Patch by Hilko Bengen for dsniff >= 2.4b1, which adds escaping for user, vhost, uri, referrer and agent strings in the log. For further information, please have a look to Debian bug ID #372536. --- dsniff-2.4b1/urlsnarf.c 2008-08-30 15:34:21.000000000 +0200 +++ dsniff-2.4b1/urlsnarf.c.escape 2008-08-30 15:38:46.000000000 +0200 @@ -84,6 +84,43 @@ return (tstr); } +static char * +escape_log_entry(char *string) +{ + char *out; + unsigned char *c, *o; + size_t len; + + if (!string) + return NULL; + + /* Determine needed length */ + for (c = string, len = 0; *c; c++) { + if ((*c < 32) || (*c >= 128)) + len += 4; + else if ((*c == '"') || (*c =='\\')) + len += 2; + else + len++; + } + out = malloc(len+1); + if (!out) + return NULL; + for (c = string, o = out; *c; c++, o++) { + if ((*c < 32) || (*c >= 128)) { + snprintf(o, 5, "\\x%02x", *c); + o += 3; + } else if ((*c == '"') || ((*c =='\\'))) { + *(o++) = '\\'; + *o = *c; + } else { + *o = *c; + } + } + out[len]='\0'; + return out; +} + static int process_http_request(struct tuple4 *addr, u_char *data, int len) { @@ -142,18 +179,26 @@ buf_tok(NULL, NULL, i); } } - if (user == NULL) - user = "-"; - if (vhost == NULL) - vhost = libnet_addr2name4(addr->daddr, Opt_dns); - if (referer == NULL) - referer = "-"; - if (agent == NULL) - agent = "-"; + user = escape_log_entry(user); + vhost = escape_log_entry(vhost); + uri = escape_log_entry(uri); + referer = escape_log_entry(referer); + agent = escape_log_entry(agent); printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", libnet_addr2name4(addr->saddr, Opt_dns), - user, timestamp(), req, vhost, uri, referer, agent); + (user?user:"-"), + timestamp(), req, + (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), + uri, + (referer?referer:"-"), + (agent?agent:"-")); + + free(user); + free(vhost); + free(uri); + free(referer); + free(agent); } fflush(stdout);