gniffer

README

gniffer

Simple, lightweight, and easy to use gopacket wrapper cli
Explore the docs »

View Demo · Report Bug · Request Feature

Table of Contents

1. About The Project
   • Built With
2. Getting Started
   • Installation
3. Usage
4. Roadmap
5. Contributing
6. License
7. Contact

About The Project

This project was initially created to help to mirror requests for StrixEye Agent.

Features

• Redirect incoming requests to a target web server
• Capture real time HTTP traffic from interfaces
• Capture HTTP traffic from a pcap file

Built With

Thanks to maintainers and communities of the following projects for making development of this CLI easier. Full list of dependencies can be found in go modules file.

• Cobra
• Viper
• gopacket
• [libpcap] (https://www.tcpdump.org/)

Getting Started

General information about setting up gniffer locally

Requirements

Required software and installations.

• libpcap v1.10.0 or higher
• flex
• bison
• gcc

Install flex and bison via your package manager.Then, to install libpcap, run the following script, preferably as root:

wget -O libpcap-1.10.0.tar.gz http://www.tcpdump.org/release/libpcap-1.10.0.tar.gz
tar -xf libpcap-1.10.0.tar.gz
cd libpcap-1.10.0
./configure
make && make install
ldconfig

Installation

Tarball

1. Download latest-release for your operating system/architecture
2. Unzip binary and place it somewhere in your path
3. Make it executable

Build

Other than Go version 1.16.+, StrixEye CLI has no dependencies/requirements.

Basic building process like the following would suffice.

   go build -o gniffer main.go

Docker

    docker pull gniffer:latest

Usage

Shell

Following command will start sniffing loopback interface and redirect all incoming requests to target web server on target.omer.beer

gniffer sniff proxy --target-protocol=https --target-host=target.omer.beer --target-port=443 -i lo

Docker

The docker image comes as a command line utility, meaning you can access all cli commands.

docker run gniffer --help

Following command will start sniffing loopback interface and redirect all incoming requests to target web server on target.omer.beer

docker run gniffer sniff proxy --target-protocol=https --target-host=akaunting.agent.strixeye.com --target-port=443 -i lo

For more examples, please refer to the Documentation

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learned, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

License

Distributed under the Apache License 2.0 License. See LICENSE for more information.

Contact

StrixEye - @strixeye - help@strixeye.com

Project Link: https://github.com/strixeyecom/gniffer

Documentation

Overview

Copyright © 2021 strixeye keser@strixeye.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.