def print_errors(self, message): if message.errors: ansi.echo("red") for error in message.errors: print error ansi.echo()
def run(self): print "http collector started, pid=%s" % self.pid while True: artifact = self.pipe.recv() #print artifact #continue request = response = None try: if artifact.kind == 'request': request = dpkt.http.Request(artifact.data) request.time_begin = artifact.begin request.time_finish = artifact.finish elif artifact.kind == 'response': response = dpkt.http.Response(artifact.data) response.time_begin = artifact.begin response.time_finish = artifact.finish except dpkt.UnpackError, e: ansi.echo("red ERROR: dpkt.UnpackError (problem decoding http %s): %s" % (artifact.kind, e)) continue # container object to bundle ip peer information, request- and response objects conversation = HttpConversation(artifact.addr, request, response) if config.collector.conversation.correlate: self.correlate_conversation(conversation) else: self.process_conversation(conversation)
def format_duration(self, with_ansi = False): try: duration_str = (str(self.c.duration) + 'ms').rjust(6) if with_ansi: return ansi.get('yellow') + duration_str + ansi.get('none') else: return duration_str except Exception as ex: ansi.echo("red WARNING: Could not compute duration of conversation, error was '%s'" % ex) return ''
def print_request(self): request = self.c.request response = self.c.response self.print_request_line() self.print_message_header(request) self.print_message_steps(request) # pretty print raw post data if request.postdata_list: ansi.echo("underline POST payload (pretty):") ansi.echo() print '\n'.join(request.postdata_list) # pretty print decoded post data if request.postdata_decoded: ansi.echo("underline POST payload (decoded):") ansi.echo() pprint.pprint(request.postdata_decoded) else: print request.body self.print_errors(request)
def correlate_conversation(self, half): #print (half.seqno, half.addr, half.request, half.response) #; return if half.request: self.conversations[half.addr] = half elif half.response: full = self.conversations.get(half.addr) if full: full.response = half.response if abs(full.seqno - half.seqno) > 1: full.response.correlated = True del self.conversations[half.addr] self.process_conversation(full) else: ansi.echo("red WARNING: Correlator received the following response without having an associated request") self.process_conversation(half)
def print_section_header(self, request = False, response = False, more = ''): label = "UNKNOWN" direction = '-' ((source_ip, source_port), (target_ip, target_port)) = self.c.addr if request: label = "REQUEST: " direction = '->' elif response: label = "RESPONSE:" direction = '<-' conversation_header = '%s %s:%s %s %s:%s' % (label, source_ip, source_port, direction, target_ip, target_port) ansi.echo("blue bold underline") print conversation_header, ansi.echo('none') if more: ansi.echo('yellow ' + more) else: print
def print_startup_header(): ansi.echo("@@ bold") ansi.echo("red") print "sanchez v%s" % ".".join(str(n) for n in __VERSION__) ansi.echo("none config: ", end = '') ansi.echo("green %s" % CONFIG_FILE) ansi.echo("none interface: ", end = '') ansi.echo("green %s" % config.interface_name) ansi.echo("none bpf filter: ", end = '') ansi.echo("green %s" % config.bpf_filter) ansi.echo("none plugins: ", end = '') ansi.echo("green", end = '') print ", ".join([plugin.__name__ for plugin in HttpResponseDecoder.plugins]) ansi.echo() print
def print_message_steps(self, message): if message.steps: ansi.echo('yellow [' + ', '.join(message.steps) + ']') ansi.echo('none')
def print_message_header(self, message): ansi.echo() if config.http.view.headers.pretty: print message.pack_hdr_pretty() else: print message.pack_hdr()
def print_response(self): request = self.c.request response = self.c.response if int(response.status) < 400: ansi.echo("green") else: ansi.echo("red") print self.c.response_line self.print_message_header(response) self.print_message_steps(response) # TODO: better dispatching by response content type if response.json_decoded: ansi.echo("underline JSON (pretty):") ansi.echo() if response.json_decoded: #from pprint import pprint #pprint(decoded) import json #pretty = json.dumps(decoded, sort_keys=False) #pretty = json.dumps(response.json_decoded, sort_keys=True, indent=4) pretty = json.dumps(response.json_decoded, sort_keys=False, indent=4) # TODO: make "sort_keys" configurable print pretty #ansi.echo("@50;40") else: #print dir(response) f = HttpHeaderFilterStep(self.c, config.http.view.display.body.header.reject) if f.apply(): ansi.echo('yellow <hidden data>') ansi.echo('none') else: print response.body self.print_errors(response)