def LoadConfigFile(): patterns=[] con_handle=open('rules.conf','r') one_line=con_handle.readline() while one_line: if one_line.split(';')[-2].strip()=="string": patterns.append(str(one_line.split(';')[-1].encode('hex'))) elif one_line.split(';')[-2].strip()=="hex": patterns.append(str(one_line.split(';')[-1].strip())) else: logthis.log("LOAD MISUSE","Config "+str(one_line)+" not loaded") one_line=con_handle.readline() return patterns con_handle.close()
def do_capture(INTERFACE_TO_MONITOR): ''' Arguments here are: open_live(INTERFACE_TO_MONITOR,(maximum number of bytes to capture _per_packet_),promiscious mode (1 for true), timeout (in milliseconds) ''' cap = pcapy.open_live(INTERFACE_TO_MONITOR, 65536, 1, 0) logthis.log("PACKET-CAP","Starting to Capture") logthis.log("PACKET-CAP","Waiting for PCAP-PROCESSING MODULE") c, addr = ss.accept() logthis.log("PACKET-CAP","CONNECTION ACCEPTED - LOCAL SOCKET ESTABLISHED") # Read packets -- header contains information about the data from pcap, # payload is the actual packet as a string while 1: (header,payload)=cap.next() the_packet= (header,payload) eth = dpkt.ethernet.Ethernet(payload) if eth.type!=dpkt.ethernet.ETH_TYPE_IP: continue ip = eth.data if ip.p!=dpkt.ip.IP_PROTO_TCP: #Check for TCP packets continue tcp = ip.data c.send((str(tcp.data).encode("hex"))) if tcp.dport == 80 and len(tcp.data) > 0: http = dpkt.http.Request(tcp.data) c.send(str(http))
def be_client(IPC_DOMIAN_SOCKET): global s s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) logthis.log("PROCESS_PCAP","CONNECTING TO PCAP SERVER") s.connect(IPC_DOMIAN_SOCKET)