Exemple #1
0
        public void Analyze(UdpPacket udpPacket)
        {
            NetworkLayerObject credential = this._kerberosParser.Parse(udpPacket);

            if (credential != null)
            {
                // Raise event.
                this.ParsedItemDetected(this, new ParsedItemDetectedEventArgs()
                {
                    ParsedItem = credential
                });
            }
        }
Exemple #2
0
        public void Analyze(TcpSession tcpSession)
        {
            foreach (var parsrer in this._passwordParsers)
            {
                NetworkLayerObject credential = parsrer.Parse(tcpSession);

                if (credential != null)
                {
                    // Raise event.
                    this.ParsedItemDetected(this, new ParsedItemDetectedEventArgs()
                    {
                        ParsedItem = credential
                    });
                }
            }
        }
Exemple #3
0
        public NetworkLayerObject Parse(TcpSession tcpSession)
        {
            NetworkLayerObject credential = null;
            var sessionData = Encoding.ASCII.GetString(tcpSession.Data);

            if ((credential = SearchImapPlaintextLogin(tcpSession, sessionData)) != null)
            {
                return(credential);
            }
            else if ((credential = SearchImapAuthenticateLogin(tcpSession, sessionData)) != null)
            {
                return(credential);
            }
            else if ((credential = SearchImapCramMd5Hash(tcpSession, sessionData)) != null)
            {
                return(credential);
            }

            return(credential);
        }
Exemple #4
0
        public NetworkLayerObject Parse(TcpSession tcpSession)
        {
            // TODO: determine the autentication direction
            NetworkLayerObject credential = null;
            var sessionData = Encoding.ASCII.GetString(tcpSession.Data);

            if ((credential = SearchSmtpAuthLogin(tcpSession, sessionData)) != null)
            {
                return(credential);
            }
            if ((credential = SearchSmtpAuthPlain(tcpSession, sessionData)) != null)
            {
                return(credential);
            }
            if ((credential = SearchSmtpCramMd5(tcpSession, sessionData)) != null)
            {
                return(credential);
            }

            return(credential);
        }
Exemple #5
0
        public void AnalyzeGeneric(object item)
        {
            NetworkLayerObject credential = null;

            foreach (var parsrer in this._passwordParsers)
            {
                if (item is TcpPacket)
                {
                    credential = SafeRun(x => parsrer.Parse(x as TcpPacket), item as TcpPacket);
                }
                else if (item is TcpSession)
                {
                    credential = SafeRun(x => parsrer.Parse(x as TcpSession), item as TcpSession);
                }
                else if (item is UdpPacket)
                {
                    credential = SafeRun(x => parsrer.Parse(x as UdpPacket), item as UdpPacket);
                }
                else if (item is UdpStream)
                {
                    // Nothing to do.
                }
                else
                {
                    throw new Exception("Unsupported type for password module");
                }

                if (credential != null)
                {
                    // Raise event.
                    this.ParsedItemDetected(this, new ParsedItemDetectedEventArgs()
                    {
                        ParsedItem = credential
                    });
                }
            }
        }