def _decode_data(self, key, value):
child = Layer(True)
child.parent = self.layer
child.name = key
child.add_header({'http_header_name': key})
child.raw_data = value
child.lines = [value]
self.layer.add_extracted_layer(child)
def _decode_data(self, obj):
from flatten_json import flatten
flat = flatten(obj, ';')
for key in flat:
child = Layer(True)
child.parent = self.layer
child.raw_data = flat[key]
child.lines = [child.raw_data]
self.layer.add_extracted_layer(child)
def _decode(self, data):
try:
unzipped = lzma.decompress(data)
child = Layer()
child.raw_data = unzipped
child.parent = self.layer
self.layer.add_extracted_layer(child)
self.layer.headers = [{'length': len(unzipped)}]
self.layer.lines = utils.to_hex_lines(unzipped)
except:
raise ValueError("[Phorcys] Failed to parse input. Not lzma")
def _decode(self, data):
try:
decoded = base64.b64decode(data, validate = True)
child = Layer()
child.raw_data = decoded
child.parent = self.layer
self.layer.add_extracted_layer(child)
self.layer.human_readable = False
self.layer.headers = [{'length': len(decoded)}]
self.layer.lines = split_string(str(data), 64)
except:
raise ValueError("[Phorcys] Failed to parse input. Not BASE64")
def _decode(self, data, **metadata):
try:
data = http.multipart.decode({}, data)
self.layer.lines = []
for (k, v) in data:
child = Layer(True)
child.human_readable = True
child.parent = self.layer
child.raw_data = v
child.name = k
child.lines = [v]
self.layer.lines.append('%s' % v)
self.layer.add_extracted_layer(child)
except Exception as e:
raise ValueError("[Phorcys] Failed to parse input.")
def decode(self, data, **kwargs) -> Layer:
parent = Layer()
parent.raw_data = data
parent.name = 'root'
to_visit = [parent]
while len(to_visit) != 0:
next = to_visit.pop()
layer = self.go_deeper(next, **kwargs)
if layer is not None:
layers = layer.extracted_layers
if layers is not None:
to_visit.extend(layers)
self.top_layer = parent
self._complete_leaves()
return parent
def _decode_data(self):
prev = []
for ll in self.layer.lines:
l = ll.strip()
if '{' in l:
name = l[:l.find('{')]
prev.append(name.strip())
elif ':' in l:
name = l[:l.find(':')]
prefix = ';'.join(prev)
value = l[l.find(':') + 1:]
child = Layer(True)
child.parent = self.layer
child.raw_data = '%s;%s=%s' % (prefix.strip(), name.strip(), value.strip())
child.lines = [child.raw_data]
self.layer.add_extracted_layer(child)
elif '}' in l:
prev.pop()
def _decode(self, data, **metadata):
try:
if type(data) is not str:
data = data.decode("ascii", "strict")
if not data.startswith('http'):
raise ValueError("[Phorcys] Failed to parse input.")
data = url.decode(data)
if not data:
raise ValueError("[Phorcys] Failed to parse input.")
for (k, v) in data:
child = Layer(True)
child.human_readable = True
child.parent = self.layer
child.raw_data = v
child.name = k
child.lines = [v]
self.layer.lines.append('%s=%s' % (k, v))
self.layer.add_extracted_layer(child)
except:
raise ValueError("[Phorcys] Failed to parse input.")