diff options
| author | Luca Deri <deri@ntop.org> | 2019-11-21 19:36:01 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-11-21 19:36:01 +0100 |
| commit | fc82cdfa4ac11e34725319620cdc549cb1b700d0 (patch) | |
| tree | 14427bfbf0ba79a1acb632bb2634edde5b378d2a /src | |
| parent | e98b994a39ee829058265353473d773642c889cf (diff) | |
Implemented telnet password export
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 8 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/telnet.c | 33 |
3 files changed, 37 insertions, 6 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3325e9cd9..d773cd013 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1234,9 +1234,11 @@ struct ndpi_flow_struct { } imo; struct { - u_int8_t username_detected:1, username_found:1, skip_next:1, _pad:5; + u_int8_t username_detected:1, username_found:1, + password_detected:1, password_found:1, + skip_next:1, _pad:3; u_int8_t character_id; - char username[32]; + char username[32], password[32]; } telnet; struct { @@ -1255,7 +1257,7 @@ struct ndpi_flow_struct { } http; struct { - u_int8_t auth_found; + u_int8_t auth_found:1; char username[16], password[16]; } ftp_imap_pop_smtp; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 572c2a736..fbcf6f111 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6580,7 +6580,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp break; case NDPI_PROTOCOL_TELNET: - if(!flow->protos.telnet.username_detected) + if(!flow->protos.telnet.password_detected) return(1); break; } diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 0fd00e6d4..35693bf62 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -1,8 +1,8 @@ /* * telnet.c * - * Copyright (C) 2009-2011 by ipoque GmbH * Copyright (C) 2011-19 - ntop.org + * Copyright (C) 2009-2011 by ipoque GmbH * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -47,6 +47,34 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload_packet_len > 0) { int i; + if(flow->protos.telnet.username_detected) { + if((!flow->protos.telnet.password_found) + && (packet->payload_packet_len > 6)) { + + if(strncasecmp((char*)packet->payload, "password:", 9) == 0) { + flow->protos.telnet.password_found = 1; + } + + return(1); + } + + if(packet->payload[0] == '\r') { + if(!flow->protos.telnet.password_found) + return(1); + + flow->protos.telnet.password_detected = 1; + flow->protos.telnet.password[flow->protos.telnet.character_id] = '\0'; + return(0); + } + + for(i=0; i<packet->payload_packet_len; i++) { + if(flow->protos.telnet.character_id < (sizeof(flow->protos.telnet.password)-1)) + flow->protos.telnet.password[flow->protos.telnet.character_id++] = packet->payload[i]; + } + + return(1); + } + if((!flow->protos.telnet.username_found) && (packet->payload_packet_len > 6)) { @@ -60,7 +88,8 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload[0] == '\r') { flow->protos.telnet.username_detected = 1; flow->protos.telnet.username[flow->protos.telnet.character_id] = '\0'; - return(0); + flow->protos.telnet.character_id = 0; + return(1); } for(i=0; i<packet->payload_packet_len; i++) { |