def handleStream(tcp): chopp = ChopProtocol('http') ((src, sport), (dst, dport)) = parse_addr(tcp) tcp.stream_data['htpy_obj'].timestamp = tcp.timestamp if tcp.server.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.server.count_new)) if tcp.server.count_new == 1 and tcp.module_data['options']['beast']: tcp.discard(0) else: data_size = tcp.server.count - tcp.server.offset try: tcp.stream_data['connparser'].\ req_data(tcp.server.data[:data_size]) except htpy.stop: tcp.stop() except htpy.error: if tcp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") tcp.stop() tcp.discard(data_size) elif tcp.client.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.client.count_new)) if tcp.client.count_new == 1 and tcp.module_data['options']['beast']: tcp.discard(0) else: data_size = tcp.client.count - tcp.client.offset try: tcp.stream_data['connparser'].\ res_data(tcp.client.data[:data_size]) except htpy.stop: tcp.stop() except htpy.error: if tcp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") tcp.stop() tcp.discard(data_size) if tcp.stream_data['htpy_obj'].ready: trans = tcp.stream_data['htpy_obj'].transaction chopp.setClientData(trans['request']) chopp.setServerData(trans['response']) chopp.setTimeStamp(trans['timestamp']) chopp.setAddr(tcp.addr) chopp.flowStart = tcp.stream_data['htpy_obj'].flowStart tcp.stream_data['htpy_obj'].ready = False tcp.stream_data['htpy_obj'].temp = {} tcp.stream_data['htpy_obj'].transaction = {} return chopp return None
def handleProtocol(chopp): if chopp.type != 'sslim': return stream_data = chopp.stream_data if 'htpy_obj' not in stream_data: stream_data['htpy_obj'] = { 'options': chopp.module_data['options'], 'timestamp': None, 'temp': {}, 'transaction': {}, 'lines': Queue.Queue(), 'ready': False, 'flowStart': chopp.timestamp } stream_data['connparser'] = register_connparser() stream_data['connparser'].set_obj(stream_data['htpy_obj']) ((src, sport),(dst,dport)) = chopp.addr stream_data['htpy_obj']['timestamp'] = chopp.timestamp if chopp.clientData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (src, sport, dst, dport)) try: stream_data['connparser'].req_data(chopp.clientData) except htpy.stop: chopp.stop() except htpy.error: chop.prnt("Stream error in htpy.") chopp.stop() return if chopp.serverData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (dst, dport, src, sport)) try: stream_data['connparser'].res_data(chopp.serverData) except htpy.stop: chopp.stop() except htpy.error: chop.prnt("Stream error in htpy.") chopp.stop() return if stream_data['htpy_obj']['ready']: new_chopp = ChopProtocol('http') trans = stream_data['htpy_obj']['transaction'] new_chopp.setClientData(trans['request']) new_chopp.setServerData(trans['response']) new_chopp.setTimeStamp(trans['timestamp']) new_chopp.setAddr(chopp.addr) new_chopp.flowStart = stream_data['htpy_obj']['flowStart'] stream_data['htpy_obj']['ready'] = False return new_chopp
def handleProtocol(chopp): if chopp.type != 'sslim': return stream_data = chopp.stream_data if 'htpy_obj' not in stream_data: stream_data['htpy_obj'] = \ __htpyObj__(chopp.module_data['options'], chopp.timestamp) stream_data['connparser'] = register_connparser() stream_data['connparser'].set_obj(stream_data['htpy_obj']) ((src, sport), (dst, dport)) = chopp.addr stream_data['htpy_obj'].timestamp = chopp.timestamp if chopp.clientData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (src, sport, dst, dport)) try: stream_data['connparser'].req_data(chopp.clientData) except htpy.stop: chopp.stop() except htpy.error: if chopp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") chopp.stop() return if chopp.serverData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (dst, dport, src, sport)) try: stream_data['connparser'].res_data(chopp.serverData) except htpy.stop: chopp.stop() except htpy.error: if chopp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") chopp.stop() return if stream_data['htpy_obj'].ready: new_chopp = ChopProtocol('http') trans = stream_data['htpy_obj'].transaction new_chopp.setClientData(trans['request']) new_chopp.setServerData(trans['response']) new_chopp.setTimeStamp(trans['timestamp']) new_chopp.setAddr(chopp.addr) new_chopp.flowStart = stream_data['htpy_obj'].flowStart stream_data['htpy_obj'].ready = False stream_data['htpy_obj'].temp = {} stream_data['htpy_obj'].transaction = {} return new_chopp
def teardownProtocol(protocol): if protocol.type != 'http': chop.prnt("Error") return module_data = protocol.module_data data = {'request': protocol.clientData, 'response': protocol.serverData} if module_data['base64_encode']: if (data['request'] is not None and 'body' in data['request'] and data['request']['body'] is not None): data['request']['body'] = b64encode(data['request']['body']) data['request']['body_encoding'] = 'base64' if (data['response'] is not None and 'body' in data['response'] and data['response']['body'] is not None): data['response']['body'] = b64encode(data['response']['body']) data['response']['body_encoding'] = 'base64' chopp = ChopProtocol('http_meta') chopp.data = data chopp.flowStart = protocol.flowStart chopp.setTimeStamp(protocol.timestamp) chopp.setAddr(protocol.addr) return chopp
def teardownProtocol(protocol): if protocol.type != 'http': chop.prnt("Error") return module_data = protocol.module_data data = {'request': protocol.clientData, 'response': protocol.serverData} if module_data['base64_encode']: if (data['request'] is not None and 'body' in data['request'] and data['request']['body'] is not None): data['request']['body'] = b64encode(data['request']['body']) data['request']['body_encoding'] = 'base64' if (data['response'] is not None and 'body' in data['response'] and data['response']['body'] is not None): data['response']['body'] = b64encode(data['response']['body']) data['response']['body_encoding'] = 'base64' chopp = ChopProtocol('http_meta') chopp.data = data chopp.flowStart = protocol.flowStart chopp.setTimeStamp(protocol.timestamp) chopp.setAddr(protocol.addr) return chopp
def handlePacket(ip): if ip.protocol != 1: return None #Okay so we have traffic labeled as ICMP icmp = ChopProtocol('icmp') ip_offset = 4 * ip.ihl icmp_raw = ip.raw[ip_offset:] #separate the icmp data header = struct.unpack('<BBH', icmp_raw[0:4]) #Since this doesn't fit a client server model #Created a new 'data' field in the ChopProtocol object #Note that the _clone method in ChopProtocol uses deepcopy #so we should be okay icmp.data = icmp_message() icmp.data.type = header[0] icmp.data.code = header[1] icmp.data.checksum = header[2] icmp.data.raw = icmp_raw return icmp
def handlePacket(ip): if ip.protocol != 1: return None #Okay so we have traffic labeled as ICMP icmp = ChopProtocol('icmp') ip_offset = 4 * ip.ihl icmp_raw = ip.raw[ip_offset:] #separate the icmp data header = struct.unpack('<BBH', icmp_raw[0:4]) #Since this doesn't fit a client server model #Created a new 'data' field in the ChopProtocol object #Note that the _clone method in ChopProtocol uses deepcopy #so we should be okay icmp.data = icmp_message() icmp.data.type = header[0] icmp.data.code = header[1] icmp.data.checksum = header[2] icmp.data.raw = icmp_raw return icmp
def handleStream(tcp): chopp = ChopProtocol('http') ((src, sport), (dst, dport)) = parse_addr(tcp) tcp.stream_data['htpy_obj']['timestamp'] = tcp.timestamp if tcp.server.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.server.count_new)) try: tcp.stream_data['connparser'].req_data(tcp.server.data[:tcp.server.count_new]) except htpy.stop: tcp.stop() except htpy.error: chop.prnt("Stream error in htpy.") tcp.stop() tcp.discard(tcp.server.count_new) elif tcp.client.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.client.count_new)) try: tcp.stream_data['connparser'].res_data(tcp.client.data[:tcp.client.count_new]) except htpy.stop: tcp.stop() except htpy.error: chop.prnt("Stream error in htpy.") tcp.stop() tcp.discard(tcp.client.count_new) if tcp.stream_data['htpy_obj']['ready']: trans = tcp.stream_data['htpy_obj']['transaction'] chopp.setClientData(trans['request']) chopp.setServerData(trans['response']) chopp.setTimeStamp(trans['timestamp']) chopp.setAddr(tcp.addr) chopp.flowStart = tcp.stream_data['htpy_obj']['flowStart'] tcp.stream_data['htpy_obj']['ready'] = False return chopp return None
def teardownProtocol(chopp): if chopp.type != 'sslim': return stream_data = chopp.stream_data # sslim returns an empty object on teardown if 'htpy_obj' not in stream_data: return hchopp = ChopProtocol('http') ((src, sport), (dst, dport)) = chopp.addr stream_data['htpy_obj'].timestamp = chopp.timestamp # There's data collected in temp if len(stream_data['htpy_obj'].temp.keys()) > 1: # we don't care if only start is populated t = stream_data['htpy_obj'].temp if 'request' in t: if len(t['request'].keys()) == 0: try: req = stream_data['htpy_obj'].lines.get(False) except Queue.Empty: req = None else: req = t['request'] if 'tmp_hash' in t['request']: if t['request']['body_len'] > 0: t['request']['body_hash'] = \ t['request']['tmp_hash'].hexdigest() else: t['request']['body_hash'] = "" del t['request']['tmp_hash'] if 'response' in t: resp = t['response'] if 'tmp_hash' in t['response']: if t['response']['body_len'] > 0: t['response']['body_hash'] = \ t['response']['tmp_hash'].hexdigest() else: t['response']['body_hash'] = "" del t['response']['tmp_hash'] else: resp = None if req is not None or resp is not None: hchopp.setClientData(req) hchopp.setServerData(resp) hchopp.setTimeStamp(t['start']) hchopp.setAddr(chopp.addr) hchopp.setTeardown() hchopp.flowStart = stream_data['htpy_obj'].flowStart stream_data['htpy_obj'].ready = False stream_data['htpy_obj'].temp = {} stream_data['htpy_obj'].transaction = {} return hchopp return None
def handleDatagram(udp): ((src, sport), (dst, dport)) = udp.addr if sport != 53 and dport != 53: udp.stop() return try: o = DNSRecord.parse(udp.data) except KeyError as e: chop.prnt("Key error: %s" % str(e)) return except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpeced exception: %s" % str(e)) return chopp = ChopProtocol('dns') # Create the dictionary... f = [o.header.aa and 'AA', o.header.tc and 'TC', o.header.rd and 'RD', o.header.ra and 'RA'] try: d = {'header': {'id': o.header.id, 'type': QR[o.header.get_qr()], 'opcode': OPCODE[o.header.get_opcode()], 'flags': ",".join(filter(None, f)), 'rcode': RCODE[o.header.rcode]}, 'questions': o.questions} except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpeted exception: %s" % str(e)) return if OPCODE[o.header.opcode] == 'UPDATE': f1 = 'zo' f2 = 'pr' f3 = 'up' f4 = 'ad' else: f1 = 'q' f2 = 'a' f3 = 'ns' f4 = 'ar' dhdr = d['header'] dhdr[f1] = o.header.q dhdr[f2] = o.header.a dhdr[f3] = o.header.auth dhdr[f4] = o.header.ar d['questions'] = [] for q in o.questions: qname = str(q.get_qname()) # Strip trailing dot. if qname.endswith('.'): qname = qname[:-1] try: dq = {'qname': qname, 'qtype': QTYPE[q.qtype], 'qclass': CLASS[q.qclass]} d['questions'].append(dq) except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpected exception: %s" % str(e)) return d['rr'] = [] for r in o.rr: rname = str(r.get_rname()) # Strip trailing dot. if rname.endswith('.'): rname = rname[:-1] rdata = str(r.rdata) # Strip trailing dot. if rdata.endswith('.'): rdata = rdata[:-1] try: dr = {'rname': rname, 'rtype': QTYPE[r.rtype], 'rclass': CLASS[r.rclass], 'ttl': r.ttl, 'rdata': rdata} d['rr'].append(dr) except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpected exception: %s" % str(e)) return if sport == 53: chopp.serverData = d return chopp elif dport == 53: chopp.clientData = d return chopp return None
def teardown(tcp): chopp = ChopProtocol('http') ((src, sport), (dst, dport)) = tcp.addr tcp.stream_data['htpy_obj'].timestamp = tcp.timestamp #There's data collected in temp if len(tcp.stream_data['htpy_obj'].temp.keys()) > 1: #we don't care if only start is populated t = tcp.stream_data['htpy_obj'].temp if 'request' in t: if len(t['request'].keys()) == 0: try: req = tcp.stream_data['htpy_obj'].lines.get(False) except Queue.Empty: req = None else: req = t['request'] if 'tmp_hash' in t['request']: if t['request']['body_len'] > 0: t['request']['body_hash'] = t['request']['tmp_hash'].hexdigest() else: t['request']['body_hash'] = "" del t['request']['tmp_hash'] if 'response' in t: resp = t['response'] if 'tmp_hash' in t['response']: if t['response']['body_len'] > 0: t['response']['body_hash'] = t['response']['tmp_hash'].hexdigest() else: t['response']['body_hash'] = "" del t['response']['tmp_hash'] else: resp = None if req is not None or resp is not None: chopp.setClientData(req) chopp.setServerData(resp) chopp.setTimeStamp(t['start']) chopp.setAddr(tcp.addr) chopp.setTeardown() chopp.flowStart = tcp.stream_data['htpy_obj'].flowStart tcp.stream_data['htpy_obj'].ready = False tcp.stream_data['htpy_obj'].temp = {} tcp.stream_data['htpy_obj'].transaction = {} return chopp return None
def teardownProtocol(chopp): if chopp.type != 'sslim': return stream_data = chopp.stream_data # sslim returns an empty object on teardown if 'htpy_obj' not in stream_data: return hchopp = ChopProtocol('http') ((src, sport), (dst, dport)) = chopp.addr stream_data['htpy_obj'].timestamp = chopp.timestamp # There's data collected in temp if len(stream_data['htpy_obj'].temp.keys()) > 1: # we don't care if only start is populated t = stream_data['htpy_obj'].temp if 'request' in t: if len(t['request'].keys()) == 0: try: req = stream_data['htpy_obj'].lines.get(False) except Queue.Empty: req = None else: req = t['request'] if 'tmp_hash' in t['request']: if t['request']['body_len'] > 0: t['request']['body_hash'] = \ t['request']['tmp_hash'].hexdigest() else: t['request']['body_hash'] = "" del t['request']['tmp_hash'] if 'response' in t: resp = t['response'] if 'tmp_hash' in t['response']: if t['response']['body_len'] > 0: t['response']['body_hash'] = \ t['response']['tmp_hash'].hexdigest() else: t['response']['body_hash'] = "" del t['response']['tmp_hash'] else: resp = None if req is not None or resp is not None: hchopp.setClientData(req) hchopp.setServerData(resp) hchopp.setTimeStamp(t['start']) hchopp.setAddr(chopp.addr) hchopp.setTeardown() hchopp.flowStart = stream_data['htpy_obj'].flowStart stream_data['htpy_obj'].ready = False stream_data['htpy_obj'].temp = {} stream_data['htpy_obj'].transaction = {} return hchopp return None
def teardown(tcp): chopp = ChopProtocol('http') ((src, sport), (dst, dport)) = tcp.addr tcp.stream_data['htpy_obj'].timestamp = tcp.timestamp #There's data collected in temp if len(tcp.stream_data['htpy_obj'].temp.keys() ) > 1: #we don't care if only start is populated t = tcp.stream_data['htpy_obj'].temp if 'request' in t: if len(t['request'].keys()) == 0: try: req = tcp.stream_data['htpy_obj'].lines.get(False) except Queue.Empty: req = None else: req = t['request'] if 'tmp_hash' in t['request']: if t['request']['body_len'] > 0: t['request']['body_hash'] = t['request'][ 'tmp_hash'].hexdigest() else: t['request']['body_hash'] = "" del t['request']['tmp_hash'] if 'response' in t: resp = t['response'] if 'tmp_hash' in t['response']: if t['response']['body_len'] > 0: t['response']['body_hash'] = t['response'][ 'tmp_hash'].hexdigest() else: t['response']['body_hash'] = "" del t['response']['tmp_hash'] else: resp = None if req is not None or resp is not None: chopp.setClientData(req) chopp.setServerData(resp) chopp.setTimeStamp(t['start']) chopp.setAddr(tcp.addr) chopp.setTeardown() chopp.flowStart = tcp.stream_data['htpy_obj'].flowStart tcp.stream_data['htpy_obj'].ready = False tcp.stream_data['htpy_obj'].temp = {} tcp.stream_data['htpy_obj'].transaction = {} return chopp return None
def _stream_ended_(frame, direction, tcp): hash_fn = tcp.module_data['options']['hash_fn'] transaction = { 'timestamp': tcp.stream_data['stream_cache'][frame.stream_id]['start'], 'request': { 'truncated': False, #TODO support this 'body': None, 'body_len': 0, 'body_hash': '', 'hash_fn': hash_fn, 'protocol': '2' }, 'response': { 'truncated': False, 'body': None, 'body_len': 0, 'body_hash': '', 'hash_fn': hash_fn, } } if tcp.stream_data['stream_cache'][frame.stream_id][direction][ 'stream_ended'] and tcp.stream_data['stream_cache'][ frame.stream_id][_opposite_direction_( direction)]['stream_ended']: #chop.prnt("Stream: %d" % (frame.stream_id)) for d in ['request', 'response']: headers = copy.deepcopy( tcp.stream_data['stream_cache'][frame.stream_id][d]['headers']) if d == 'request': headers[':stream_id'] = frame.stream_id method = headers.get(':method', None) path = headers.get(':path', None) if ':method' in headers: del headers[':method'] if ':path' in headers: del headers[':path'] transaction[d]['method'] = method transaction[d]['uri'] = path else: status = headers.get(':status', None) if ':status' in headers: del headers[':status'] transaction[d]['status'] = status transaction[d]['headers'] = headers #chop.prnt("\tHeaders: %s" % (headers)) if tcp.stream_data['stream_cache'][ frame.stream_id][d]['data'] is not None: content_encoding = headers.get('content-encoding', None) mimetype = headers.get('content-type', None) if mimetype is not None: mimetype = mimetype.split(';', 1)[0] content_disposition = headers.get('content-disposition', None) if content_encoding == 'gzip': try: dataStream = BytesIO(tcp.stream_data['stream_cache'][ frame.stream_id][d]['data']) gdata = gzip.GzipFile(fileobj=dataStream, mode='rb') data = gdata.read() except Exception as e: chop.prnt("Warning: Unable to gzip file") data = tcp.stream_data['stream_cache'][ frame.stream_id][d]['data'] else: data = tcp.stream_data['stream_cache'][ frame.stream_id][d]['data'] if mimetype is None: try: import magic except ImportError: pass else: try: mimetype = magic.from_buffer(data, mime=True) except Exception as e: chop.prnt( "Warning: Unable to get mime type of file: %s" % (str(e))) filename = 'noname' if d == 'response': if content_disposition is None: if transaction['request']['uri'] is not None: raw_path = transaction['request']['uri'] raw_path = raw_path.split('?', 1)[0] path_parts = os.path.split(raw_path) outPath = None while (len(path_parts) > 0): if path_parts[-1] == '': path_parts = path_parts[:-1] continue else: outPath = os.path.basename(path_parts[-1]) break if outPath is None or outPath == '': outPath = 'index' filename = sanitize_filename(outPath) else: filename = sanitize_filename(content_disposition) #chop.prnt("\tData Name: %s, Length: %d, Type: %s" % (filename, len(data), mimetype)) ((src, sport), (dst, dport)) = parse_addr(tcp) chop.savefile( "%d-%s-%d-%s-%d-%d-%s" % (tcp.timestamp, src, sport, dst, dport, frame.stream_id, filename), data) transaction[d]['body'] = data transaction[d]['body_len'] = len(data) transaction[d]['body_hash'] = __hash_function__( data).hexdigest() #chop.prnt("\n") #chop.prnt('\n') del tcp.stream_data['stream_cache'][frame.stream_id] #chop.prnt(tcp.stream_data['stream_cache'].keys()) #chop.prnt(json.dumps(transaction, indent=4)) chopp = ChopProtocol('http') chopp.setClientData(transaction['request']) chopp.setServerData(transaction['response']) chopp.setTimeStamp(transaction['timestamp']) chopp.setAddr(tcp.addr) chopp.flowStart = tcp.stream_data['flowStart'] return chopp else: return None
def handleStream(tcp): # Make sure this is really SSL. Sadly we can't do this in taste() # because there is no payload data available that early. data = '' ((src, sport), (dst, dport)) = parse_addr(tcp) server_dlen = tcp.server.count - tcp.server.offset client_dlen = tcp.client.count - tcp.client.offset # If we haven't identified this as SSL yet if tcp.stream_data['ssl'] == False: # Do we have enough data for checks? if tcp.server.count_new > 0 and server_dlen > 7: # Check if proxy CONNECT if tcp.server.data[:8] == "CONNECT ": if tcp.module_data['verbose']: chop.tsprnt("%s:%i -> %s:%i (%i) - CONNECT (ignored)" % (src, sport, dst, dport, server_dlen)) tcp.discard(server_dlen) return # Otherwise, prepare to check if SSL handshake data = tcp.server.data[:3] # Do we have enough data for checks? elif tcp.client.count_new > 0 and client_dlen > 5: # Check if proxy CONNECT response if tcp.client.data[:6] == "HTTP/1": if tcp.module_data['verbose']: chop.tsprnt("%s:%i -> %s:%i (%i) - HTTP/1 (ignored)" % (src, sport, dst, dport, client_dlen)) tcp.discard(client_dlen) return # Otherwise, prepare to check if SSL handshake data = tcp.client.data[:3] else: # Need more data return # We have data, so check if it is SSL Handshake. # There's probably more to this, but this is good enough for now. if data in ('\x16\x03\x00', '\x16\x03\x01', '\x16\x03\x02', '\x16\x03\x03'): tcp.stream_data['ssl'] = True tcp.stream_data['chopp'] = ChopProtocol('sslim') tcp.module_data['sslim'].callback_obj = tcp.stream_data['chopp'] else: if tcp.module_data['verbose']: chop.tsprnt( "%s:%i -> %s:%i: Stopping collection, not really SSL!" % (src, sport, dst, dport)) tcp.module_data['sslim'].done(tcp.addr) tcp.stop() return # Always clear out any existing data. tcp.stream_data['chopp'].clientData = '' tcp.stream_data['chopp'].serverData = '' # We have identified this connection as SSL, so just process the packets if tcp.server.count_new > 0: if tcp.module_data['verbose']: chop.tsprnt("%s:%s -> %s:%s (%i)" % (src, sport, dst, dport, len(tcp.server.data[:tcp.server.count_new]))) try: tcp.module_data['sslim'].parse_to_server( tcp.server.data[:tcp.server.count_new], tcp.addr) except sslimException as e: if tcp.module_data['verbose']: chop.prnt(e) tcp.module_data['sslim'].done(tcp.addr) tcp.stop() return tcp.discard(tcp.server.count_new) if tcp.client.count_new > 0: if tcp.module_data['verbose']: chop.tsprnt("%s:%s -> %s:%s (%i)" % (src, sport, dst, dport, len(tcp.client.data[:tcp.client.count_new]))) try: tcp.module_data['sslim'].parse_to_client( tcp.client.data[:tcp.client.count_new], tcp.addr) except sslimException as e: if tcp.module_data['verbose']: chop.prnt(e) tcp.module_data['sslim'].done(tcp.addr) tcp.stop() return tcp.discard(tcp.client.count_new) if tcp.stream_data['chopp'].clientData or tcp.stream_data[ 'chopp'].serverData: return tcp.stream_data['chopp'] return
def handleStream(tcp): chopp = ChopProtocol('http') ((src, sport), (dst, dport)) = parse_addr(tcp) tcp.stream_data['htpy_obj']['timestamp'] = tcp.timestamp if tcp.server.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.server.count_new)) try: tcp.stream_data['connparser'].req_data( tcp.server.data[:tcp.server.count_new]) except htpy.stop: tcp.stop() except htpy.error: chop.prnt("Stream error in htpy.") tcp.stop() tcp.discard(tcp.server.count_new) elif tcp.client.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.client.count_new)) try: tcp.stream_data['connparser'].res_data( tcp.client.data[:tcp.client.count_new]) except htpy.stop: tcp.stop() except htpy.error: chop.prnt("Stream error in htpy.") tcp.stop() tcp.discard(tcp.client.count_new) if tcp.stream_data['htpy_obj']['ready']: trans = tcp.stream_data['htpy_obj']['transaction'] chopp.setClientData(trans['request']) chopp.setServerData(trans['response']) chopp.setTimeStamp(trans['timestamp']) chopp.setAddr(tcp.addr) chopp.flowStart = tcp.stream_data['htpy_obj']['flowStart'] tcp.stream_data['htpy_obj']['ready'] = False return chopp return None
def handleProtocol(chopp): if chopp.type != 'sslim': return stream_data = chopp.stream_data if 'htpy_obj' not in stream_data: stream_data['htpy_obj'] = \ __htpyObj__(chopp.module_data['options'], chopp.timestamp) stream_data['connparser'] = register_connparser() stream_data['connparser'].set_obj(stream_data['htpy_obj']) ((src, sport), (dst, dport)) = chopp.addr stream_data['htpy_obj'].timestamp = chopp.timestamp if chopp.clientData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (src, sport, dst, dport)) try: stream_data['connparser'].req_data(chopp.clientData) except htpy.stop: chopp.stop() except htpy.error: if chopp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") chopp.stop() return if chopp.serverData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (dst, dport, src, sport)) try: stream_data['connparser'].res_data(chopp.serverData) except htpy.stop: chopp.stop() except htpy.error: if chopp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") chopp.stop() return if stream_data['htpy_obj'].ready: new_chopp = ChopProtocol('http') trans = stream_data['htpy_obj'].transaction new_chopp.setClientData(trans['request']) new_chopp.setServerData(trans['response']) new_chopp.setTimeStamp(trans['timestamp']) new_chopp.setAddr(chopp.addr) new_chopp.flowStart = stream_data['htpy_obj'].flowStart stream_data['htpy_obj'].ready = False stream_data['htpy_obj'].temp = {} stream_data['htpy_obj'].transaction = {} return new_chopp
def handleStream(tcp): chopp = ChopProtocol('http') ((src, sport), (dst, dport)) = parse_addr(tcp) tcp.stream_data['htpy_obj'].timestamp = tcp.timestamp if tcp.server.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.server.count_new)) if tcp.server.count_new == 1 and tcp.module_data['options']['beast']: tcp.discard(0) else: data_size = tcp.server.count - tcp.server.offset try: tcp.stream_data['connparser'].\ req_data(tcp.server.data[:data_size]) except htpy.stop: tcp.stop() except htpy.error: if tcp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") tcp.stop() tcp.discard(data_size) elif tcp.client.count_new > 0: if tcp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s (%i)" % (src, sport, dst, dport, tcp.client.count_new)) if tcp.client.count_new == 1 and tcp.module_data['options']['beast']: tcp.discard(0) else: data_size = tcp.client.count - tcp.client.offset try: tcp.stream_data['connparser'].\ res_data(tcp.client.data[:data_size]) except htpy.stop: tcp.stop() except htpy.error: if tcp.module_data['options']['verbose']: chop.tsprnt("Stream error in htpy.") tcp.stop() tcp.discard(data_size) if tcp.stream_data['htpy_obj'].ready: trans = tcp.stream_data['htpy_obj'].transaction chopp.setClientData(trans['request']) chopp.setServerData(trans['response']) chopp.setTimeStamp(trans['timestamp']) chopp.setAddr(tcp.addr) chopp.flowStart = tcp.stream_data['htpy_obj'].flowStart tcp.stream_data['htpy_obj'].ready = False tcp.stream_data['htpy_obj'].temp = {} tcp.stream_data['htpy_obj'].transaction = {} return chopp return None
def handleDatagram(udp): ((src, sport), (dst, dport)) = udp.addr if sport != 53 and dport != 53: udp.stop() return try: o = DNSRecord.parse(udp.data) except KeyError as e: chop.prnt("Key error: %s" % str(e)) return except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpeced exception: %s" % str(e)) return chopp = ChopProtocol('dns') # Create the dictionary... f = [ o.header.aa and 'AA', o.header.tc and 'TC', o.header.rd and 'RD', o.header.ra and 'RA' ] try: d = { 'header': { 'id': o.header.id, 'type': QR[o.header.get_qr()], 'opcode': OPCODE[o.header.get_opcode()], 'flags': ",".join(filter(None, f)), 'rcode': RCODE[o.header.rcode] }, 'questions': o.questions } except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpeted exception: %s" % str(e)) return if OPCODE[o.header.opcode] == 'UPDATE': f1 = 'zo' f2 = 'pr' f3 = 'up' f4 = 'ad' else: f1 = 'q' f2 = 'a' f3 = 'ns' f4 = 'ar' dhdr = d['header'] dhdr[f1] = o.header.q dhdr[f2] = o.header.a dhdr[f3] = o.header.auth dhdr[f4] = o.header.ar d['questions'] = [] for q in o.questions: qname = str(q.get_qname()) # Strip trailing dot. if qname.endswith('.'): qname = qname[:-1] try: dq = { 'qname': qname, 'qtype': QTYPE[q.qtype], 'qclass': CLASS[q.qclass] } d['questions'].append(dq) except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpected exception: %s" % str(e)) return d['rr'] = [] for r in o.rr: rname = str(r.get_rname()) # Strip trailing dot. if rname.endswith('.'): rname = rname[:-1] rdata = str(r.rdata) # Strip trailing dot. if rdata.endswith('.'): rdata = rdata[:-1] try: dr = { 'rname': rname, 'rtype': QTYPE[r.rtype], 'rclass': CLASS[r.rclass], 'ttl': r.ttl, 'rdata': rdata } d['rr'].append(dr) except DNSError as e: chop.prnt("dnslib error: %s" % str(e)) return except Exception as e: chop.prnt("Unexpected exception: %s" % str(e)) return if sport == 53: chopp.serverData = d return chopp elif dport == 53: chopp.clientData = d return chopp return None
def handleProtocol(chopp): if chopp.type != 'sslim': return stream_data = chopp.stream_data if 'htpy_obj' not in stream_data: stream_data['htpy_obj'] = { 'options': chopp.module_data['options'], 'timestamp': None, 'temp': {}, 'transaction': {}, 'lines': Queue.Queue(), 'ready': False, 'flowStart': chopp.timestamp } stream_data['connparser'] = register_connparser() stream_data['connparser'].set_obj(stream_data['htpy_obj']) ((src, sport), (dst, dport)) = chopp.addr stream_data['htpy_obj']['timestamp'] = chopp.timestamp if chopp.clientData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (src, sport, dst, dport)) try: stream_data['connparser'].req_data(chopp.clientData) except htpy.stop: chopp.stop() except htpy.error: chop.prnt("Stream error in htpy.") chopp.stop() return if chopp.serverData: if chopp.module_data['options']['verbose']: chop.tsprnt("%s:%s->%s:%s" % (dst, dport, src, sport)) try: stream_data['connparser'].res_data(chopp.serverData) except htpy.stop: chopp.stop() except htpy.error: chop.prnt("Stream error in htpy.") chopp.stop() return if stream_data['htpy_obj']['ready']: new_chopp = ChopProtocol('http') trans = stream_data['htpy_obj']['transaction'] new_chopp.setClientData(trans['request']) new_chopp.setServerData(trans['response']) new_chopp.setTimeStamp(trans['timestamp']) new_chopp.setAddr(chopp.addr) new_chopp.flowStart = stream_data['htpy_obj']['flowStart'] stream_data['htpy_obj']['ready'] = False return new_chopp
return module_options def handleDatagram(udp): ((src, sport), (dst, dport)) = udp.addr if sport != 53 and dport != 53: #chop.tsprnt("STOP: %s:%s->%s:%s (%i:%i)" % (src, sport, dst, dport, len(udp.data), len(udp.ip))) udp.stop() return try: o = DNSRecord.parse(udp.data) except KeyError, e: chop.prnt("Key error: %s" % str(e)) return chopp = ChopProtocol('dns') # Create the dictionary... f = [ o.header.aa and 'AA', o.header.tc and 'TC', o.header.rd and 'RD', o.header.ra and 'RA' ] d = { 'header': { 'id': o.header.id, 'type': QR[o.header.qr], 'opcode': OPCODE[o.header.opcode], 'flags': ",".join(filter(None, f)), 'rcode': RCODE[o.header.rcode], }, 'questions': o.questions }