mirror of
https://github.com/Erreur32/cheat.git
synced 2024-11-18 01:40:44 +01:00
f46698b656
Performed an extensive refactoring on the entire application for the sake of code-cleanliness. - Refactored out of an ad-hoc Imperative paradigm into more of a functional/declarative paradigm. IMO, this makes the application signifcantly easier to understand. - Moved away from `argparse` and into `docopt` for argument parsing - Version bump to 2.0.0 - Performed extensive refactoring on the setup.py script. Script should install to the system more cleanly now. - Made minor formatting changes to the --list flag output - Updated the README Squashed commit of the following: commit e5681bd536aa0220cdeb7884cc248db55be408c9 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 23:30:21 2014 -0400 Fixed many bugs Everything seems to work now, I think. commit 764ec5950cee958eb1b8333ddfcb6bcd45c28429 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 21:51:31 2014 -0400 Restructuring for the sake of setup.py Seem to finally have a working install script commit 5a866c23857b77ec65070dd8023cd734f2b7c242 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 18:01:11 2014 -0400 Nits commit a79954ba5b33d992fa6a32abffb33b161d624e3d Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 17:53:03 2014 -0400 Implemented search commit b570a897e9a12c15affe1a72628deae31836dee2 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 17:11:27 2014 -0400 Nits commit 1a8d85b44457f1b2131b3e8475c5270b5d0899e3 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 17:02:22 2014 -0400 Still refactoring across files Trying to make the program structure clearer commit 34dffd6462e492e81ea558e2009a71051b7663c9 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 16:40:37 2014 -0400 Breaking app into several files This is for the sake of code-cleanliness commit 4825d678ff5f9817ccbf727ef71e5dea15ff2586 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 15:55:19 2014 -0400 Got syntax highlighting working commit c37d7a626d451bfca3d4a072eb9fed604085170f Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 15:29:22 2014 -0400 Reduced verbosity of function names commit 8e626045186b37dce2480f5af1994ddfa8db79b5 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 15:24:41 2014 -0400 Refactored argument passing Fewer arguments now need to be passed throughout the app. commit 807ba814650010b3dd1b59d27400b3fb4fcfede7 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 11:40:05 2014 -0400 Working through the refactor commit e34e6540d4f8cd727e98aac68289d515a02d5fe6 Author: Chris Lane <chris@chris-allen-lane.com> Date: Thu Apr 24 20:00:10 2014 -0400 Got a basic end-to-end refactor working Have re-implemented just the most basic functionality in the "cheat2" file.
63 lines
2.1 KiB
Text
63 lines
2.1 KiB
Text
# TCPDump is a packet analyzer. It allows the user to intercept and display TCP/IP
|
|
# and other packets being transmitted or received over a network. (cf Wikipedia).
|
|
# Note: 173.194.40.120 => google.com
|
|
|
|
# Intercepts all packets on eth0
|
|
tcpdump -i eth0
|
|
|
|
# Intercepts all packets from/to 173.194.40.120
|
|
tcpdump host 173.194.40.120
|
|
|
|
# Intercepts all packets on all interfaces from / to 173.194.40.120 port 80
|
|
# -nn => Disables name resolution for IP addresses and port numbers.
|
|
tcpdump -nn -i any host 173.194.40.120 and port 80
|
|
|
|
# Make a grep on tcpdump (ASCII)
|
|
# -A => Show only ASCII in packets.
|
|
# -s0 => By default, tcpdump only captures 68 bytes.
|
|
tcpdump -i -A any host 173.194.40.120 and port 80 | grep 'User-Agent'
|
|
|
|
# With ngrep
|
|
# -d eth0 => To force eth0 (else ngrep work on all interfaces)
|
|
# -s0 => force ngrep to look at the entire packet. (Default snaplen: 65536 bytes)
|
|
ngrep 'User-Agent' host 173.194.40.120 and port 80
|
|
|
|
# Intercepts all packets on all interfaces from / to 8.8.8.8 or 173.194.40.127 on port 80
|
|
tcpdump 'host ( 8.8.8.8 or 173.194.40.127 ) and port 80' -i any
|
|
|
|
# Intercepts all packets SYN and FIN of each TCP session.
|
|
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
|
|
|
|
# To display SYN and FIN packets of each TCP session to a host that is not on our network
|
|
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net local_addr'
|
|
|
|
# To display all IPv4 HTTP packets that come or arrive on port 80 and that contain only data (no SYN, FIN no, no packet containing an ACK)
|
|
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
|
|
|
|
# Saving captured data
|
|
tcpdump -w file.cap
|
|
|
|
# Reading from capture file
|
|
tcpdump -r file.cap
|
|
|
|
# Show content in hexa
|
|
# Change -x to -xx => show extra header (ethernet).
|
|
tcpdump -x
|
|
|
|
# Show content in hexa and ASCII
|
|
# Change -X to -XX => show extra header (ethernet).
|
|
tcpdump -X
|
|
|
|
# Note on packet maching:
|
|
# Port matching:
|
|
# - portrange 22-23
|
|
# - not port 22
|
|
# - port ssh
|
|
# - dst port 22
|
|
# - src port 22
|
|
#
|
|
# Host matching:
|
|
# - dst host 8.8.8.8
|
|
# - not dst host 8.8.8.8
|
|
# - src net 67.207.148.0 mask 255.255.255.0
|
|
# - src net 67.207.148.0/24
|