snifftest.c 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233
  1. /* snifftest.c
  2. *
  3. * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
  4. *
  5. * This file is part of CyaSSL.
  6. *
  7. * CyaSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * CyaSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  20. */
  21. #ifdef _WIN32
  22. #define CYASSL_SNIFFER
  23. #endif
  24. #ifndef CYASSL_SNIFFER
  25. /* blank build */
  26. #include <stdio.h>
  27. int main()
  28. {
  29. printf("do ./configure --enable-sniffer to enable build support\n");
  30. return 0;
  31. }
  32. #else
  33. /* do a full build */
  34. #ifdef _MSC_VER
  35. /* builds on *nix too, for scanf device and port */
  36. #define _CRT_SECURE_NO_WARNINGS
  37. #endif
  38. #include <pcap/pcap.h> /* pcap stuff */
  39. #include <stdio.h> /* printf */
  40. #include <stdlib.h> /* EXIT_SUCCESS */
  41. #include <signal.h> /* signal */
  42. #include "sniffer.h"
  43. #ifndef _WIN32
  44. #include <arpa/inet.h>
  45. #endif
  46. typedef unsigned char byte;
  47. enum {
  48. ETHER_IF_FRAME_LEN = 14, /* ethernet interface frame length */
  49. LOCAL_IF_FRAME_LEN = 4, /* localhost interface frame length */
  50. };
  51. pcap_t* pcap = 0;
  52. pcap_if_t *alldevs;
  53. static void sig_handler(const int sig)
  54. {
  55. printf("SIGINT handled.\n");
  56. if (pcap)
  57. pcap_close(pcap);
  58. pcap_freealldevs(alldevs);
  59. #ifndef _WIN32
  60. ssl_FreeSniffer();
  61. #endif
  62. exit(EXIT_SUCCESS);
  63. }
  64. void err_sys(const char* msg)
  65. {
  66. fprintf(stderr, "%s\n", msg);
  67. exit(EXIT_FAILURE);
  68. }
  69. #ifdef _WIN32
  70. #define SNPRINTF _snprintf
  71. #else
  72. #define SNPRINTF snprintf
  73. #endif
  74. char* iptos(unsigned int addr)
  75. {
  76. static char output[32];
  77. byte *p = (byte*)&addr;
  78. SNPRINTF(output, sizeof(output), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
  79. return output;
  80. }
  81. int main(int argc, char** argv)
  82. {
  83. int ret;
  84. int inum;
  85. int port;
  86. int i = 0;
  87. char err[PCAP_ERRBUF_SIZE];
  88. char filter[32];
  89. char loopback = 0;
  90. char *server = NULL;
  91. struct bpf_program fp;
  92. pcap_if_t *d;
  93. pcap_addr_t *a;
  94. signal(SIGINT, sig_handler);
  95. #ifndef _WIN32
  96. ssl_InitSniffer();
  97. #endif
  98. ssl_Trace("./tracefile.txt", err);
  99. if (pcap_findalldevs(&alldevs, err) == -1)
  100. err_sys("Error in pcap_findalldevs");
  101. for (d = alldevs; d; d=d->next) {
  102. printf("%d. %s", ++i, d->name);
  103. if (d->description)
  104. printf(" (%s)\n", d->description);
  105. else
  106. printf(" (No description available)\n");
  107. }
  108. if (i == 0)
  109. err_sys("No interfaces found! Make sure pcap or WinPcap is installed "
  110. "correctly and you have sufficient permissions");
  111. printf("Enter the interface number (1-%d): ", i);
  112. scanf("%d", &inum);
  113. if (inum < 1 || inum > i)
  114. err_sys("Interface number out of range");
  115. /* Jump to the selected adapter */
  116. for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
  117. pcap = pcap_create(d->name, err);
  118. if (pcap == NULL) printf("pcap_create failed %s\n", err);
  119. if (d->flags & PCAP_IF_LOOPBACK)
  120. loopback = 1;
  121. /* get an IPv4 address */
  122. for (a = d->addresses; a; a = a->next) {
  123. switch(a->addr->sa_family)
  124. {
  125. case AF_INET:
  126. server =iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
  127. printf("server = %s\n", server);
  128. break;
  129. }
  130. }
  131. if (server == NULL)
  132. err_sys("Unable to get device IPv4 address");
  133. ret = pcap_set_snaplen(pcap, 65536);
  134. if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
  135. ret = pcap_set_timeout(pcap, 1000);
  136. if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
  137. ret = pcap_set_buffer_size(pcap, 1000000);
  138. if (ret != 0)
  139. printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
  140. ret = pcap_set_promisc(pcap, 1);
  141. if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
  142. ret = pcap_activate(pcap);
  143. if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
  144. printf("Enter the port to scan: ");
  145. scanf("%d", &port);
  146. SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
  147. ret = pcap_compile(pcap, &fp, filter, 0, 0);
  148. if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
  149. ret = pcap_setfilter(pcap, &fp);
  150. if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
  151. ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
  152. FILETYPE_PEM, NULL, err);
  153. if (ret != 0)
  154. err_sys(err);
  155. while (1) {
  156. struct pcap_pkthdr header;
  157. const unsigned char* packet = pcap_next(pcap, &header);
  158. if (packet) {
  159. byte data[65535];
  160. if (header.caplen > 40) { /* min ip(20) + min tcp(20) */
  161. int frame = ETHER_IF_FRAME_LEN;
  162. if (loopback)
  163. frame = LOCAL_IF_FRAME_LEN;
  164. packet += frame;
  165. header.caplen -= frame;
  166. }
  167. else
  168. continue;
  169. ret = ssl_DecodePacket(packet, header.caplen, data, err);
  170. if (ret < 0)
  171. printf("ssl_Decode ret = %d, %s\n", ret, err);
  172. if (ret > 0) {
  173. data[ret] = 0;
  174. printf("SSL App Data:%s\n", data);
  175. }
  176. }
  177. }
  178. return 0;
  179. }
  180. #endif /* full build */