 08:33:04 UTC
	2	+++ msgsnarf.c
	3	@@ -44,7 +44,7 @@ static void
	4	usage(void)
	5	{
	6	fprintf(stderr, "Version: " VERSION "\n"
	7	- "Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
	8	+ "Usage: msgsnarf [-i interface \| -p pcapfile] [[-v] pattern [expression]]\n");
	9	exit(1);
	10	}
	11
	12	@@ -632,11 +632,14 @@ main(int argc, char *argv[])
	13	extern int optind;
	14	int c;
	15
	16	- while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
	17	+ while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
	18	switch (c) {
	19	case 'i':
	20	nids_params.device = optarg;
	21	break;
	22	+ case 'p':
	23	+ nids_params.filename = optarg;
	24	+ break;
	25	case 'v':
	26	Opt_invert = 1;
	27	break;
	28	@@ -665,11 +668,24 @@ main(int argc, char *argv[])
	29
	30	nids_register_tcp(sniff_msgs);
	31
	32	- if (nids_params.pcap_filter != NULL) {
	33	- warnx("listening on %s [%s]", nids_params.device,
	34	- nids_params.pcap_filter);
	35	- }
	36	- else warnx("listening on %s", nids_params.device);
	37	+ if (nids_params.pcap_filter != NULL) {
	38	+ if (nids_params.filename == NULL) {
	39	+ warnx("listening on %s [%s]", nids_params.device,
	40	+ nids_params.pcap_filter);
	41	+ }
	42	+ else {
	43	+ warnx("using %s [%s]", nids_params.filename,
	44	+ nids_params.pcap_filter);
	45	+ }
	46	+ }
	47	+ else {
	48	+ if (nids_params.filename == NULL) {
	49	+ warnx("listening on %s", nids_params.device);
	50	+ }
	51	+ else {
	52	+ warnx("using %s", nids_params.filename);
	53	+ }
	54	+ }
	55
	56	nids_run();
	57

Lines 1-55 Link Here

(-)files/patch-sshmitm.c (-14 / +14 lines)
1	--- ./sshmitm.c.orig 2001-03-15 09:33:04.000000000 +0100	1	--- sshmitm.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./sshmitm.c 2014-07-22 13:20:14.000000000 +0200	2	+++ sshmitm.c
3	@@ -41,7 +41,7 @@	3	@@ -41,7 +41,7 @@ int mitm_fd;
4	int client_fd, server_fd;	4	int client_fd, server_fd;
5	SSH_CTX ssh_client_ctx, ssh_server_ctx;	5	SSH_CTX ssh_client_ctx, ssh_server_ctx;
6	SSH ssh_client, ssh_server;	6	SSH ssh_client, ssh_server;
7	-struct sockaddr_in csin, ssin;	7	-struct sockaddr_in csin, ssin;
8	+struct sockaddr_in ________csin, ssin;	8	+struct sockaddr_in _________csin, ssin;
9	int sig_pipe[2];	9	int sig_pipe[2];
10		10
11	static void	11	static void
12	@@ -148,7 +148,7 @@	12	@@ -148,7 +148,7 @@ mitm_child(void)
13		13
14	if (Opt_debug)	14	if (Opt_debug)
15	warnx("new connection from %s.%d",	15	warnx("new connection from %s.%d",
16	- inet_ntoa(csin.sin_addr), ntohs(csin.sin_port));	16	- inet_ntoa(csin.sin_addr), ntohs(csin.sin_port));
17	+ inet_ntoa(________csin.sin_addr), ntohs(________csin.sin_port));	17	+ inet_ntoa(_________csin.sin_addr), ntohs(_________csin.sin_port));
18		18
19	if (fcntl(client_fd, F_SETFL, 0) == -1)	19	if (fcntl(client_fd, F_SETFL, 0) == -1)
20	err(1, "fcntl");	20	err(1, "fcntl");
21	@@ -237,10 +237,10 @@	21	@@ -237,10 +237,10 @@ mitm_child(void)
22	}	22	}
23	else {	23	else {
24	pass_done = 1;	24	pass_done = 1;
25	- record(csin.sin_addr.s_addr,	25	- record(csin.sin_addr.s_addr,
26	+ record(________csin.sin_addr.s_addr,	26	+ record(_________csin.sin_addr.s_addr,
27	ssin.sin_addr.s_addr,	27	ssin.sin_addr.s_addr,
28	IPPROTO_TCP,	28	IPPROTO_TCP,
29	- ntohs(csin.sin_port),	29	- ntohs(csin.sin_port),
30	+ ntohs(________csin.sin_port),	30	+ ntohs(_________csin.sin_port),
31	ntohs(ssin.sin_port), "ssh",	31	ntohs(ssin.sin_port), "ssh",
32	userpass, strlen(userpass));	32	userpass, strlen(userpass));
33	}	33	}
34	@@ -326,7 +326,7 @@	34	@@ -326,7 +326,7 @@ mitm_run(void)
35	if (errno != EINTR)	35	if (errno != EINTR)
36	err(1, "select");	36	err(1, "select");
37	}	37	}
38	- i = sizeof(csin);	38	- i = sizeof(csin);
39	+ i = sizeof(________csin);	39	+ i = sizeof(_________csin);
40		40
41	if (FD_ISSET(sig_pipe[0], &fds)) {	41	if (FD_ISSET(sig_pipe[0], &fds)) {
42	while (read(sig_pipe[0], buf, 1) == 1)	42	while (read(sig_pipe[0], buf, 1) == 1)
43	@@ -336,7 +336,7 @@	43	@@ -336,7 +336,7 @@ mitm_run(void)
44	}	44	}
45	if (FD_ISSET(mitm_fd, &fds)) {	45	if (FD_ISSET(mitm_fd, &fds)) {
46	client_fd = accept(mitm_fd,	46	client_fd = accept(mitm_fd,
47	- (struct sockaddr *)&csin, &i);	47	- (struct sockaddr *)&csin, &i);
48	+ (struct sockaddr *)&________csin, &i);	48	+ (struct sockaddr *)&_________csin, &i);
49		49
50	if (client_fd >= 0) {	50	if (client_fd >= 0) {
51	if (fork() == 0) {	51	if (fork() == 0) {
52	@@ -389,7 +389,7 @@	52	@@ -389,7 +389,7 @@ main(int argc, char *argv[])
53	if (argc < 1)	53	if (argc < 1)
54	usage();	54	usage();
55		55

Line 0 Link Here

(-)files/patch-sshow.8 (+20 lines)
	1	--- sshow.8.orig 2001-03-17 05:37:47 UTC
	2	+++ sshow.8
	3	@@ -9,7 +9,7 @@ SSH traffic analysis tool
	4	.na
	5	.nf
	6	.fi
	7	-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
	8	+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR \| \fB-p \fIpcapfile\fR] [\fIexpression\fR]
	9	.SH DESCRIPTION
	10	.ad
	11	.fi
	12	@@ -28,6 +28,8 @@ The following advisory describes the attacks implement
	13	Enable verbose debugging output.
	14	.IP "\fB-i \fIinterface\fR"
	15	Specify the interface to listen on.
	16	+.IP "\fB-p \fIpcapfile\fR"
	17	+Process packets from the specified PCAP capture file instead of the network.
	18	.IP "\fIexpression\fR"
	19	Specify a tcpdump(8) filter expression to select traffic to sniff.
	20	.SH "SEE ALSO"

Line 0 Link Here

(-)files/patch-sshow.c (+60 lines)
	1	--- sshow.c.orig 2001-03-19 06:52:15 UTC
	2	+++ sshow.c
	3	@@ -81,7 +81,7 @@ static clock_t now;
	4	static void
	5	usage(void)
	6	{
	7	- fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
	8	+ fprintf(stderr, "Usage: sshow [-d] [-i interface \| -p pcapfile]\n");
	9	exit(1);
	10	}
	11
	12	@@ -615,7 +615,7 @@ main(int argc, char *argv[])
	13	extern int optind;
	14	int c;
	15
	16	- while ((c = getopt(argc, argv, "di:h?")) != -1) {
	17	+ while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
	18	switch (c) {
	19	case 'd':
	20	debug++;
	21	@@ -623,6 +623,9 @@ main(int argc, char *argv[])
	22	case 'i':
	23	nids_params.device = optarg;
	24	break;
	25	+ case 'p':
	26	+ nids_params.filename = optarg;
	27	+ break;
	28	default:
	29	usage();
	30	break;
	31	@@ -651,11 +654,24 @@ main(int argc, char *argv[])
	32
	33	nids_register_tcp(process_event);
	34
	35	- if (nids_params.pcap_filter != NULL) {
	36	- warnx("listening on %s [%s]", nids_params.device,
	37	- nids_params.pcap_filter);
	38	- }
	39	- else warnx("listening on %s", nids_params.device);
	40	+ if (nids_params.pcap_filter != NULL) {
	41	+ if (nids_params.filename == NULL) {
	42	+ warnx("listening on %s [%s]", nids_params.device,
	43	+ nids_params.pcap_filter);
	44	+ }
	45	+ else {
	46	+ warnx("using %s [%s]", nids_params.filename,
	47	+ nids_params.pcap_filter);
	48	+ }
	49	+ }
	50	+ else {
	51	+ if (nids_params.filename == NULL) {
	52	+ warnx("listening on %s", nids_params.device);
	53	+ }
	54	+ else {
	55	+ warnx("using %s", nids_params.filename);
	56	+ }
	57	+ }
	58
	59	nids_run();
	60

Lines 1-6 Link Here

(-)files/patch-tcpkill.c (-8 / +9 lines)
1	--- ./tcpkill.c.orig 2001-03-17 09:10:43.000000000 +0100	1	--- tcpkill.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./tcpkill.c 2014-07-22 13:20:14.000000000 +0200	2	+++ tcpkill.c
3	@@ -39,17 +39,18 @@	3	@@ -39,17 +39,18 @@ usage(void)
4	static void	4	static void
5	tcp_kill_cb(u_char user, const struct pcap_pkthdr pcap, const u_char *pkt)	5	tcp_kill_cb(u_char user, const struct pcap_pkthdr pcap, const u_char *pkt)
6	{	6	{
Lines 24-30 Link Here
24	if (ip->ip_p != IPPROTO_TCP)	24	if (ip->ip_p != IPPROTO_TCP)
25	return;	25	return;
26		26
27	@@ -57,34 +58,31 @@	27	@@ -57,35 +58,32 @@ tcp_kill_cb(u_char user, const struct pcap_pkthdr pc
28	if (tcp->th_flags & (TH_SYN\|TH_FIN\|TH_RST))	28	if (tcp->th_flags & (TH_SYN\|TH_FIN\|TH_RST))
29	return;	29	return;
30		30
Lines 62-68 Link Here
62	+ libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),	62	+ libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
63	+ seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H,	63	+ seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H,
64	+ NULL, 0, l, 0);	64	+ NULL, 0, l, 0);
65	+	65
66	+ libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,	66	+ libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
67	+ libnet_get_prand(LIBNET_PRu16), 0, 64,	67	+ libnet_get_prand(LIBNET_PRu16), 0, 64,
68	+ IPPROTO_TCP, 0, ip->ip_dst.s_addr,	68	+ IPPROTO_TCP, 0, ip->ip_dst.s_addr,
Lines 70-79 Link Here
70	+	70	+
71	+ if (libnet_write(l) < 0)	71	+ if (libnet_write(l) < 0)
72	+ warn("write");	72	+ warn("write");
73		73	+
74	fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq);	74	fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq);
75	}	75	}
76	@@ -95,8 +93,10 @@	76	}
		77	@@ -95,8 +93,10 @@ main(int argc, char *argv[])
77	{	78	{
78	extern char *optarg;	79	extern char *optarg;
79	extern int optind;	80	extern int optind;
Lines 85-91 Link Here
85	pcap_t *pd;	86	pcap_t *pd;
86		87
87	intf = NULL;	88	intf = NULL;
88	@@ -136,14 +136,14 @@	89	@@ -136,14 +136,14 @@ main(int argc, char *argv[])
89	if ((pcap_off = pcap_dloff(pd)) < 0)	90	if ((pcap_off = pcap_dloff(pd)) < 0)
90	errx(1, "couldn't determine link layer offset");	91	errx(1, "couldn't determine link layer offset");
91		92

Lines 1-6 Link Here

(-)files/patch-trigger.c (-5 / +5 lines)
1	--- ./trigger.c.orig 2001-03-15 09:33:05.000000000 +0100	1	--- trigger.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./trigger.c 2014-07-22 13:20:14.000000000 +0200	2	+++ trigger.c
3	@@ -276,7 +276,7 @@	3	@@ -276,7 +276,7 @@ trigger_dump(void)
4	}	4	}
5		5
6	void	6	void
Lines 9-15 Link Here
9	{	9	{
10	struct trigger *t, tr;	10	struct trigger *t, tr;
11	u_char *buf;	11	u_char *buf;
12	@@ -305,7 +305,7 @@	12	@@ -305,7 +305,7 @@ trigger_ip(struct libnet_ip_hdr *ip)
13		13
14	/* libnids needs a nids_register_udp()... */	14	/* libnids needs a nids_register_udp()... */
15	void	15	void
Lines 18-24 Link Here
18	{	18	{
19	struct trigger *t, tr;	19	struct trigger *t, tr;
20	struct libnet_udp_hdr *udp;	20	struct libnet_udp_hdr *udp;
21	@@ -437,7 +437,7 @@	21	@@ -437,7 +437,7 @@ trigger_tcp(struct tcp_stream ts, void *conn_save)
22	}	22	}
23		23
24	void	24	void

Line 0 Link Here

(-)files/patch-urlsnarf.8 (+21 lines)
	1	--- urlsnarf.8.orig 2000-11-19 06:24:51 UTC
	2	+++ urlsnarf.8
	3	@@ -9,7 +9,7 @@ sniff HTTP requests in Common Log Format
	4	.na
	5	.nf
	6	.fi
	7	-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	8	+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR \| \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
	9	.SH DESCRIPTION
	10	.ad
	11	.fi
	12	@@ -21,6 +21,9 @@ offline post-processing with your favorite web log ana
	13	.IP \fB-n\fR
	14	Do not resolve IP addresses to hostnames.
	15	.IP "\fB-i \fIinterface\fR"
	16	+Specify the interface to listen on.
	17	+.IP "\fB-p \fIpcapfile\fR"
	18	+Process packets from the specified PCAP capture file instead of the network.
	19	.IP \fB-v\fR
	20	"Versus" mode. Invert the sense of matching, to select non-matching
	21	URLs.

Lines 1-26 Link Here

(-)files/patch-webmitm.c (-20 / +20 lines)
1	--- ./webmitm.c.orig 2001-03-17 09:35:05.000000000 +0100	1	--- webmitm.c.orig 2019-05-13 13:40:23 UTC
2	+++ ./webmitm.c 2014-07-22 13:20:14.000000000 +0200	2	+++ webmitm.c
3	@@ -43,7 +43,7 @@	3	@@ -43,7 +43,7 @@ int http_fd, https_fd;
4	int client_fd, server_fd;	4	int client_fd, server_fd;
5	SSL_CTX ssl_client_ctx, ssl_server_ctx;	5	SSL_CTX ssl_client_ctx, ssl_server_ctx;
6	SSL ssl_client, ssl_server;	6	SSL ssl_client, ssl_server;
7	-struct sockaddr_in csin, ssin;	7	-struct sockaddr_in csin, ssin;
8	+struct sockaddr_in ________csin, ssin;	8	+struct sockaddr_in _________csin, ssin;
9	int do_ssl, sig_pipe[2];	9	int do_ssl, sig_pipe[2];
10	in_addr_t static_host = 0;	10	in_addr_t static_host = 0;
11		11
12	@@ -101,8 +101,8 @@	12	@@ -101,8 +101,8 @@ grep_passwords(char *buf, int len)
13	char obuf[1024];	13	char obuf[1024];
14		14
15	if ((len = decode_http(buf, len, obuf, sizeof(obuf))) > 0) {	15	if ((len = decode_http(buf, len, obuf, sizeof(obuf))) > 0) {
16	- record(csin.sin_addr.s_addr, ssin.sin_addr.s_addr,	16	- record(csin.sin_addr.s_addr, ssin.sin_addr.s_addr,
17	- IPPROTO_TCP, ntohs(csin.sin_port), ntohs(ssin.sin_port),	17	- IPPROTO_TCP, ntohs(csin.sin_port), ntohs(ssin.sin_port),
18	+ record(________csin.sin_addr.s_addr, ssin.sin_addr.s_addr,	18	+ record(_________csin.sin_addr.s_addr, ssin.sin_addr.s_addr,
19	+ IPPROTO_TCP, ntohs(________csin.sin_port), ntohs(ssin.sin_port),	19	+ IPPROTO_TCP, ntohs(_________csin.sin_port), ntohs(ssin.sin_port),
20	"http", obuf, len);	20	"http", obuf, len);
21	}	21	}
22	}	22	}
23	@@ -242,7 +242,7 @@	23	@@ -242,7 +242,7 @@ server_init(char *buf, int size)
24	word = buf_tok(&msg, "/", 1);	24	word = buf_tok(&msg, "/", 1);
25	vhost = buf_strdup(word);	25	vhost = buf_strdup(word);
26	}	26	}
Lines 29-85 Link Here
29	free(vhost);	29	free(vhost);
30		30
31	if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) \|\|	31	if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) \|\|
32	@@ -355,7 +355,7 @@	32	@@ -355,7 +355,7 @@ mitm_child(void)
33		33
34	if (Opt_debug)	34	if (Opt_debug)
35	warnx("new connection from %s.%d",	35	warnx("new connection from %s.%d",
36	- inet_ntoa(csin.sin_addr), ntohs(csin.sin_port));	36	- inet_ntoa(csin.sin_addr), ntohs(csin.sin_port));
37	+ inet_ntoa(________csin.sin_addr), ntohs(________csin.sin_port));	37	+ inet_ntoa(_________csin.sin_addr), ntohs(_________csin.sin_port));
38		38
39	client_init();	39	client_init();
40		40
41	@@ -363,7 +363,7 @@	41	@@ -363,7 +363,7 @@ mitm_child(void)
42	err(1, "client_request");	42	err(1, "client_request");
43		43
44	if (Opt_debug)	44	if (Opt_debug)
45	- warnx("%d bytes from %s", i, inet_ntoa(csin.sin_addr));	45	- warnx("%d bytes from %s", i, inet_ntoa(csin.sin_addr));
46	+ warnx("%d bytes from %s", i, inet_ntoa(________csin.sin_addr));	46	+ warnx("%d bytes from %s", i, inet_ntoa(_________csin.sin_addr));
47		47
48	if (Opt_debug > 1)	48	if (Opt_debug > 1)
49	write(STDERR_FILENO, buf, i);	49	write(STDERR_FILENO, buf, i);
50	@@ -393,7 +393,7 @@	50	@@ -393,7 +393,7 @@ mitm_child(void)
51		51
52	if (Opt_debug)	52	if (Opt_debug)
53	warnx("%d bytes from %s",	53	warnx("%d bytes from %s",
54	- i, inet_ntoa(csin.sin_addr));	54	- i, inet_ntoa(csin.sin_addr));
55	+ i, inet_ntoa(________csin.sin_addr));	55	+ i, inet_ntoa(_________csin.sin_addr));
56		56
57	if (Opt_debug > 1)	57	if (Opt_debug > 1)
58	write(STDERR_FILENO, buf, i);	58	write(STDERR_FILENO, buf, i);
59	@@ -456,7 +456,7 @@	59	@@ -456,7 +456,7 @@ mitm_run(void)
60	if (errno != EINTR)	60	if (errno != EINTR)
61	err(1, "select");	61	err(1, "select");
62	}	62	}
63	- i = sizeof(csin);	63	- i = sizeof(csin);
64	+ i = sizeof(________csin);	64	+ i = sizeof(_________csin);
65		65
66	if (FD_ISSET(sig_pipe[0], &fds)) {	66	if (FD_ISSET(sig_pipe[0], &fds)) {
67	while (read(sig_pipe[0], &i, 1) == 1)	67	while (read(sig_pipe[0], &i, 1) == 1)
68	@@ -466,11 +466,11 @@	68	@@ -466,11 +466,11 @@ mitm_run(void)
69	continue;	69	continue;
70	}	70	}
71	if (FD_ISSET(http_fd, &fds)) {	71	if (FD_ISSET(http_fd, &fds)) {
72	- client_fd = accept(http_fd, (struct sockaddr *)&csin, &i);	72	- client_fd = accept(http_fd, (struct sockaddr *)&csin, &i);
73	+ client_fd = accept(http_fd, (struct sockaddr *)&________csin, &i);	73	+ client_fd = accept(http_fd, (struct sockaddr *)&_________csin, &i);
74	do_ssl = 0;	74	do_ssl = 0;
75	}	75	}
76	else if (FD_ISSET(https_fd, &fds)) {	76	else if (FD_ISSET(https_fd, &fds)) {
77	- client_fd = accept(https_fd, (struct sockaddr *)&csin, &i);	77	- client_fd = accept(https_fd, (struct sockaddr *)&csin, &i);
78	+ client_fd = accept(https_fd, (struct sockaddr *)&________csin, &i);	78	+ client_fd = accept(https_fd, (struct sockaddr *)&_________csin, &i);
79	do_ssl = 1;	79	do_ssl = 1;
80	}	80	}
81	else errx(1, "select failure");	81	else errx(1, "select failure");
82	@@ -510,7 +510,7 @@	82	@@ -510,7 +510,7 @@ main(int argc, char *argv[])
83	argv += optind;	83	argv += optind;
84		84
85	if (argc == 1) {	85	if (argc == 1) {

Line 0 Link Here

(-)files/patch-webspy.8 (+20 lines)
	1	--- webspy.8.orig 2000-11-14 15:51:05 UTC
	2	+++ webspy.8
	3	@@ -9,7 +9,7 @@ display sniffed URLs in Netscape in real-time
	4	.na
	5	.nf
	6	.fi
	7	-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
	8	+\fBwebspy\fR [\fB-i \fIinterface\fR \| \fB-p \fIpcapfile\fR] \fIhost\fR
	9	.SH DESCRIPTION
	10	.ad
	11	.fi
	12	@@ -20,6 +20,8 @@ running on your local X display ahead of time.
	13	.SH OPTIONS
	14	.IP "\fB-i \fIinterface\fR"
	15	Specify the interface to listen on.
	16	+.IP "\fB-p \fIpcapfile\fR"
	17	+Process packets from the specified PCAP capture file instead of the network.
	18	.IP \fIhost\fR
	19	Specify the web client to spy on.
	20	.SH "SEE ALSO"