7x31
/
go-sniffer
mirror of https://github.com/40t/go-sniffer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added mssql plug

This commit is contained in:
solar 2018-11-15 19:44:54 +08:00
parent 3a639ed0f1
commit 955f6f4f92
7 changed files with 376 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
core/plug.go
View File

@ -1,24 +1,25 @@
package core
import (
"io/ioutil"
"plugin"
"github.com/google/gopacket"
"fmt"
"io"
mysql "github.com/40t/go-sniffer/plugSrc/mysql/build"
redis "github.com/40t/go-sniffer/plugSrc/redis/build"
"io/ioutil"
"path"
"path/filepath"
"plugin"
hp "github.com/40t/go-sniffer/plugSrc/http/build"
mongodb "github.com/40t/go-sniffer/plugSrc/mongodb/build"
"path/filepath"
"fmt"
"path"
mysql "github.com/40t/go-sniffer/plugSrc/mysql/build"
redis "github.com/40t/go-sniffer/plugSrc/redis/build"
mssql "github.com/feiin/go-sniffer/plugSrc/mssql/build"
"github.com/google/gopacket"
)
type Plug struct {
dir string
dir string
ResolveStream func(net gopacket.Flow, transport gopacket.Flow, r io.Reader)
BPF string
BPF string
InternalPlugList map[string]PlugInterface
ExternalPlugList map[string]ExternalPlug
@ -48,7 +49,7 @@ func NewPlug() *Plug {
var p Plug
p.dir, _ = filepath.Abs( "./plug/")
p.dir, _ = filepath.Abs("./plug/")
p.LoadInternalPlugList()
p.LoadExternalPlugList()
@ -60,16 +61,18 @@ func (p *Plug) LoadInternalPlugList() {
list := make(map[string]PlugInterface)
//Mysql
list["mysql"] = mysql.NewInstance()
list["mysql"] = mysql.NewInstance()
//Mongodb
list["mongodb"] = mongodb.NewInstance()
list["mongodb"] = mongodb.NewInstance()
//Redis
list["redis"] = redis.NewInstance()
list["redis"] = redis.NewInstance()
//Http
list["http"] = hp.NewInstance()
list["http"] = hp.NewInstance()
list["mssql"] = mssql.NewInstance()
p.InternalPlugList = list
}
@ -87,7 +90,7 @@ func (p *Plug) LoadExternalPlugList() {
continue
}
plug, err := plugin.Open(p.dir+"/"+fi.Name())
plug, err := plugin.Open(p.dir + "/" + fi.Name())
if err != nil {
panic(err)
}
@ -113,12 +116,12 @@ func (p *Plug) LoadExternalPlugList() {
}
version := versionFunc.(func() string)()
p.ExternalPlugList[fi.Name()] = ExternalPlug {
ResolvePacket:ResolvePacketFunc.(func(net gopacket.Flow, transport gopacket.Flow, r io.Reader)),
SetFlag:setFlagFunc.(func([]string)),
BPFFilter:BPFFilterFunc.(func() string),
Version:version,
Name:fi.Name(),
p.ExternalPlugList[fi.Name()] = ExternalPlug{
ResolvePacket: ResolvePacketFunc.(func(net gopacket.Flow, transport gopacket.Flow, r io.Reader)),
SetFlag: setFlagFunc.(func([]string)),
BPFFilter: BPFFilterFunc.(func() string),
Version: version,
Name: fi.Name(),
}
}
}
@ -131,7 +134,7 @@ func (p *Plug) PrintList() {
//Print Internal Plug
for inPlugName, _ := range p.InternalPlugList {
fmt.Println("internal plug : "+inPlugName)
fmt.Println("internal plug : " + inPlugName)
}
//split
@ -139,24 +142,26 @@ func (p *Plug) PrintList() {
//print External Plug
for exPlugName, _ := range p.ExternalPlugList {
fmt.Println("external plug : "+exPlugName)
fmt.Println("external plug : " + exPlugName)
}
}
func (p *Plug) SetOption(plugName string, plugParams []string) {
fmt.Println("internalPlug", plugName)
//Load Internal Plug
if internalPlug, ok := p.InternalPlugList[plugName]; ok {
p.ResolveStream = internalPlug.ResolveStream
internalPlug.SetFlag(plugParams)
p.BPF = internalPlug.BPFFilter()
p.BPF = internalPlug.BPFFilter()
return
}
//Load External Plug
plug, err := plugin.Open("./plug/"+ plugName)
plug, err := plugin.Open("./plug/" + plugName)
if err != nil {
panic(err)
}
@ -174,5 +179,5 @@ func (p *Plug) SetOption(plugName string, plugParams []string) {
}
p.ResolveStream = resolvePacket.(func(net gopacket.Flow, transport gopacket.Flow, r io.Reader))
setFlag.(func([]string))(plugParams)
p.BPF = BPFFilter.(func()string)()
}
p.BPF = BPFFilter.(func() string)()
}

BIN
go-sniffer Executable file
View File

Binary file not shown.

4
main.go
View File

@ -1,10 +1,10 @@
package main
import (
"github.com/40t/go-sniffer/core"
"github.com/feiin/go-sniffer/core"
)
func main() {
core := core.New()
core.Run()
}
}

227
plugSrc/mssql/build/entry.go Normal file
View File

@ -0,0 +1,227 @@
package build
import (
"bytes"
"encoding/binary"
"fmt"
"io"
"os"
"strconv"
"sync"
"github.com/google/gopacket"
)
const (
Port = 1433
Version = "0.1"
CmdPort = "-p"
)
type Mssql struct {
port int
version string
source map[string]*stream
}
type stream struct {
packets chan *packet
}
type packet struct {
isClientFlow bool
status int
packetType int
length int
payload []byte
}
// packet types
// https://msdn.microsoft.com/en-us/library/dd304214.aspx
const (
packSQLBatch = 1
packRPCRequest = 3
packReply = 4
packAttention = 6
packBulkLoadBCP = 7
packTransMgrReq = 14
packNormal = 15
packLogin7 = 16
packSSPIMessage = 17
packPrelogin = 18
)
var mssql *Mssql
var once sync.Once
func NewInstance() *Mssql {
once.Do(func() {
mssql = &Mssql{
port: Port,
version: Version,
source: make(map[string]*stream),
}
})
return mssql
}
func (m *Mssql) Version() string {
return m.version
}
func (m *Mssql) BPFFilter() string {
return "tcp and port " + strconv.Itoa(m.port)
}
func (m *Mssql) SetFlag(flg []string) {
c := len(flg)
if c == 0 {
return
}
if c>>1 == 0 {
fmt.Println("ERR : Mssql Number of parameters")
os.Exit(1)
}
for i := 0; i < c; i = i + 2 {
key := flg[i]
val := flg[i+1]
switch key {
case CmdPort:
port, err := strconv.Atoi(val)
m.port = port
if err != nil {
panic("ERR : port")
}
if port < 0 || port > 65535 {
panic("ERR : port(0-65535)")
}
break
default:
panic("ERR : mssql's params")
}
}
}
// ResolveStream ...
func (m *Mssql) ResolveStream(net, transport gopacket.Flow, buf io.Reader) {
//uuid
uuid := fmt.Sprintf("%v:%v", net.FastHash(), transport.FastHash())
// log.Println(uuid)
if _, ok := m.source[uuid]; !ok {
var newStream = &stream{
packets: make(chan *packet, 100),
}
m.source[uuid] = newStream
go newStream.resolve()
}
for {
// log.Println("ssss")
newPacket := m.newPacket(net, transport, buf)
if newPacket == nil {
return
}
m.source[uuid].packets <- newPacket
}
// log.Println('ddd')
}
func (m *Mssql) newPacket(net, transport gopacket.Flow, r io.Reader) *packet {
// read packet
var packet *packet
var err error
packet, err = readStream(r)
//stream close
if err == io.EOF {
fmt.Println(net, transport, " close")
return nil
} else if err != nil {
fmt.Println("ERR : Unknown stream", net, transport, ":", err)
return nil
}
//set flow direction
if transport.Src().String() == strconv.Itoa(m.port) {
packet.isClientFlow = false
} else {
packet.isClientFlow = true
}
return packet
}
func (m *stream) resolve() {
for {
select {
case packet := <-m.packets:
if packet.isClientFlow {
m.resolveClientPacket(packet)
} else {
m.resolveServerPacket(packet)
}
}
}
}
func readStream(r io.Reader) (*packet, error) {
var buffer bytes.Buffer
header := make([]byte, 8)
p := &packet{}
if _, err := io.ReadFull(r, header); err != nil {
return nil, err
}
p.packetType = int(uint32(header[0]))
p.status = int(uint32(header[1]))
p.length = int(binary.BigEndian.Uint16(header[2:4]))
if p.length > 0 {
io.CopyN(&buffer, r, int64(p.length-8))
}
p.payload = buffer.Bytes()
return p, nil
}
func (m *stream) resolveClientPacket(p *packet) {
var msg string
switch p.packetType {
case 1:
msg = fmt.Sprintf("【query】 %s", string(p.payload))
case 4:
msg = fmt.Sprintf("【query】 %s", "Tabular result")
}
fmt.Println(GetNowStr(true), msg)
}
func (m *stream) resolveServerPacket(p *packet) {
var msg string
switch p.packetType {
case 4:
var b = int32(p.payload[0])
msg = fmt.Sprintf("【OK】 %d", b)
}
parseToken(p.payload)
fmt.Println(GetNowStr(false), msg)
}

45
plugSrc/mssql/build/token.go Normal file
View File

@ -0,0 +1,45 @@
package build
import (
"encoding/binary"
)
type token byte
// token ids
const (
tokenReturnStatus token = 121 // 0x79
tokenColMetadata token = 129 // 0x81
tokenOrder token = 169 // 0xA9
tokenError token = 170 // 0xAA
tokenInfo token = 171 // 0xAB
tokenReturnValue token = 0xAC
tokenLoginAck token = 173 // 0xad
tokenRow token = 209 // 0xd1
tokenNbcRow token = 210 // 0xd2
tokenEnvChange token = 227 // 0xE3
tokenSSPI token = 237 // 0xED
tokenDone token = 253 // 0xFD
tokenDoneProc token = 254
tokenDoneInProc token = 255
)
func parseToken(buf []byte) string {
var pos = 0
len := 0
for {
token := token(buf[pos])
switch token {
case tokenSSPI:
pos += 1
len = int(binary.LittleEndian.Uint16(buf[pos+1 : pos+2]))
pos += len
}
break
}
return ""
}

14
plugSrc/mssql/build/util.go Normal file
View File

@ -0,0 +1,14 @@
package build
import "time"
func GetNowStr(isClient bool) string {
var msg string
msg += time.Now().Format("2006-01-02 15:04:05")
if isClient {
msg += "| cli -> ser |"
} else {
msg += "| ser -> cli |"
}
return msg
}

107
plugSrc/mysql/build/entry.go
View File

@ -1,30 +1,31 @@
package build
import (
"github.com/google/gopacket"
"io"
"bytes"
"encoding/binary"
"errors"
"fmt"
"io"
"log"
"os"
"strconv"
"strings"
"sync"
"time"
"fmt"
"encoding/binary"
"strings"
"os"
"github.com/google/gopacket"
)
const (
Port = 3306
Version = "0.1"
CmdPort = "-p"
Port = 3306
Version = "0.1"
CmdPort = "-p"
)
type Mysql struct {
port int
version string
source map[string]*stream
port int
version string
source map[string]*stream
}
type stream struct {
@ -34,20 +35,21 @@ type stream struct {
type packet struct {
isClientFlow bool
seq int
length int
payload []byte
seq int
length int
payload []byte
}
var mysql *Mysql
var once sync.Once
func NewInstance() *Mysql {
once.Do(func() {
mysql = &Mysql{
port :Port,
version:Version,
source: make(map[string]*stream),
port: Port,
version: Version,
source: make(map[string]*stream),
}
})
@ -63,8 +65,8 @@ func (m *Mysql) ResolveStream(net, transport gopacket.Flow, buf io.Reader) {
if _, ok := m.source[uuid]; !ok {
var newStream = stream{
packets:make(chan *packet, 100),
stmtMap:make(map[uint32]*Stmt),
packets: make(chan *packet, 100),
stmtMap: make(map[uint32]*Stmt),
}
m.source[uuid] = &newStream
@ -86,31 +88,31 @@ func (m *Mysql) ResolveStream(net, transport gopacket.Flow, buf io.Reader) {
}
func (m *Mysql) BPFFilter() string {
return "tcp and port "+strconv.Itoa(m.port);
return "tcp and port " + strconv.Itoa(m.port)
}
func (m *Mysql) Version() string {
return Version
}
func (m *Mysql) SetFlag(flg []string) {
func (m *Mysql) SetFlag(flg []string) {
c := len(flg)
if c == 0 {
return
}
if c >> 1 == 0 {
if c>>1 == 0 {
fmt.Println("ERR : Mysql Number of parameters")
os.Exit(1)
}
for i:=0;i<c;i=i+2 {
for i := 0; i < c; i = i + 2 {
key := flg[i]
val := flg[i+1]
switch key {
case CmdPort:
port, err := strconv.Atoi(val);
port, err := strconv.Atoi(val)
m.port = port
if err != nil {
panic("ERR : port")
@ -145,13 +147,13 @@ func (m *Mysql) newPacket(net, transport gopacket.Flow, r io.Reader) *packet {
//generate new packet
var pk = packet{
seq: int(seq),
length:payload.Len(),
payload:payload.Bytes(),
seq: int(seq),
length: payload.Len(),
payload: payload.Bytes(),
}
if transport.Src().String() == strconv.Itoa(Port) {
pk.isClientFlow = false
}else{
} else {
pk.isClientFlow = true
}
@ -187,7 +189,7 @@ func (m *Mysql) resolvePacketTo(r io.Reader, w io.Writer) (uint8, error) {
func (stm *stream) resolve() {
for {
select {
case packet := <- stm.packets:
case packet := <-stm.packets:
if packet.isClientFlow {
stm.resolveClientPacket(packet.payload, packet.seq)
} else {
@ -197,10 +199,10 @@ func (stm *stream) resolve() {
}
}
func (stm *stream) findStmtPacket (srv chan *packet, seq int) *packet {
func (stm *stream) findStmtPacket(srv chan *packet, seq int) *packet {
for {
select {
case packet, ok := <- stm.packets:
case packet, ok := <-stm.packets:
if !ok {
return nil
}
@ -218,23 +220,23 @@ func (stm *stream) resolveServerPacket(payload []byte, seq int) {
var msg = ""
switch payload[0] {
case 0xff:
errorCode := int(binary.LittleEndian.Uint16(payload[1:3]))
errorMsg,_ := ReadStringFromByte(payload[4:])
case 0xff:
errorCode := int(binary.LittleEndian.Uint16(payload[1:3]))
errorMsg, _ := ReadStringFromByte(payload[4:])
msg = GetNowStr(false)+"%s Err code:%s,Err msg:%s"
msg = fmt.Sprintf(msg, ErrorPacket, strconv.Itoa(errorCode), strings.TrimSpace(errorMsg))
msg = GetNowStr(false) + "%s Err code:%s,Err msg:%s"
msg = fmt.Sprintf(msg, ErrorPacket, strconv.Itoa(errorCode), strings.TrimSpace(errorMsg))
case 0x00:
var pos = 1
l,_ := LengthBinary(payload[pos:])
affectedRows := int(l)
case 0x00:
var pos = 1
l, _ := LengthBinary(payload[pos:])
affectedRows := int(l)
msg += GetNowStr(false)+"%s Effect Row:%s"
msg = fmt.Sprintf(msg, OkPacket, strconv.Itoa(affectedRows))
msg += GetNowStr(false) + "%s Effect Row:%s"
msg = fmt.Sprintf(msg, OkPacket, strconv.Itoa(affectedRows))
default:
return
default:
return
}
fmt.Println(msg)
@ -274,14 +276,14 @@ func (stm *stream) resolveClientPacket(payload []byte, seq int) {
stm.stmtMap[stmtID] = stmt
stmt.FieldCount = binary.LittleEndian.Uint16(serverPacket.payload[5:7])
stmt.ParamCount = binary.LittleEndian.Uint16(serverPacket.payload[7:9])
stmt.Args = make([]interface{}, stmt.ParamCount)
stmt.Args = make([]interface{}, stmt.ParamCount)
msg = PreparePacket+stmt.Query
msg = PreparePacket + stmt.Query
case COM_STMT_SEND_LONG_DATA:
stmtID := binary.LittleEndian.Uint32(payload[1:5])
paramId := binary.LittleEndian.Uint16(payload[5:7])
stmt, _ := stm.stmtMap[stmtID]
stmtID := binary.LittleEndian.Uint32(payload[1:5])
paramId := binary.LittleEndian.Uint16(payload[5:7])
stmt, _ := stm.stmtMap[stmtID]
if stmt.Args[paramId] == nil {
stmt.Args[paramId] = payload[7:]
@ -295,7 +297,7 @@ func (stm *stream) resolveClientPacket(payload []byte, seq int) {
case COM_STMT_RESET:
stmtID := binary.LittleEndian.Uint32(payload[1:5])
stmt, _:= stm.stmtMap[stmtID]
stmt, _ := stm.stmtMap[stmtID]
stmt.Args = make([]interface{}, stmt.ParamCount)
return
case COM_STMT_EXECUTE:
@ -324,7 +326,7 @@ func (stm *stream) resolveClientPacket(payload []byte, seq int) {
pos++
var pTypes []byte
var pTypes []byte
var pValues []byte
//if flag == 1
@ -348,4 +350,3 @@ func (stm *stream) resolveClientPacket(payload []byte, seq int) {
fmt.Println(GetNowStr(true) + msg)
}