- Articles
- What the SWIG? The library to rapidly develop PHP extensions in C/C++
- SimplePcap (PHP side): List your network interfaces and sniff traffic from PHP Code
- A sample output from running the included example
- UPDATE: Inject forged packets in the network using only PHP
- SimplePcap (C++ side): How the C++ code that calls libpcap looks like
- The SWIG interface file
- Typemaps
- Conclusions: Using SWIG to write a network sniffer with C++, libpcap and PHP and loving it!
- Saved searches
- Use saved searches to filter your results more quickly
- License
- AnonBit/php-Based-Sniffer-4
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.md
- СКРИПТ СНИФФЕРА PHP
Articles
Note : This article has been updated to include packet injection!
I’ve been wanting to try SWIG for a long time, but never got the chance, for one thing or the other. So this weekend I’ve finally decided to give it a try by trying to create a php extension that access a small C++ wrapper for libpcap, so I can sniff packets directly from PHP. Just for fun (and actually because I couldn’t find any active pecl extension to use libpcap, so it might as well be something useful). I’ve named it «SimplePcap».
A little disclaimer: I’m of course not an expert in SWIG or the Zend Engine, so I might be missing something. If you spot anything that needs to be fixed, please drop me a line. Overall, I think it’s a good sample to start toying around with SWIG. Also, this is not intended to be a deep insight into SWIG or anything like that. The SWIG manual is pretty damn good at it!
- The complete source code for the extension is available at GitHub
- The documentation for tcpdump & libpcap
- The Online SWIG manual
- The PCAP man page, with pcap_t and pcap_*() function descriptions.
- You can get a linux x86_64 build at the CI server
What the SWIG? The library to rapidly develop PHP extensions in C/C++
For those of you who dont know what SWIG is: let’s say you have a given C or C++ code, and you want or need to access it from a scripting language (let’s call that, a «target language»). Well, SWIG is a tool that generates the necessary code to create an extension in lots of «target languages» (like PHP, Python, Java, Lua, Go, etc.), based on that particular piece of C/C++ code. The Online SWIG manual explains why it was born and all the available features and languages.
Basically speaking, you feed SWIG an «interface file» that tells swig what and how do you want to expose the C/C++ code to the scripting language, and then it will autogenerate the needed C/C++ files that will be the «glue» between your code and the target language.
SimplePcap (PHP side): List your network interfaces and sniff traffic from PHP Code
NOTE: A «complete» php sniffer that dumps the packets like tcpdump is included as an example in the GitHub repository for the source code.
This is how you can use SimplePcap from PHP to list all available devices:
To capture packets, first, get an instance of the SimplePcap class. You will need:
- The network interface name, can be something like «any», or «eth0»
- A libpcap filter, like «port 80». This tells libpcap to filter some specific traffic.
- The number of bytes to capture per packet, like 4096, 1024, 40, etc.
- The read timeout in milliseconds. This goes directly to pcap_open_live(). Use 0 for a blocking operation. If you get an exception saying that pcap_next() returned null, try incrementing this one, or setting it to 0.
To get the data sniffed on a given packet:
Also, you can get other packet information:
A sample output from running the included example
UPDATE: Inject forged packets in the network using only PHP
If you want to inject packets in the interface, you will be glad to know that I’ve added a method send() just for that:
An example file is provided, inject.php that when run, will inject the data contained in the given file. Here’s a sample run sending an ICMP echo request captured with sniff.php:
SimplePcap (C++ side): How the C++ code that calls libpcap looks like
SimplePcap is actually pretty simple, since it was done only to try SWIG. There is a SimplePcap class that provides the core functionality and a Packet class that wraps around a pcap_t structure. Both are exposed to PHP by SWIG.
SimplePcap has a static method, findAllDevs() that calls pcap_findalldevs(), and returns a deviceList, which is nothing more than a standard C++ map .
A typemap(out) exists (more on typemaps later) for deviceList, that will transform it to a php associative array, where the key is the name of the interface and the value is the interface description (pcap_t.name and pcap_t.description respectively).
To construct a SimplePcap class, you need the interface name (hence the need for findAllDevs()), a libpcap filter expression (like «host 127.0.0.1 and port 80»), the number of bytes to capture per packet, and the read timeout in milliseconds. If you get an exception saying that pcap_next() returned null, try incrementing this one, or setting it to 0.
Once you get the SimplePcap instance, the method get() can be used to get packets, which wraps around the pcap_next() function and returns objects of type Packet.
I did not use pcap_loop() intentionally, I thought it would be better here to let the php client have control. Besides, I would like to have Closures passed as callbacks when using pcap_loop(), and I haven’t done anything yet towards that goal. Maybe for the next article! Also, I couldn’t find out how to translate the exceptions from C++ to PHP exceptions (the ones you see here, which are custom SimplePcap exceptions, and not mappable into SWIG_* exceptions).
UPDATE: You can also use the method send() to inject packets in the interface, it will call pcap_inject().
The SWIG interface file
Here’s the interface file I’m using for the extension.
You will notice code between %< . %>. The code between those tokens will be inserted directly into the source file generated by SWIG. Right below, a couple of SWIG files are included, mostly to have the typemaps shipped with SWIG. And right below those, there’s a custom typemap I’ve made.
Typemaps
A typemap is code used to transform data back and forth from the target language to C/C++. Data types like strings, integers, floats, are already supported by SWIG and will be translated if you include the corresponding swig files for the language you’re using (in this case, all the *.i files) you see below the % <. %>block.
The typemap(out) for deviceList specifies how SWIG will translate a deviceList into something usable from PHP, like an associative array (in this case). So that code snippet is used to return the associative array to PHP, where the key is the interface name and the value is the interface description coming in directly from libpcap.
Conclusions: Using SWIG to write a network sniffer with C++, libpcap and PHP and loving it!
SWIG is really great. I just did some C++ code and then worried about how to integrate it to PHP. Althought it seems that you really need lots of experience with it to actually do more advanced things in the right way. For example, I could not find out yet how to throw my custom C++ exceptions right into PHP (don’t know if that’s possible at all).
Also, I had to give default values for the Packet constructor, because the PHP code generated by SWIG (the proxy classes), would call the Packet constructor with just 1 argument.
And I’d like to expose properties along with methods (saw some pythong examples, but nothing really for php).
So I guess that sometimes it’s more productive to just make the PHP extension than using SWIG. But if you want your code to be run in many languages, this is definitely an excellent library to try!
If you liked this or other articles (and feel generous), you can make a donation:
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
License
AnonBit/php-Based-Sniffer-4
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
php Based Sniffer 4 — многофункциональный веб-сниффер, написанный на языке PHP, частично доступный для свободного скачивания. Он прост, удобен в использовании и является незаменимым инструментом любого хакера специалиста по веб-безопасности.
Сниффер позволяет перехватывать IP и USER-AGENT пользователя, URL страницы, с которой пришел запрос, а также произвольную информацию, переданную браузером в QUERY (после знака ?). Подробнее об этом читайте в FAQ (в комплекте программы).
Сниффер не требует установки. Достаточно разместить все файлы дистрибутива на любом доступном хосте с поддержкой PHP и установить необходимые права, следуя инструкциям в файле readme.txt.
Последняя версия — 4.1 (выпущена 08.07.2006). Дальнейшая разработка в ближайшее время не планируется.
Вот краткий обзор функционала сниффера:
- грамотный, интуитивно понятный интерфейс, в котором всё учтено
- поддержка всех известных браузеров
- система фильтров, позволяющая отбирать из лога только нужные записи
- фильтрация запросов (еще до попадения в лог)
- функция “Волшебная палочка”, позволяющая быстро заходить на сайт с перехваченными cookies
- удаление отмеченных записей
- помечание новых записей
- возможность авторизованного доступа
- отправка оповещений на e-mail, ICQ
- поддержка различных стилей оформления (4 стиля в комплекте)
- совместимость с предыдущими версиями (достаточно перенести файл data.txt)
- экспорт (сохранение) данных
- подробный FAQ
| Multi | Deluxe | Personal | Public | |
|---|---|---|---|---|
| Удаление записей | + | + | + | — |
| Система фильтров | + | + | + | + |
| Постраничная навигация | + | + | + | + |
| Basic-авторизация | + | + | + | — |
| Фильтрация запросов | — | + | — | — |
| Функция “Волшебная палочка” | — | + | — | — |
| Помечание новых записей | + | + | — | — |
| Отправка оповещений на e-mail, ICQ | — | + | — | — |
| Экспорт данных | + | + | — | — |
| Кол-во включенных стилей | 4 | 4 | 1 (Simple) | 1 (Simple) |
| Тонкая настройка | + | + | — | — |
| Быстрая замена GIF-картинки | + | — | — | — |
| Подробный FAQ | + | + | — | — |
В версии Multi, не считая многопользовательского интерфейса (у каждого пользователя свой лог), есть еще администраторская панель и два отдельных FAQ’а для пользователей и администратора.
Вы можете полюбоваться вышеупомянутыми достоинствами и испробовать функционал сниффера на странице превью (удалять и добавлять записи нельзя):
- Webmoney: Z887052833571 (пересчитывайте по курсу ЦБ), R115088509119
- Яндекс.Деньги: 4100159084988
Kanick. На самых первых порах в создании сниффера также помогали Егорыч+++, a33, chin.
СКРИПТ СНИФФЕРА PHP
Сниффер – это программа для мониторинга, сбора и анализа данных, которые передаются через сеть. Такие инструменты часто используются в целях безопасности или для отладки сетевых приложений. В PHP можно написать свой собственный скрипт сниффера.
Для создания сниффера на PHP можно использовать расширение Sockets. С помощью этого расширения можно создавать и управлять сокетами, проводить чтение и запись данных. Ниже приведен пример простого сниффера на PHP:
$socket = socket_create(AF_INET, SOCK_RAW, 1);
socket_bind($socket, ‘0.0.0.0’, 0);
while (true) $packet = »;
socket_recv($socket, $packet, 65535, MSG_WAITALL);
// Добавить обработку пакета
>
В этом примере создается сокет и выполняется неограниченный цикл чтения пакетов. Когда пакет приходит, он сохраняется в переменной $packet. Пример не дополнен обработкой пришедшего пакета, но это можно сделать с помощью стандартных PHP-функций, таких как parse_url() или parse_str().
Обратите внимание, что создание сниффера без надлежащей авторизации и согласования с законодательством может являться незаконным действием и нанести ущерб другим участникам сети.
как сделать чтобы на сниффер приходили 3 и более строки
Нейросети которые ПОДНИМАЮТ охваты
PHP DS — Свой снифер + Веб скрипт — Урок #6
Онлайн Сниффер инструкция
#1 Уроки PHP — Учим язык PHP, Первый скрипт на языке PHP
[КЭС]№1 Как создать сниффер через PHP Devel studio часть 2Как легко взломать сайт на PHP — SQL injection
PHP статический анализ кода: Code Sniffer