Skip to content
/ flower Public
forked from secgroup/flower

TCP flow analyzer with sugar for A/D CTF

License

GPL-3.0 license
0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eciavatta/flower

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits

demo_images

demo_images

 
 

public

public

 
 

services

services

 
 

shared

shared

 
 

src

src

 
 

.babelrc

.babelrc

 
 

.flowconfig

.flowconfig

 
 

.gitignore

.gitignore

 
 

Dockerfile-node

Dockerfile-node

 
 

Dockerfile-python

Dockerfile-python

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

run.sh

run.sh

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

Flower

Automatic packet analyzer made by Ca' Foscari team (unive) for CyberChallenge attack/defense CTF of 27/06/2018. This tool was written in less than ten days. Every pull request is welcome!

Presentation of Flower (from min 7:30), and general introduction to CTF at ESC2K18 in italian:

tools presentation

Run with docker

Edit docker-compose.yml file and replace REACT_APP_FLAG_REGEX environment variable with the flag regex.

Run flower using docker-compose up --build. Flower starts at address http://localhost:3000.

The container just created should be called flower_flower-python_1. To import pcaps enter in the services container with docker exec -it flower_flower-python_1 /bin/bash. The container share the shared folder with the host. Put the pcap files inside this folder and use python services/importer.py /shared/pcap_file_here from the container to import pcaps to flower.

Manual installation

git clone https://github.com/secgroup/flower
cd flower
npm install 
pip install -r services/requirements.txt

Setup

Env var to set:

  • REACT_APP_FLOWER_MONGO ip of the host that will have flower db active (mongodb)
  • REACT_APP_FLOWER_SERVICES ip of the host that will have services active
  • REACT_APP_FLAG_REGEX regex that match flags. Mongodb is required on the same machine that run the services. To start it: sudo mongod --dbpath /path/to/mongodb/db --bind_ip 0.0.0.0

Run

Start flower

./run.sh

Start flower services

cd services
./run_ws.sh

Once everything has been started, flower should be accessible at the address of the machine that started it on port 3000.

Pcap import

You must first install pynids from here. The pip version is outdated! Good luck with the installation. Then, you can import pcaps into mongodb by executing the provided script importer.py as follows:

cd services
./importer.py pcap_file.pcap

You can find a test_pcap in services/test_pcap. For a quick demo, run ./importer.py test_pcap/dump-2018-06-27_13:25:31.pcap

Security tips

If you are going to use flower in a CTF, remember to set up the firewall in the most appropriate way, as the current implementation does not use other security techniques.

Features

  • Flow list
  • Vim like navigation ( k and j to navigate the list)
  • Regex filtering with highlight
  • Highlight in red flow with flags
  • Favourite management
  • Time filter
  • Service filter
  • Colored hexdump
  • Automatic export GET/POST request directly in python format
  • Automatic export to pwntools

Credits

With the support of c00kies@venice

About

TCP flow analyzer with sugar for A/D CTF

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • JavaScript 67.0%
  • Python 19.7%
  • Shell 7.0%
  • CSS 3.6%
  • HTML 2.7%