Improved credentials check in IRC

author: Luca Deri <deri@ntop.org> 2022-10-05 22:51:20 +0200
committer: Luca Deri <deri@ntop.org> 2022-10-05 22:51:20 +0200
commit: 199c86e3df8da0b4734193df8424cd4a62768ae8 (patch)
tree: 26dc6e993688269fc38bd5051d7e9bdb16d9c488 /src/lib/protocols
parent: 37c88b129f6f5a3475dc6364cc4a898df9ff37ab (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c
index 80de27417..367ec86bd 100644
--- a/src/lib/protocols/irc.c
+++ b/src/lib/protocols/irc.c
@@ -391,6 +391,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
 	  goto detected_irc;
 	}
       }
+
       if ((memcmp(packet->payload, "USER ", 5) == 0)
 	  || (memcmp(packet->payload, "NICK ", 5) == 0)
 	  || (memcmp(packet->payload, "PASS ", 5) == 0)
@@ -402,6 +403,19 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
 	  || (memcmp(packet->payload, "NOTICE ", 7) == 0)
 	  || (memcmp(packet->payload, "PRIVMSG ", 8) == 0)
 	  || (memcmp(packet->payload, "VERSION ", 8) == 0)) {
+	char *user = ndpi_strnstr((char*)packet->payload, "USER ", packet->payload_packet_len);
+
+	if(user) {
+	  char buf[32], msg[64], *sp;
+
+	  snprintf(buf, sizeof(buf), "%s", &user[5]);
+	  if((sp = strchr(buf, ' ')) != NULL)
+	    sp[0] = '\0';
+	  
+	  snprintf(msg, sizeof(msg), "Found IRC username (%s)", buf);
+	  ndpi_set_risk(ndpi_struct, flow, NDPI_CLEAR_TEXT_CREDENTIALS, msg);
+	}
+	
 	NDPI_LOG_DBG2(ndpi_struct,
 		      "USER, NICK, PASS, NOTICE, PRIVMSG one time");
 	if (flow->l4.tcp.irc_stage == 2) {
author	Luca Deri <deri@ntop.org>	2022-10-05 22:51:20 +0200
committer	Luca Deri <deri@ntop.org>	2022-10-05 22:51:20 +0200
commit	199c86e3df8da0b4734193df8424cd4a62768ae8 (patch)
tree	26dc6e993688269fc38bd5051d7e9bdb16d9c488 /src/lib/protocols
parent	37c88b129f6f5a3475dc6364cc4a898df9ff37ab (diff)