def parse_pcap_file(filename, net_mask, time):
try:
p = open_offline(filename)
except PcapPyException as e:
print(e.message)
sys.exit(1)
p.filter = 'icmp'
request_packets = dict()
print("Parsing " + filename)
stats = {'icmp_count': 0, 'suspect': 0}
try:
while(True):
packet = p.next_ex()
if packet is None:
print("Done parsing the file!")
break
got_icmp_packet(stats, packet[0], packet[1], net_mask, request_packets, time)
except KeyboardInterrupt:
print("File parsing canceled by user")
except PcapPyException as e:
print(e.message)
print("Found " + str(stats['icmp_count']) + " ICMP packets")
print("Found " + str(stats['suspect']) + " suspicious ICMP packets")
def parse_pcap(file):
print(file)
p = open_offline(file)
first_packet = p.next()
ts = int(first_packet[0][2]['tv_sec'])
return ts
#print(ts)
#result = subprocess.Popen(['captcp', 'throughput', '-p', '-r', '-ubit', '-t', file], stdout=subprocess.PIPE)
data = []
#for line in result.stdout:
#print(line)
#if throughput_re.match(line):
#matches = throughput_re.findall(line)[0]
#print(matches[0] + " BW:" + matches[1] + "bps")
#data.append((ts+int(float(matches[0])), int(float(matches[1]))))
return data
# }}}
stats = {'continous_request':0, 'continous_request_skip':0, 'continous_response':0, 'continous_response_skip':0, 'not_fin':0, 'skip_ack':0, 'skip_no_syn':0, 'skip_fin':0, 'skip_other':0, 'no_response_body':0, 'bad_request_amf':0}
tmp_stream_index = 0
tmp_streams = {}
if not sys.argv[1:]:
print 'usage: %s <dump.pcap>' % sys.argv[0]
exit(-1)
# Open the file
p = open_offline(sys.argv[1])
def dumphex(s):
bytes = map(lambda x: '%.2x' % x, map(ord, s))
for i in xrange(0,len(bytes)/16):
print ' %s' % string.join(bytes[i*16:(i+1)*16],' ')
print ' %s' % string.join(bytes[(i+1)*16:],' ')
def hex_string(s):
return ''.join( [ "%02X" % ord( x ) for x in s ] )
def ip_string(s):
return '.'.join( [ "%d" % ord( x ) for x in s ] )
def port_string(s):
return rs
def update_record(ip, ts):
r = is_ip_stored(ip)
if r['earliest'] == 0 or r['earliest'] > ts:
r['earliest'] = ts
if r['latest'] == 0 or r['latest'] < ts:
r['latest'] = ts
r['count'] = r['count'] + 1
locations.update({"_id": ip}, r)
def got_packet(d, hdr, data):
packet = decoder.decode(data)
ip_packet = packet.child()
src_ip = ip_packet.get_ip_src()
ts_parts = hdr['ts']
full_ts = ts_parts['tv_sec'] * 1000000 + ts_parts['tv_usec']
update_record(src_ip, full_ts)
# print "{0} at {1}".format(src_ip, full_ts)
if not sys.argv[1:]:
print 'usage: %s <dump.pcap>' % sys.argv[0]
sys.exit(-1)
p = pcappy.open_offline(sys.argv[1])
p.filter = 'dst host 137.110.222.70 && icmp'
p.loop(-1, got_packet, {})
def extract_cap_handshakes(basedirs):
"""
Look for cap files with handshakes,
and extract them to hccap files.
Does not return anything.
"""
###########################################
# Look for cap/csv handshakes
print ""
print "*** "*30
print "*** "*30
print "*** "*30
print "*** "*30
print ""
print "Beginning search for cap files with handshakes"
print ""
handshakes_found = 0
hccap_files = []
for basedir in basedirs:
if basedir[-1] <> '/':
basedir += '/'
cap_files=[]
csv_files=[]
for f in os.listdir(basedir):
name,ext = os.path.splitext(f)
if ext==".cap":
if os.path.isfile(basedir+name+".csv"):
cap_files.append(basedir+name+".cap")
csv_files.append(basedir+name+".csv")
else:
cap_files.append(basedir+name+".cap")
print ""
print "[ ] Looking for cap files with handshakes in",basedir
for iic, cap_file in enumerate(cap_files):
f = open(os.devnull, 'w')
s = subprocess.Popen([WPACLEAN_BIN, '/tmp/cleaned.cap'] + [cap_file], stdout=f, stderr=f)
s.wait()
if os.stat('/tmp/cleaned.cap').st_size == 24:
print '[-] No WPA/WPA2 handshakes captured from %s'%cap_file
pass
p = open_offline('/tmp/cleaned.cap')
# filter beacons
p.filter = 'link[0] == 0x80'
def gotpacket(d, hdr, data):
bssid = struct.unpack('6B', data[10:16])
bssid_str = ':'.join(format(x, '02x') for x in bssid)
d.append(bssid_str)
# Parameters are count, callback, user params
bssid_list = []
p.loop(-1, gotpacket, bssid_list)
##############################33
# Our BSSID list from the cap file is a
# short but interesting set of BSSIDs
# whose handshakes have been captured.
#
for bssid in bssid_list:
BSSID = bssid.upper()
# this is a new bssid
print '[+] Handshake found!'
print ' pcap file = %s'%cap_file
print ' BSSID = %s'%BSSID
bssid_file = re.sub(r'\:','_',BSSID)
# check if we have a csv file,
# airodump-ng dumps a csv file
# besside-ng does not
if csv_files <> []:
csv_file = csv_files[iic]
# extract bssid/essid information
stations_list, clients_list = csv2blob(csv_file)
# stations
stations_head, stations_data = parse_aps(stations_list)
bssid_ix = stations_head.index("BSSID")
essid_ix = stations_head.index("ESSID")
essid = ''
all_bssids = [station[bssid_ix].strip() for station in stations_data]
all_essids = [station[essid_ix].strip() for station in stations_data]
if BSSID in all_bssids:
this_ix = all_bssids.index(BSSID)
this_essid = all_essids[this_ix].strip()
try:
print ' ESSID = %s'%essid
except:
print ' ESSID N/A'
print " Extracting BSSID handshakes to hccap file [%s] with Aircrack"%( '/tmp'+bssid_file )
if not DRYRUN:
s = subprocess.call([AIRCRACK_BIN, '-J', '/tmp/'+bssid_file, '-b', BSSID, '/tmp/cleaned.cap'],stdout=f,stdin=f)
src = "/tmp/"+bssid_file+".hccap"
dest = basedir+bssid_file+".hccap"
print " Moving hccap handshake file to [%s]"%(dest)
if not DRYRUN:
s2 = subprocess.call(["cp","-f",src,dest],stdout=f,stdin=f)
hccap_files.append(dest)
handshakes_found += 1
print ""
print "Found %d handshakes."%handshakes_found
print ""
print "*** "*30
print "*** "*30
print "*** "*30
print "*** "*30
print ""
return hccap_files
if not argv[1:]:
print 'usage: %s [in1.cap] [in2.cap] ...' % argv[0]
exit(-1)
f = open(os.devnull, 'w')
s = subprocess.Popen([WPACLEAN_BIN, '/tmp/cleaned.cap'] + argv[1:],
stdout=f,
stderr=f)
s.wait()
if os.stat('/tmp/cleaned.cap').st_size == 24:
print '[-] No WPA/WPA2 handshakes captured...'
exit(-1)
p = open_offline('/tmp/cleaned.cap')
# filter beacons
p.filter = 'link[0] == 0x80'
def gotpacket(d, hdr, data):
bssid = struct.unpack('6B', data[10:16])
bssid_str = ':'.join(format(x, '02x') for x in bssid)
d.append(bssid_str)
bssid_list = []
# Parameters are count, callback, user params
p.loop(-1, gotpacket, bssid_list)
#!/usr/bin/env python
from pcappy import PcapPyOffline, open_offline
from sys import argv
if not argv[1:]:
print 'usage: %s <dump.pcap>' % argv[0]
exit(-1)
# Open the file
p = open_offline(argv[1])
# or this instead: p = PcapPyOffline(argv[1])
# Parse only HTTP traffic
p.filter = 'tcp and port 80'
def gotpacket(d, hdr, data):
print d, hdr, repr(data)
d['count'] += 1
# pass in some random parameters to loop()'s callback. Can be any python object you want!
d = {'label': 'HTTP', 'count': 0}
# Parameters are count, callback, user params
p.loop(-1, gotpacket, d)
cursor.execute('''CREATE TABLE entries(id INTEGER PRIMARY KEY, bssid TEXT unique)''')
if not argv[1:]:
print 'usage: %s [in1.cap] [in2.cap] ...' % argv[0]
exit(-1)
f = open(os.devnull, 'w')
s = subprocess.Popen([WPACLEAN_BIN, '/tmp/cleaned.cap'] + argv[1:], stdout=f, stderr=f)
s.wait()
if os.stat('/tmp/cleaned.cap').st_size == 24:
print '[-] No WPA/WPA2 handshakes captured...'
exit(-1)
p = open_offline('/tmp/cleaned.cap')
# filter beacons
p.filter = 'link[0] == 0x80'
def gotpacket(d, hdr, data):
bssid = struct.unpack('6B', data[10:16])
bssid_str = ':'.join(format(x, '02x') for x in bssid)
d.append(bssid_str)
bssid_list = []
# Parameters are count, callback, user params
p.loop(-1, gotpacket, bssid_list)
if not os.path.isfile(os.getenv('HOME') + '/.wpa_pwn.sqlite3'):
#!/usr/bin/env python
from pcappy import PcapPyOffline, open_offline
from sys import argv
if not argv[1:]:
print 'usage: %s <dump.pcap>' % argv[0]
exit(-1)
# Open the file
p = open_offline(argv[1])
# or this instead: p = PcapPyOffline(argv[1])
# Parse only HTTP traffic
p.filter = 'tcp and port 80'
def gotpacket(d, hdr, data):
print d, hdr, repr(data)
d['count'] += 1
# pass in some random parameters to loop()'s callback. Can be any python object you want!
d = {'label': 'HTTP', 'count': 0}
# Parameters are count, callback, user params
p.loop(-1, gotpacket, d)