diff --new-file -ur dsniff-2.2.orig/Makefile.in dsniff-2.2/Makefile.in --- dsniff-2.2.orig/Makefile.in Wed Jun 14 06:42:51 2000 +++ dsniff-2.2/Makefile.in Thu Jun 29 21:25:44 2000 @@ -47,9 +47,9 @@ SRCS = asn1.c base64.c hex.c magic.c rpc.c tcp_raw.c trigger.c record.c \ dsniff.c decode.c decode_aim.c decode_citrix.c decode_cvs.c \ decode_ftp.c decode_hex.c decode_http.c decode_icq.c decode_imap.c \ - decode_irc.c decode_ldap.c decode_mmxp.c decode_mountd.c \ + decode_irc.c decode_ldap.c decode_mmxp.c \ decode_napster.c decode_nntp.c decode_oracle.c decode_ospf.c \ - decode_pcanywhere.c decode_pop.c decode_portmap.c \ + decode_pcanywhere.c decode_pop.c decode_smtp.c decode_portmap.c \ decode_postgresql.c decode_rip.c decode_rlogin.c decode_smb.c \ decode_sniffer.c decode_snmp.c decode_socks.c decode_tds.c \ decode_telnet.c decode_yppasswd.c decode_x11.c diff --new-file -ur dsniff-2.2.orig/decode.c dsniff-2.2/decode.c --- dsniff-2.2.orig/decode.c Fri Jun 30 00:50:47 2000 +++ dsniff-2.2/decode.c Thu Jun 29 21:27:31 2000 @@ -23,6 +23,7 @@ extern int decode_ospf(u_char *, int); extern int decode_poppass(u_char *, int); extern int decode_pop(u_char *, int); +extern int decode_smtp(u_char *, int); extern int decode_nntp(u_char *, int); extern int decode_smb(u_char *, int); extern int decode_imap(u_char *, int); @@ -58,6 +59,7 @@ { "ospf", decode_ospf }, { "poppass", decode_poppass }, { "pop", decode_pop }, + { "smtp", decode_smtp }, { "nntp", decode_nntp }, { "smb", decode_smb }, { "imap", decode_imap }, diff --new-file -ur dsniff-2.2.orig/decode_http.c dsniff-2.2/decode_http.c --- dsniff-2.2.orig/decode_http.c Fri Jun 16 22:36:16 2000 +++ dsniff-2.2/decode_http.c Fri Jun 30 00:25:56 2000 @@ -127,7 +127,7 @@ decode_http(u_char *buf, int len) { u_char *end; - char *p, *auth, *query, *host; + char *p, *auth, *query, *host, *pauth; int i, method; Buf[0] = '\0'; @@ -137,7 +137,7 @@ *end = '\0'; end += 4; - auth = query = host = NULL; + auth = query = host = pauth = NULL; if ((p = strtok(buf, "\r\n")) == NULL) continue; @@ -155,6 +155,9 @@ else if (strncmp(p, "Authorization: Basic ",21) == 0) { auth = p; } + else if (strncmp(p, "Proxy-authorization: Basic ",27) == 0) { + pauth = p; + } else if (method == M_POST) { if (strncmp(p, "Content-type: ", 14) == 0) { if (strncmp(p + 14, "application/" @@ -175,7 +178,7 @@ } } } - if (auth || (query && grep_query_auth(query))) { + if (auth || pauth || (query && grep_query_auth(query))) { if (Buf[0] != '\0') strlcat(Buf, "\n", sizeof(Buf)); @@ -198,6 +201,15 @@ snprintf(Buf + i, sizeof(Buf) - i, " [%s]\n", p); } + if (pauth) { + strlcat(Buf, pauth, sizeof(Buf)); + p = pauth + 27; + i = base64_pton(p, p, strlen(p)); + p[i] = '\0'; + i = strlen(Buf); + snprintf(Buf + i, sizeof(Buf) - i, + " [%s]\n", p); + } else if (method == M_POST && query) { i = strlen(Buf); snprintf(Buf + i, sizeof(Buf) - i, diff --new-file -ur dsniff-2.2.orig/decode_pop.c dsniff-2.2/decode_pop.c --- dsniff-2.2.orig/decode_pop.c Wed Jun 14 18:16:00 2000 +++ dsniff-2.2/decode_pop.c Thu Jun 29 20:55:28 2000 @@ -42,7 +42,7 @@ decode_pop(u_char *buf, int len) { char *p; - int i, j; + int i, j, b=1; Buf[0] = '\0'; @@ -68,6 +68,16 @@ strncasecmp(p, "HELO ", 5) == 0) { strlcat(Buf, p, sizeof(Buf)); strlcat(Buf, "\n", sizeof(Buf)); + } + /* Save APOP auth info. */ + else if (strncasecmp(p, "APOP ", 5) == 0) { + strlcat(Buf, p, sizeof(Buf)); + strlcat(Buf, "\n", sizeof(Buf)); + } + else if (b && strncasecmp(p, "+OK ", 4) == 0) { + strlcat(Buf, p, sizeof(Buf)); + strlcat(Buf, "\n", sizeof(Buf)); + b = 0; } } return (strlen(Buf)); diff --new-file -ur dsniff-2.2.orig/decode_smtp.c dsniff-2.2/decode_smtp.c --- dsniff-2.2.orig/decode_smtp.c Thu Jan 1 01:00:00 1970 +++ dsniff-2.2/decode_smtp.c Thu Jun 29 23:46:32 2000 @@ -0,0 +1,54 @@ +/* + decode_smtp.c + + Simple Mail Transfert Protocol. + + Copyright (c) 2000 Dug Song + Copyright (c) 2000 Denis Ducamp + + $Id: decode_smtp.c,v 1.2 2000/06/14 16:16:00 dugsong Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include "base64.h" +#include "options.h" +#include "decode.h" + +int +decode_smtp(u_char *buf, int len) +{ + char *p; + int i, j, b=1; + + Buf[0] = '\0'; + + for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) { + if (strncasecmp(p, "AUTH LOGIN", 10) == 0) { + strlcat(Buf, p, sizeof(Buf)); + /* strlcat(Buf, "\n", sizeof(Buf)); */ + + /* Decode SMTP auth. */ + /* for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) { */ + /* strlcat(Buf, p, sizeof(Buf)); */ + j = base64_pton(p+11, p+11, strlen(p+11)); + p[j+11] = '\0'; + strlcat(Buf, " [", sizeof(Buf)); + strlcat(Buf, p+11, sizeof(Buf)); + strlcat(Buf, "]\n", sizeof(Buf)); + /* } */ +p = strtok(NULL, "\r\n"); +strlcat(Buf, p, sizeof(Buf)); +j = base64_pton(p, p, strlen(p)); +p[j] = '\0'; +strlcat(Buf, " [", sizeof(Buf)); +strlcat(Buf, p, sizeof(Buf)); +strlcat(Buf, "]\n", sizeof(Buf)); + } + } + return (strlen(Buf)); +} + diff --new-file -ur dsniff-2.2.orig/dsniff.services dsniff-2.2/dsniff.services --- dsniff-2.2.orig/dsniff.services Wed Jun 14 06:58:57 2000 +++ dsniff-2.2/dsniff.services Fri Jun 30 00:52:38 2000 @@ -4,12 +4,14 @@ # ftp 21/tcp telnet 23/tcp +smtp 25/tcp http 80/tcp ospf 89/ip http 98/tcp poppass 106/tcp pop 109/tcp pop 110/tcp +pop -110/tcp portmap 111/tcp portmap -111/tcp portmap 111/udp @@ -56,6 +58,7 @@ tds 7599/tcp napster 7777/tcp http 8080/tcp +http 8181/tcp napster 8888/tcp aim 9898/tcp pcanywhere 65301/tcp