Merge pull request #48 from odedshimon/add_dns_support

Add dns support

BruteShark/BruteSharkDesktop/MainForm.cs

@@ -25,6 +25,7 @@ public partial class MainForm : Form
         private NetworkMapUserControl _networkMapUserControl;
         private SessionsExplorerUserControl _sessionsExplorerUserControl;
         private FilesUserControl _filesUserControl;
+        private DnsResponseUserControl _dnsResponseUserControl;
 
 
         public MainForm()
@@ -50,6 +51,8 @@ public MainForm()
             _passwordsUserControl.Dock = DockStyle.Fill;
             _filesUserControl = new FilesUserControl();
             _filesUserControl.Dock = DockStyle.Fill;
+            _dnsResponseUserControl = new DnsResponseUserControl();
+            _dnsResponseUserControl.Dock = DockStyle.Fill;
 
             // Contract the events.
             _processor.UdpPacketArived += (s, e) => _analyzer.Analyze(Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
@@ -198,6 +201,13 @@ private void OnParsedItemDetected(object sender, PcapAnalyzer.ParsedItemDetected
                 _filesUserControl.AddFile(fileObject);
                 this.modulesTreeView.Nodes["DataNode"].Nodes["FilesNode"].Text = $"Files ({_filesUserControl.FilesCount})";
             }
+            else if (e.ParsedItem is PcapAnalyzer.DnsNameMapping)
+            {
+                var dnsResponse = e.ParsedItem as PcapAnalyzer.DnsNameMapping;
+                _dnsResponseUserControl.AddNameMapping(dnsResponse);
+                this.modulesTreeView.Nodes["NetworkNode"].Nodes["DnsResponsesNode"].Text = $"DNS Responses ({_dnsResponseUserControl.AnswerCount})";
+                _networkMapUserControl.HandleDnsNameMapping(dnsResponse);
+            }
         }
 
         private void addFilesButton_Click(object sender, EventArgs e)
@@ -258,6 +268,9 @@ private void modulesTreeView_AfterSelect(object sender, TreeViewEventArgs e)
                 case "FilesNode":
                     this.modulesSplitContainer.Panel2.Controls.Add(_filesUserControl);
                     break;
+                case "DnsResponsesNode":
+                    this.modulesSplitContainer.Panel2.Controls.Add(_dnsResponseUserControl);
+                    break;
                 default:
                     break;
             }

BruteShark/BruteSharkDesktop/UserControls/DnsResponseControl/DnsResponseUserControl.cs

@@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Drawing;
+using System.Data;
+using System.Text;
+using System.Windows.Forms;
+using PcapAnalyzer;
+
+namespace BruteSharkDesktop
+{
+    public partial class DnsResponseUserControl : UserControl
+    {
+        private BindingSource _queriesBindingSource;
+        public int AnswerCount => this.queriesDataGridView.RowCount;
+
+        public DnsResponseUserControl()
+        {
+            InitializeComponent();
+
+            // Initialize the answers gridview.
+            _queriesBindingSource = new BindingSource();
+            this.queriesDataGridView.DataSource = _queriesBindingSource;
+            this.queriesDataGridView.AllowUserToAddRows = false;
+        }
+
+        internal void AddNameMapping(DnsNameMapping mapping)
+        {
+            this.SuspendLayout();
+
+            _queriesBindingSource.Add(mapping);
+
+            this.ResumeLayout();
+        }
+    }
+}

BruteShark/BruteSharkDesktop/UserControls/DnsResponseControl/DnsResponseUserControl.resx

@@ -0,0 +1,60 @@
+<root>
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>

BruteShark/BruteSharkDesktop/UserControls/NetworkMapControl/NetworkMapUserControl.cs

@@ -7,12 +7,14 @@
 using System.Text;
 using System.Threading.Tasks;
 using System.Windows.Forms;
-
+using PcapAnalyzer;
+using System.Net;
 
 namespace BruteSharkDesktop
 {
     public partial class NetworkMapUserControl : UserControl
     {
+        private Dictionary<string, HashSet<string>> _dnsMappings;
         private HashSet<NetworkMapEdge> _edges;
         Microsoft.Msagl.GraphViewerGdi.GViewer _viewer;
         Microsoft.Msagl.Drawing.Graph _graph;
@@ -24,6 +26,7 @@ public NetworkMapUserControl()
             InitializeComponent();
 
             // Add MSAGL Graph control.
+            _dnsMappings = new Dictionary<string, HashSet<string>>();
             _edges = new HashSet<NetworkMapEdge>();
             _viewer = new Microsoft.Msagl.GraphViewerGdi.GViewer();
             _graph = new Microsoft.Msagl.Drawing.Graph("graph");
@@ -51,13 +54,34 @@ public void AddEdge(string source, string destination, string edgeText = "")
                 _edges.Add(newEdge);
             }
 
-            _graph.FindNode(source).Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightBlue;
-            _graph.FindNode(destination).Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightBlue;
+            var sourceNode = _graph.FindNode(source);
+            var destinationNode = _graph.FindNode(destination);
+            sourceNode.Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightBlue;
+            sourceNode.LabelText = GetNodeText(source);
+            destinationNode.Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightBlue;
+            destinationNode.LabelText = GetNodeText(destination);
 
             _viewer.Graph = _graph;
             this.ResumeLayout();
         }
 
+        private string GetNodeText(string ipAddress)
+        {
+            var res = ipAddress;
+
+            if (_dnsMappings.ContainsKey(ipAddress))
+            {
+                res += Environment.NewLine + "DNS: " + _dnsMappings[ipAddress].First();
+
+                if (_dnsMappings[ipAddress].Count > 1)
+                {
+                    res += $" ({_dnsMappings[ipAddress].Count} more)";
+                }
+            }
+
+            return res;
+        }
+
         public void HandleHash(PcapAnalyzer.NetworkHash hash)
         {
             // Usually the hashes username is named "User" \ "Username".
@@ -90,6 +114,42 @@ public void HandlePassword(PcapAnalyzer.NetworkPassword password)
             _graph.FindNode(password.Username).Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightGreen;
         }
 
+        // Normally DNS mappings arriving before real data, but we can't count on it therfore we 
+        // are saving the mappings for future hosts.
+        public void HandleDnsNameMapping(DnsNameMapping dnsNameMapping)
+        {
+            if (!IsIpAddress(dnsNameMapping.Query) && IsIpAddress(dnsNameMapping.Destination))
+            {
+                if (_dnsMappings.ContainsKey(dnsNameMapping.Destination))
+                {
+                    if (_dnsMappings[dnsNameMapping.Destination].Add(dnsNameMapping.Query))
+                    {
+                        UpdateNodeLabel(dnsNameMapping.Destination);
+                    }
+                }
+                else
+                {
+                    _dnsMappings[dnsNameMapping.Destination] = new HashSet<string>();
+                    _dnsMappings[dnsNameMapping.Destination].Add(dnsNameMapping.Query);
+                    UpdateNodeLabel(dnsNameMapping.Destination);
+                }
+            }
+        }
+
+        private void UpdateNodeLabel(string ipAddress)
+        {
+            var node = _graph.FindNode(ipAddress);
+
+            if (node != null)
+            {
+                node.LabelText = GetNodeText(ipAddress);
+            }
+        }
+
+        private bool IsIpAddress(string ip)
+        {
+            return IPAddress.TryParse(ip, out IPAddress ipAddress);
+        }
 
         private static object GetPropValue(object src, string propName)
         {

BruteShark/BruteSharkDesktopInstaller/Product.wxs

@@ -4,7 +4,7 @@
 	<Product 
 		Id="CE452A31-5E74-41BE-A768-EBEE7B325862" 
 		Name="BruteSharkDesktop" 
-		Language="1033" Version="1.2.3.0" 
+		Language="1033" Version="1.2.4.0" 
 		Manufacturer="Oded Shimon" 
 		UpgradeCode="9bec2dfd-0f30-466a-9077-cf86db101cac">
 
@@ -111,9 +111,13 @@
 				<File Id="SharpPcap.dll" Source="$(var.BruteSharkDesktop.TargetDir)" Name="SharpPcap.dll" />
 			</Component>
 
-      <Component Id="System.Text.Json.dll">
-        <File Id="System.Text.Json.dll" Source="$(var.BruteSharkDesktop.TargetDir)" Name="System.Text.Json.dll" />
-      </Component>
+			<Component Id="System.Text.Json.dll">
+				<File Id="System.Text.Json.dll" Source="$(var.BruteSharkDesktop.TargetDir)" Name="System.Text.Json.dll" />
+			</Component>
+
+			<Component Id="DNS.dll">
+				<File Id="DNS.dll" Source="$(var.BruteSharkDesktop.TargetDir)" Name="DNS.dll" />
+			</Component>
 
 
 		</ComponentGroup>

BruteShark/PcapAnalyzer/Analyzer.cs

@@ -13,6 +13,7 @@ public class Analyzer
 
         public List<string> AvailableModulesNames => _availbleModules.Select(m => m.Name).ToList();
         public List<string> LoadedModulesNames => _loadedModules.Select(m => m.Name).ToList();
+        public IEnumerable<IModule> AvailableModules => _availbleModules.ToList();
 
 
         public Analyzer()