def smtp_creds(pcap):
strings = []
output = []
try:
pkts = rdpcap(pcap)
for p in pkts:
if p.haslayer(TCP) and p.haslayer(Raw) and p.getlayer(TCP).dport == 25:
load = p[Raw].load
if load not in strings:
strings.append(load)
else:
pass
else:
pass
except Exception as e:
error_logging(str(e), 'SMTP Creds')
for s in strings:
t = decode_base64(s)
if t is not None:
c = check_ascii(t)
if c is not None and len(c) > 3:
output.append(c)
else:
pass
else:
pass
return output
def smtp_creds(pcap):
strings = []
output = []
try:
pkts = rdpcap(pcap)
for p in pkts:
if p.haslayer(TCP) and p.haslayer(Raw) and p.getlayer(
TCP).dport == 25:
load = p[Raw].load
if load not in strings:
strings.append(load)
else:
pass
else:
pass
except Exception as e:
error_logging(str(e), 'SMTP Creds')
for s in strings:
t = decode_base64(s)
if t is not None:
c = check_ascii(t)
if c is not None and len(c) > 3:
output.append(c)
else:
pass
else:
pass
return output
def find_layers(pkts, pcap, pcap_id, streamid):
packet = OrderedDict()
count = 1
pcap_id = pcap_id.encode('utf-8')
streamid = streamid.encode('utf-8')
try:
for p in pkts:
header = {"Buffer": {"timestamp": datetime.datetime.fromtimestamp(p.time).strftime('%Y-%m-%d %H:%M:%S.%f'),
"packetnumber": count, "PCAP ID": pcap_id, "pcapfile": pcap, "StreamID": streamid}}
packet.update(header)
counter = 0
while True:
layer = p.getlayer(counter)
if layer != None:
i = int(counter)
x = p[0][i].fields
t = exclude_layers(x, layer.name)
s = rename_layer(t, layer.name)
v = '{"' + layer.name.replace('.', '_') + '[' + str(i) + ']' + '":' + str(s) + '}'
s = eval(v)
try:
del s['HTTP[3]']
del s['HTTP[5]']
except KeyError:
pass
packet.update(s)
else:
break
counter += 1
count += 1
yield packet
packet.clear()
except Exception as e:
error_logging(str(e), 'PacketParser')
pass