def tcp(packet, request_info, data):
datas = data.get('load')
if datas:
if datas.startswith(b"GET "):
try:
r_line, tmp = datas.split(b"\r\n", 1)
r_header = dict(map(lambda x: x.split(b": ", 1), tmp.split(b"\r\n\r\n")[0].split(b"\r\n")))
debug_log(packet['src'], packet['dst'], "HTTP", "协议版本:%s" % decoder(r_line.split(b" ")[-1].split(b"/", 1)[1]),
"请求网站:GET http://%s:%s/%s" % (
r_header.get("Host"), request_info['dport'], decoder(r_line.split(b" ")[1].lstrip(b"/"))))
except Exception, e:
pass
if datas.startswith(b"POST "):
try:
r_line, tmp = datas.split(b"\r\n", 1)
try:
r_header = dict(map(lambda x: x.split(b": ", 1), tmp.split(b"\r\n\r\n")[0].split(b"\r\n")))
except:
r_header = dict(map(lambda x: x.split(b": ", 1), tmp.split(b"\r\n")))
debug_log(packet['src'], packet['dst'], "HTTP", "协议版本:%s" % decoder(r_line.split(b" ")[-1].split(b"/", 1)[1]),
"请求网站:POST http://%s:%s/%s 数据:%s" % (
decoder(r_header.get("Host")), request_info['dport'], decoder(r_line.split(b" ")[1].lstrip(b"/")),
decoder(repr(tmp.split(b"\r\n\r\n")[1]))))
except Exception,e:
pass
def tcp(packet, request_info, data):
datas = data.get("load")
if datas:
if datas.startswith(b"SSH"):
r = re.match(b"SSH-(\d\.\d)-OpenSSH_((?:\d\.)+\d)\r\n", datas)
debug_log(packet['src'], packet['dst'], "SSH",
"协议版本:%s" % r.group(1))
def tcp(packet, request_info, data):
datas = data.get('load')
if datas:
lists = [
('u=', '&p='),
('txtUserId=', '&txtPassword='******'username='******'&password='******'F_LOGINNAME=', '&F_PASSWORD='******'account=', '&password='******'username='******'&pwd='),
('userId=', '&password='******'UserName='******'&PASSWORD='******'txtName=', '&txtPwd='),
('UserTxt=', '&PsdTxt='),
('account=', '&password='******'dd=', '&mm='),
('UserName='******'&Password='******'userCode=', '&password='******'j_username='******'&j_password='******'login_name=', '&login_password='******'NAME=', '&PAS='******'txtUsername='******'&txtPassword='******'UserNameTemp=', '&PassWordTemp='),
('UserName='******'&PassWord='******'tbxUserName='******'&tbxPassword='******'userName='******'&password='******'id=', '&password='******'uid=', '&pwd='),
('txtLoginName=', '&txtPwd='),
('userName='******'&pwd='),
('uname=', '&pwd='),
('txtUserCode=', '&txtPassword='******'"userAccounts":', ',"password":'******'UserNameTextBox=', '&PasswordTextBox='),
('txtAdminName=', '&txtPassword='******'uName=', '&uPwd='),
('UserName='******'&pwd='),
('email=', '&password='******'%s(.*?)%s(.*?)($|&)' % (key, value),
post)
if info:
debug_log(
packet['src'], packet['dst'], "HTTP", "协议版本:%s" %
decoder(r_line.split(b" ")[-1].split(b"/", 1)[1]),
"用户信息 <%s:%s> %s" %
(info.group(1), info.group(2), r_line))
except Exception, e:
pass
def tcp(packet, request_info, data):
datas = data.get('load')
if datas:
if datas.startswith(b"POST "):
try:
r_line, tmp = datas.split(b"\r\n", 1)
r_header = dict(map(lambda x: x.split(b": ", 1), tmp.split(b"\r\n\r\n")[0].split(b"\r\n")))
if r_header.get("Host") == "short.weixin.qq.com" and r_header.get("User-Agent") == "MicroMessenger Client":
debug_log(packet['src'], packet['dst'], "WeChat")
except Exception,e:
pass
def tcp(packet, request_info, data):
datas = data.get('load')
if datas:
if datas.startswith(
"000003340000000c0200000004000000000e".decode("hex")):
try:
r = re.search(
"000003340000000c0200000004000000000e".decode("hex") +
"(\d+)", datas)
debug_log(packet['src'], packet['dst'], "QQ",
"QQ号码:%s" % r.group(1))
except:
pass
def icmp(packet, request_info, data):
if data['load'].endswith(
"08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637"
.decode("hex")):
debug_log(packet['src'], packet['dst'], "PING")
def udp(packet, request_info, data):
if request_info.get('dport') == 53:
debug_log(packet['src'], packet['dst'], "DNS",
"查询:%s" % data['qd'].qname)