You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
2.0 KiB
86 lines
2.0 KiB
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, which adds |
|
escaping for user, vhost, uri, referrer and agent strings in the log. For |
|
further information, please have a look to Debian bug ID #372536. |
|
|
|
--- dsniff-2.4b1/urlsnarf.c 2008-08-30 15:34:21.000000000 +0200 |
|
+++ dsniff-2.4b1/urlsnarf.c.escape 2008-08-30 15:38:46.000000000 +0200 |
|
@@ -84,6 +84,43 @@ |
|
return (tstr); |
|
} |
|
|
|
+static char * |
|
+escape_log_entry(char *string) |
|
+{ |
|
+ char *out; |
|
+ unsigned char *c, *o; |
|
+ size_t len; |
|
+ |
|
+ if (!string) |
|
+ return NULL; |
|
+ |
|
+ /* Determine needed length */ |
|
+ for (c = string, len = 0; *c; c++) { |
|
+ if ((*c < 32) || (*c >= 128)) |
|
+ len += 4; |
|
+ else if ((*c == '"') || (*c =='\\')) |
|
+ len += 2; |
|
+ else |
|
+ len++; |
|
+ } |
|
+ out = malloc(len+1); |
|
+ if (!out) |
|
+ return NULL; |
|
+ for (c = string, o = out; *c; c++, o++) { |
|
+ if ((*c < 32) || (*c >= 128)) { |
|
+ snprintf(o, 5, "\\x%02x", *c); |
|
+ o += 3; |
|
+ } else if ((*c == '"') || ((*c =='\\'))) { |
|
+ *(o++) = '\\'; |
|
+ *o = *c; |
|
+ } else { |
|
+ *o = *c; |
|
+ } |
|
+ } |
|
+ out[len]='\0'; |
|
+ return out; |
|
+} |
|
+ |
|
static int |
|
process_http_request(struct tuple4 *addr, u_char *data, int len) |
|
{ |
|
@@ -142,18 +179,26 @@ |
|
buf_tok(NULL, NULL, i); |
|
} |
|
} |
|
- if (user == NULL) |
|
- user = "-"; |
|
- if (vhost == NULL) |
|
- vhost = libnet_addr2name4(addr->daddr, Opt_dns); |
|
- if (referer == NULL) |
|
- referer = "-"; |
|
- if (agent == NULL) |
|
- agent = "-"; |
|
+ user = escape_log_entry(user); |
|
+ vhost = escape_log_entry(vhost); |
|
+ uri = escape_log_entry(uri); |
|
+ referer = escape_log_entry(referer); |
|
+ agent = escape_log_entry(agent); |
|
|
|
printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n", |
|
libnet_addr2name4(addr->saddr, Opt_dns), |
|
- user, timestamp(), req, vhost, uri, referer, agent); |
|
+ (user?user:"-"), |
|
+ timestamp(), req, |
|
+ (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), |
|
+ uri, |
|
+ (referer?referer:"-"), |
|
+ (agent?agent:"-")); |
|
+ |
|
+ free(user); |
|
+ free(vhost); |
|
+ free(uri); |
|
+ free(referer); |
|
+ free(agent); |
|
} |
|
fflush(stdout); |
|
|
|
|