Ejemplo n.º 1
0
    def guess_payload_class(self, payload):

        try:
            dlpdu_type = payload[0]
            return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type]

        except KeyError:
            log_runtime.error('{}.guess_payload_class() - unknown or invalid '
                              'DLPDU type'.format(self.__class__.__name__))
            return Packet.guess_payload_class(self, payload)

        return Packet.guess_payload_class(self, payload)
Ejemplo n.º 2
0
    def guess_payload_class(self, payload):

        try:
            dlpdu_type = payload[0]
            return EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[dlpdu_type]

        except KeyError:
            log_runtime.error(
                '{}.guess_payload_class() - unknown or invalid '
                'DLPDU type'.format(self.__class__.__name__))
            return Packet.guess_payload_class(self, payload)

        return Packet.guess_payload_class(self, payload)
    def guess_payload_class(self, payload):
        if len(payload) < self._min_ieo_len:
            return Packet.guess_payload_class(self, payload)

        # Look at fields of the generic ICMPExtensionObject to determine which
        # bound extension type to use.
        ieo = ICMPExtensionObject(payload)
        if ieo.len < self._min_ieo_len:
            return Packet.guess_payload_class(self, payload)

        for fval, cls in self.payload_guess:
            if all(hasattr(ieo, k) and v == ieo.getfieldval(k)
                   for k, v in six.iteritems(fval)):
                return cls
        return ICMPExtensionObject
Ejemplo n.º 4
0
 def guess_payload_class(self, payload):
     if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD):  # noqa: E501
         return Dot11QoS
     elif self.FCfield & 0x40:
         return Dot11WEP
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 5
0
 def guess_payload_class(self, payload):
     if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD):  # noqa: E501
         return Dot11QoS
     elif self.FCfield & 0x40:
         return Dot11WEP
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 6
0
 def guess_payload_class(self, payload):
     if self.type == 2054 and len(payload) > 4:
         if payload[2:4] == "\x99\x99":
             return YOARP
         elif payload[2:4] == "\x08\x00":
             return ARP
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 7
0
 def guess_payload_class(self, payload):
     if self.frame_control & 0x02: # we have a security header
         return ZigbeeSecurityHeader
     elif self.aps_frametype == 0: # data
         return ZigbeeClusterLibrary # TODO might also be another frame
     elif self.aps_frametype == 1: # command
         return ZigbeeAppCommandPayload
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 8
0
 def guess_payload_class(self, payload):
     if self.flags & 0x02:
         return ZigbeeSecurityHeader
     elif self.frametype == 0:
         return ZigbeeAppDataPayload
     elif self.frametype == 1:
         return ZigbeeNWKCommandPayload
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 9
0
 def guess_payload_class(self, payload):
     if self.frame_control & 0x02:  # we have a security header
         return ZigbeeSecurityHeader
     elif self.aps_frametype == 0:  # data
         return ZigbeeClusterLibrary  # TODO might also be another frame
     elif self.aps_frametype == 1:  # command
         return ZigbeeAppCommandPayload
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 10
0
 def guess_payload_class(self, payload):
     if self.flags & 0x02:
         return ZigbeeSecurityHeader
     elif self.frametype == 0:
         return ZigbeeAppDataPayload
     elif self.frametype == 1:
         return ZigbeeNWKCommandPayload
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 11
0
 def guess_payload_class(self, payload):
     if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD):  # noqa: E501
         return Dot11QoS
     elif self.FCfield.protected:
         # When a frame is handled by encryption, the Protected Frame bit
         # (previously called WEP bit) is set to 1, and the Frame Body
         # begins with the appropriate cryptographic header.
         return Dot11Encrypted
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 12
0
    def guess_payload_class(self, payload):

        start_line = payload.splitlines(True)[0]

        if self.re_request_line.match(start_line) is not None:
            return SIPRequest
        elif self.re_status_line.match(start_line) is not None:
            return SIPResponse

        return Packet.guess_payload_class(self, payload)
Ejemplo n.º 13
0
    def guess_payload_class(self, payload):
        if len(payload) < self._min_ieo_len:
            return Packet.guess_payload_class(self, payload)

        # Look at fields of the generic ICMPExtensionObject to determine which
        # bound extension type to use.
        ieo = ICMPExtensionObject(payload)
        if ieo.len < self._min_ieo_len:
            return Packet.guess_payload_class(self, payload)

        for fval, cls in self.payload_guess:
            ok = 1
            for k, v in fval.iteritems():
                if not hasattr(ieo, k) or v != ieo.getfieldval(k):
                    ok = 0
                    break
            if ok:
                return cls
        return ICMPExtensionObject
Ejemplo n.º 14
0
    def guess_payload_class(self, payload):
        if len(payload) < self._min_ieo_len:
            return Packet.guess_payload_class(self, payload)

        # Look at fields of the generic ICMPExtensionObject to determine which
        # bound extension type to use.
        ieo = ICMPExtensionObject(payload)
        if ieo.len < self._min_ieo_len:
            return Packet.guess_payload_class(self, payload)

        for fval, cls in self.payload_guess:
            ok = 1
            for k, v in fval.iteritems():
                if not hasattr(ieo, k) or v != ieo.getfieldval(k):
                    ok = 0
                    break
            if ok:
                return cls
        return ICMPExtensionObject
Ejemplo n.º 15
0
 def guess_payload_class(self, payload):
     if self.fcf_frametype == 0x00:
         return Dot15d4Beacon
     elif self.fcf_frametype == 0x01:
         return Dot15d4Data
     elif self.fcf_frametype == 0x02:
         return Dot15d4Ack
     elif self.fcf_frametype == 0x03:
         return Dot15d4Cmd
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 16
0
 def guess_payload_class(self, payload):
     if self.fcf_frametype == 0x00:
         return Dot15d4Beacon
     elif self.fcf_frametype == 0x01:
         return Dot15d4Data
     elif self.fcf_frametype == 0x02:
         return Dot15d4Ack
     elif self.fcf_frametype == 0x03:
         return Dot15d4Cmd
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 17
0
 def guess_payload_class(self, payload):
     if self.frame_control & 0x02:  # we have a security header
         return ZigbeeSecurityHeader
     elif self.aps_frametype == 0:  # data
         if self.profile == 0x0000:
             return ZigbeeDeviceProfile
         else:
             return ZigbeeClusterLibrary
     elif self.aps_frametype == 1:  # command
         return ZigbeeAppCommandPayload
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 18
0
 def guess_payload_class(self, payload):
     if self.cmd_id == 1:
         return Dot15d4CmdAssocReq
     elif self.cmd_id == 2:
         return Dot15d4CmdAssocResp
     elif self.cmd_id == 3:
         return Dot15d4CmdDisassociation
     elif self.cmd_id == 8:
         return Dot15d4CmdCoordRealign
     elif self.cmd_id == 9:
         return Dot15d4CmdGTSReq
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 19
0
 def guess_payload_class(self, payload):
     # Profile-wide commands
     if self.zcl_frametype == 0x00 and self.command_identifier == 0x00:
         # done in bind_layers
         pass
     # Cluster-specific commands
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPriceGetCurrentPrice
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPriceGetScheduledPrices
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPricePublishPrice
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 20
0
 def guess_payload_class(self, payload):
     if self.cmd_id == 1:
         return Dot15d4CmdAssocReq
     elif self.cmd_id == 2:
         return Dot15d4CmdAssocResp
     elif self.cmd_id == 3:
         return Dot15d4CmdDisassociation
     elif self.cmd_id == 8:
         return Dot15d4CmdCoordRealign
     elif self.cmd_id == 9:
         return Dot15d4CmdGTSReq
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 21
0
 def guess_payload_class(self, payload):
     # General Cluster ID Range 0x0000 - 0x00FF
     if self.command_identifier == 0x00 and 0x0000 <= self.cluster <= 0x00FF:
         return ZCLGeneralReadAttributes
     elif self.command_identifier == 0x01 and 0x0000 <= self.cluster <= 0x00FF:
         return ZCLGeneralReadAttributesResponse
     elif self.command_identifier == 0x00 and self.direction == 0 and self.cluster == "price":
         return ZCLPriceGetCurrentPrice
     elif self.command_identifier == 0x01 and self.direction == 0 and self.cluster == "price":
         return ZCLPriceGetScheduledPrices
     elif self.command_identifier == 0x00 and self.direction == 1 and self.cluster == "price":
         return ZCLPricePublishPrice
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 22
0
 def guess_payload_class(self, payload):
     # General Cluster ID Range 0x0000 - 0x00FF
     if self.command_identifier == 0x00 and 0x0000 <= self.cluster <= 0x00FF:
         return ZCLGeneralReadAttributes
     elif self.command_identifier == 0x01 and 0x0000 <= self.cluster <= 0x00FF:
         return ZCLGeneralReadAttributesResponse
     elif self.command_identifier == 0x00 and self.direction == 0 and self.cluster == "price":
         return ZCLPriceGetCurrentPrice
     elif self.command_identifier == 0x01 and self.direction == 0 and self.cluster == "price":
         return ZCLPriceGetScheduledPrices
     elif self.command_identifier == 0x00 and self.direction == 1 and self.cluster == "price":
         return ZCLPricePublishPrice
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 23
0
 def guess_payload_class(self, payload):
     # Profile-wide commands
     if self.zcl_frametype == 0x00 and self.command_identifier == 0x00:
         return ZCLGeneralReadAttributes
     elif self.zcl_frametype == 0x00 and self.command_identifier == 0x01:
         return ZCLGeneralReadAttributesResponse
     # Cluster-specific commands
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPriceGetCurrentPrice
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPriceGetScheduledPrices
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPricePublishPrice
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 24
0
 def guess_payload_class(self, payload):
     # Profile-wide commands
     if self.zcl_frametype == 0x00 and self.command_identifier == 0x00:
         return ZCLGeneralReadAttributes
     elif self.zcl_frametype == 0x00 and self.command_identifier == 0x01:
         return ZCLGeneralReadAttributesResponse
     # Cluster-specific commands
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPriceGetCurrentPrice
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPriceGetScheduledPrices
     elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700:  # "price"  # noqa: E501
         return ZCLPricePublishPrice
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 25
0
    def guess_payload_class(self,pay):
        """
        この関数ではこのクラスのペイロード部のプロトコルを判定し、
        そのプロトコルを解析しうるクラスオブジェクトを返します。
        この関数の中で複雑なペイロード識別を行うことができます。

        Note:
        TCPの宛先ポート番号80番はHTTPクラス、というように
        このPacketのペイロードのプロトコルがこのPacketのfields_descの値によって
        即座に決定する場合、bind_layersに頼るべきです。
        (オーバーライドしない場合の標準仕様です。)

        @param pay str extract_paddingで渡されたペイロード。
        @return pktClass class 推測判定したペイロードプロトコルクラス。Packetクラスを継承していること。
        """
        return Packet.guess_payload_class(self,pay) #bind_layers関数による紐付けに頼ります。
Ejemplo n.º 26
0
 def guess_payload_class(self, payload):
     """ Decides if the payload is an HTTP Request or Response, or
         something else """
     try:
         prog = re.compile(r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " r"(?:.+?) " r"HTTP/\d\.\d$")
         req = payload[: payload.index("\r\n")]
         result = prog.match(req)
         if result:
             return HTTPRequest
         else:
             prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$")
             result = prog.match(req)
             if result:
                 return HTTPResponse
     except:
         pass
     return Packet.guess_payload_class(self, payload)
 def guess_payload_class(self, payload):
     ''' Decides if the payload is an HTTP Request or Response, or
         something else '''
     try:
         prog = re.compile(
             r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
             r"/.+? "
             r"HTTP/\d\.\d.*")
         result = prog.match(payload)
         if result:
             return HTTPRequest
         else:
             prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*")
             result = prog.match(payload)
             if result:
                 return HTTPResponse
     except:
         pass
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 28
0
    def guess_payload_class(self, payload):
        if self.underlayer is not None and \
                isinstance(self.underlayer, UDP) and \
                self.underlayer.dport == 250 and \
                self.flags == 8:
            try:
                first_byte = ord(payload[0])
            except IndexError:
                return IP

            version = divmod(first_byte, 0x10)[0]
            if version == 4:
                return IP
            elif version == 6:
                return IPv6
            else:
                return IP

        return Packet.guess_payload_class(self, payload)
Ejemplo n.º 29
0
 def guess_payload_class(self, payload):
     ''' Decides if the payload is an HTTP Request or Response, or
         something else '''
     try:
         prog = re.compile(
             r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
             r"(?:.+?) "
             r"HTTP/\d\.\d$")
         crlfIndex = payload.index("\r\n".encode())
         req = payload[:crlfIndex].decode("utf-8")
         result = prog.match(req)
         if result:
             return HTTPRequest
         else:
             prog = re.compile(r"^HTTP/\d\.\d \d\d\d .*$")
             result = prog.match(req)
             if result:
                 return HTTPResponse
     except:
         pass
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 30
0
 def guess_payload_class(self, payload):
     # TODO: See how it's done in wireshark:
     # https://github.com/wireshark/wireshark/blob/93c60b3b7c801dddd11d8c7f2a0ea4b7d02d700a/epan/dissectors/packet-ieee802154.c#L2061  # noqa: E501
     # it's too magic to me
     from scapy.layers.sixlowpan import SixLoWPAN
     from scapy.layers.zigbee import ZigbeeNWK, ZigbeeNWKStub
     if conf.dot15d4_protocol == "sixlowpan":
         return SixLoWPAN
     elif conf.dot15d4_protocol == "zigbee":
         if payload[0] & 0x01 and payload[0] & 0x02:  # Inter-PAN Frametype
             return ZigbeeNWKStub
         else:
             return Packet.guess_payload_class(self, payload)
     else:
         if conf.dot15d4_protocol is None:
             _msg = "Please set conf.dot15d4_protocol to select a " + \
                    "802.15.4 protocol. Values must be in the list: "
         else:
             _msg = "Unknown conf.dot15d4_protocol value: must be in "
         warning(_msg + "['sixlowpan', 'zigbee']" +
                 " Defaulting to SixLoWPAN")
         return SixLoWPAN
Ejemplo n.º 31
0
Archivo: peap.py Proyecto: j4dk/scapy
 def guess_payload_class(self, payload):
     if self.flags > 31:
         return TLSv1RecordLayer
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 32
0
 def guess_payload_class(self, payload):
     # check presence of LLS data block flag
     if self.options & 0x10 == 0x10:
         return OSPF_LLS_Hdr
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 33
0
 def guess_payload_class(self, payload):
     if self.underlayer.len > 28:
         return HSRPmd5
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 34
0
 def guess_payload_class(self, payload):
     if self.objCount > 0:
         return ModbusObjectId
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 35
0
 def guess_payload_class(self, payload):
     if isinstance(self.underlayer, Dot11):
         if self.underlayer.FCfield & 0x40:
             return Dot11WEP
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 36
0
 def guess_payload_class(self, payload):
     if self.flags >> 2 in [1, 3, 7]:	# if start bit is set
         return Packet.guess_payload_class(self, payload)
     else:
         return TLSv1RecordLayer
Ejemplo n.º 37
0
 def guess_payload_class(self, payload):
     if self.dataLength > 0:
         return ModbusWriteFileSubResponse
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 38
0
 def guess_payload_class(self, payload):
     if self.frametype == 0b11:
         return ZigbeeAppDataPayloadStub
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 39
0
 def guess_payload_class(self, payload):
     if self.options[:len(dhcpmagic)] == dhcpmagic:
         return DHCP
     else:
         return Packet.guess_payload_class(self, payload)
 def guess_payload_class(self, payload):
     if isinstance(self.underlayer, Dot11):
         if self.underlayer.FCfield.protected:
             return Dot11Encrypted
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 41
0
 def guess_payload_class(self, payload):
     if self.flags > 31:
         return TLSv1RecordLayer
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 42
0
 def guess_payload_class(self, payload):
     if self.frametype == 0b11:
         return ZigbeeAppDataPayloadStub
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 43
0
 def guess_payload_class(self, payload):
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 44
0
 def guess_payload_class(self, payload):
     if payload[:1] != b"\xff":
         return _CoAPOpt
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 45
0
 def guess_payload_class(self, payload):
     if self.objCount > 0:
         return ModbusObjectId
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 46
0
 def guess_payload_class(self, payload):
     return conf.l2types.get(self.dlt, Packet.guess_payload_class(self, payload))  # noqa: E501
Ejemplo n.º 47
0
 def guess_payload_class(self, payload):
     if self.byteCount > 0:
         return ModbusReadFileSubRequest
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 48
0
 def guess_payload_class(self, payload):
     if self.byteCount > 0:
         return ModbusReadFileSubRequest
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 49
0
 def guess_payload_class(self, payload):
     if self.dataLength > 0:
         return ModbusWriteFileSubResponse
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 50
0
 def guess_payload_class(self, payload):
     # check presence of LLS data block flag
     if self.options & 0x10 == 0x10:
         return OSPF_LLS_Hdr
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 51
0
 def guess_payload_class(self, payload):
     if isinstance(self.underlayer, Dot11):
         if self.underlayer.FCfield & 0x40:
             return Dot11WEP
     return Packet.guess_payload_class(self, payload)
Ejemplo n.º 52
0
 def guess_payload_class(self, payload):
     if self.options[:len(dhcpmagic)] == dhcpmagic:
         return DHCP
     else:
         return Packet.guess_payload_class(self, payload)
Ejemplo n.º 53
0
Archivo: ttls.py Proyecto: j4dk/scapy
 def guess_payload_class(self, payload):
     if self.flags >> 2 in [1, 3, 7]:  # if start bit is set
         return Packet.guess_payload_class(self, payload)
     else:
         return TLSv1RecordLayer