Beispiel #1
0
def save_data(pcap_data_class):
    packets = pcap_data_class.get_packets()
    print("Loading packet num: " + str(len(packets)))
    basic_data_list = []
    TCP_data_list = []
    UDP_data_list = []
    HTTP_data_list = []
    DNS_data_list = []
    HTTPS_data_list = []
    print("List init complete")
    id = db_helper.find_next_id("basic_part_data")
    for packet in packets:
        second = packet.get_packet_head().get_second_time()
        millisecond = packet.get_packet_head().get_millisecond_time()
        lens = packet.get_packet_head().get_real_len()

        mac_src_int = packet.get_ether_head().get_mac_src()
        mac_src_str = mac_process(mac_src_int)
        mac_dst_int = packet.get_ether_head().get_mac_dst()
        mac_dst_str = mac_process(mac_dst_int)

        ip_version = packet.get_ip_head().get_ip_version()
        ip_src_int = packet.get_ip_head().get_srcIP()
        ip_src_str = ip_process(ip_src_int)
        ip_dst_int = packet.get_ip_head().get_dstIP()
        ip_dst_str = ip_process(ip_dst_int)

        ip_head_len = packet.get_ip_head().get_ip_len()
        ttl = packet.get_ip_head().get_ttl()
        protocol = packet.get_ip_head().get_protocol()

        basic_tuple = (0, second, millisecond, lens, mac_src_str, mac_dst_str,
                       ip_version, ip_src_str, ip_dst_str, ip_head_len, ttl,
                       protocol)
        basic_data_list.append(basic_tuple)
        if packet.get_transport_head() is None:
            print("No transport protocol" + str(id))
        else:
            if packet.get_transport_head().get_identify() == "TCP":
                src_port = packet.get_transport_head().get_ports()[0]
                dst_port = packet.get_transport_head().get_ports()[1]
                seq = packet.get_transport_head().get_seq()
                ack = packet.get_transport_head().get_ack()
                tcp_head_len = packet.get_transport_head().get_tcp_len()
                flag = hex(packet.get_transport_head().get_flag())
                option_len = packet.get_transport_head().get_option_len()
                option_content = hex(
                    packet.get_transport_head().get_option_content())
                if packet.get_application() is not None:
                    application = packet.get_application().get_identify()
                else:
                    application = ""
                tcp_tuple = (id, src_port, dst_port, seq, ack, tcp_head_len,
                             flag, option_len, option_content, application)
                TCP_data_list.append(tcp_tuple)
                if application is not None:
                    if application == "HTTP":
                        direction = packet.get_application().get_type()
                        method = packet.get_application().get_method()
                        host = packet.get_application().get_host()
                        uri = packet.get_application().get_uri()
                        content_type = packet.get_application(
                        ).get_content_type()
                        content_length = packet.get_application(
                        ).get_content_length()
                        if content_length is None:
                            content_length = 0
                        http_tuple = (id, direction, method, host, uri,
                                      content_type, content_length)
                        HTTP_data_list.append(http_tuple)
                    elif application == "TLS":
                        https_tuple = (id, )
                        HTTPS_data_list.append(https_tuple)
            elif packet.get_transport_head().get_identify() == "UDP":
                src_port = packet.get_transport_head().get_ports()[0]
                dst_port = packet.get_transport_head().get_ports()[1]
                udp_len = packet.get_transport_head().get_total_len()
                if packet.get_application() is not None:
                    application = packet.get_application().get_identify()
                else:
                    application = ""
                udp_tuple = (id, src_port, dst_port, udp_len, application)
                UDP_data_list.append(udp_tuple)
                if application is not None:
                    if application == "DNS":
                        transaction = packet.get_application().get_transaction(
                        )
                        direction = packet.get_application().get_direction()
                        domain = ""
                        ip = ""
                        if direction == "Request":
                            querys = packet.get_application().get_querys()
                            for query in querys:
                                if query.get_type() == 1:
                                    domain = query.get_domain()
                                    break
                        elif direction == "Response":
                            answers = packet.get_application().get_answers()
                            for answer in answers:
                                if answer.get_type() == 1:
                                    domain = answer.get_domain()
                                    ip_addr = answer.get_datas()
                                    ip = ip_process(ip_addr)
                                    break
                        else:
                            direction = ""
                        dns_tuple = (id, transaction, direction, domain, ip)
                        DNS_data_list.append(dns_tuple)
                        #DNS相关的数据填写有漏洞,目前默认填写第一个query的domain和第一个type为1的answer的ip
        id += 1
    print("准备提交基础数据")
    sql = "INSERT INTO basic_part_data (Id, Second, MilliSecond, Len, Src_mac, Dst_mac, IP_version, Src_IP, Dst_IP, " \
          "IP_head_len, TTL, Protocol) VALUES (%d,%d,%d,%d,%s,%s,%d,%s,%s,%d,%d,%d)"
    db_helper.insert_batch(sql, basic_data_list)
    print("准备提交TCP数据")
    sql = "INSERT INTO tcp_part_data (Id, Src_port, Dst_port, Seq_num, Ack_num, Tcp_head_len, Flag, Option_len, " \
          "Option_content, Application) VALUES (%d,%d,%d,%d,%d,%d,%s,%d,%s,%s)"
    db_helper.insert_batch(sql, TCP_data_list)
    print("准备提交HTTP数据")
    sql = "INSERT INTO http_part_data (Id, Direction, Method, Host, Uri, Content_type, Content_length) " \
          "VALUES (%d,%s,%s,%s,%s,%s,%d)"
    db_helper.insert_batch(sql, HTTP_data_list)
    print("准备提交HTTPS数据")
    sql = "INSERT INTO https_part_data (Id) VALUES (%d)"
    db_helper.insert_batch(sql, HTTPS_data_list)
    print("准备提交UDP数据")
    sql = "INSERT INTO udp_part_data (Id, Src_port, Dst_port, UDP_len, Application)VALUES (%d,%d,%d,%d,%s)"
    db_helper.insert_batch(sql, UDP_data_list)
    print("准备提交DNS数据")
    sql = "INSERT INTO dns_part_data (Id, Transaction_id, Direction, Domain, IP_address)VALUES (%d,%d,%s,%s,%s)"
    db_helper.insert_batch(sql, DNS_data_list)
Beispiel #2
0
def save_data(pcap_data_class):
    packets = pcap_data_class.get_packets()
    print("Loading packet num: " + str(len(packets)))
    basic_data_list = []
    TCP_data_list = []
    UDP_data_list = []
    HTTP_data_list = []
    DNS_data_list = []
    HTTPS_data_list = []
    print("List init complete")
    id = db_helper.find_next_id("basic_part_data")
    for packet in packets:
        second = packet.get_packet_head().get_second_time()
        millisecond = packet.get_packet_head().get_millisecond_time()
        lens = packet.get_packet_head().get_real_len()

        mac_src_int = packet.get_ether_head().get_mac_src()
        mac_src_str = mac_process(mac_src_int)
        mac_dst_int = packet.get_ether_head().get_mac_dst()
        mac_dst_str = mac_process(mac_dst_int)

        ip_version = packet.get_ip_head().get_ip_version()
        ip_src_int = packet.get_ip_head().get_srcIP()
        ip_src_str = ip_process(ip_src_int)
        ip_dst_int = packet.get_ip_head().get_dstIP()
        ip_dst_str = ip_process(ip_dst_int)

        ip_head_len = packet.get_ip_head().get_ip_len()
        ttl = packet.get_ip_head().get_ttl()
        protocol = packet.get_ip_head().get_protocol()

        basic_tuple = (0, second, millisecond, lens, mac_src_str, mac_dst_str, ip_version, ip_src_str, ip_dst_str,
                       ip_head_len, ttl, protocol)
        basic_data_list.append(basic_tuple)

        if packet.get_transport_head().get_identify() == "TCP":
            src_port = packet.get_transport_head().get_ports()[0]
            dst_port = packet.get_transport_head().get_ports()[1]
            seq = packet.get_transport_head().get_seq()
            ack = packet.get_transport_head().get_ack()
            tcp_head_len = packet.get_transport_head().get_tcp_len()
            flag = hex(packet.get_transport_head().get_flag())
            option_len = packet.get_transport_head().get_option_len()
            option_content = hex(packet.get_transport_head().get_option_content())
            if packet.get_application() is not None:
                application = packet.get_application().get_identify()
            else:
                application = ""
            tcp_tuple = (id, src_port, dst_port, seq, ack, tcp_head_len, flag, option_len, option_content, application)
            TCP_data_list.append(tcp_tuple)
            if application is not None:
                if application == "HTTP":
                    direction = packet.get_application().get_type()
                    method = packet.get_application().get_method()
                    host = packet.get_application().get_host()
                    uri = packet.get_application().get_uri()
                    content_type = packet.get_application().get_content_type()
                    content_length = packet.get_application().get_content_length()
                    if content_length is None:
                        content_length = 0
                    http_tuple = (id, direction, method, host, uri, content_type, content_length)
                    HTTP_data_list.append(http_tuple)
                else:
                    application = "Others"
        id += 1
    print("准备提交基础数据")
    sql = "INSERT INTO basic_part_data (Id, Second, MilliSecond, Len, Src_mac, Dst_mac, IP_version, Src_IP, Dst_IP, " \
          "IP_head_len, TTL, Protocol) VALUES (%d,%d,%d,%d,%s,%s,%d,%s,%s,%d,%d,%d)"
    db_helper.insert_batch(sql, basic_data_list)
    print("准备提交TCP数据")
    sql = "INSERT INTO tcp_part_data (Id, Src_port, Dst_port, Seq_num, Ack_num, Tcp_head_len, Flag, Option_len, " \
          "Option_content, Application) VALUES (%d,%d,%d,%d,%d,%d,%s,%d,%s,%s)"
    db_helper.insert_batch(sql, TCP_data_list)
    print("准备提交HTTP数据")
    sql = "INSERT INTO http_part_data (Id, Direction, Method, Host, Uri, Content_type, Content_length) " \
          "VALUES (%d,%s,%s,%s,%s,%s,%d)"
    db_helper.insert_batch(sql, HTTP_data_list)