def handleStream(tcp):
# collect time and IP metadata
((src, sport), (dst, dport)) = tcp.addr
# handle client system packets
if tcp.server.count_new > 0:
if tcp.module_data["verbose"]:
chop.tsprettyprnt("RED", "%s:%s -> %s:%s 0x%04X bytes" % (src, sport, dst, dport, tcp.server.count_new))
data = tcp.server.data[: tcp.server.count_new]
if "xor_key" in tcp.module_data:
data = multibyte_xor(data, tcp.module_data["xor_key"])
if tcp.module_data["hexlify"]:
data = binascii.hexlify(data)
chop.prettyprnt("RED", data)
tcp.discard(tcp.server.count_new)
# handle server system packets
if tcp.client.count_new > 0:
if tcp.module_data["verbose"]:
chop.tsprettyprnt("GREEN", "%s:%s -> %s:%s 0x%04X bytes" % (dst, dport, src, sport, tcp.client.count_new))
data = tcp.client.data[: tcp.client.count_new]
if "xor_key" in tcp.module_data:
data = multibyte_xor(data, tcp.module_data["xor_key"])
if tcp.module_data["hexlify"]:
data = binascii.hexlify(data)
chop.prettyprnt("GREEN", data)
tcp.discard(tcp.client.count_new)
def alter_data(module_data, data):
if 'xor_key' in module_data:
data = multibyte_xor(data, module_data['xor_key'])
if module_data['hexdump']:
data = hexdump(data)
if module_data['base64']:
data = b64encode(data)
return data
def alter_data(module_data, data):
if "xor_key" in module_data:
data = multibyte_xor(data, module_data["xor_key"])
if module_data["hexdump"]:
data = hexdump(data)
if module_data["base64"]:
data = b64encode(data)
return data
def handle_bytes(data, color, direction, module_data):
if 'xor_key' in module_data:
data = multibyte_xor(data, module_data['xor_key'])
if module_data['hexdump']:
data = hexdump(data)
if module_data['base64']:
data = b64encode(data)
chop.prettyprnt(color, data)
chop.json({'payload': data, 'direction': direction})
def handle_bytes(data, color, direction, module_data):
if "xor_key" in module_data:
data = multibyte_xor(data, module_data["xor_key"])
if module_data["hexdump"]:
data = hexdump(data)
if module_data["base64"]:
data = b64encode(data)
chop.prettyprnt(color, data)
chop.json({"payload": data, "direction": direction})
def handleDatagram(udp):
# collect time and IP metadata
((src, sport), (dst, dport)) = udp.addr
# handle client system packets
if udp.module_data['verbose']:
chop.tsprettyprnt("RED", "%s:%s -> %s:%s 0x%04X bytes" % (src, sport, dst, dport, len(udp.data)))
if 'xor_key' in udp.module_data:
data = multibyte_xor(udp.data, udp.module_data['xor_key'])
else:
data = udp.data
if udp.module_data['hexdump']:
data = hexdump(data)
chop.prettyprnt("RED", data)
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(color, "%s:%s -> %s:%s %i bytes" % (src, sport, dst, dport, count))
if 'xor_key' in tcp.module_data:
data = multibyte_xor(data, tcp.module_data['xor_key'])
if tcp.module_data['hexdump']:
data = hexdump(data)
chop.prettyprnt(color, data)
tcp.discard(count)
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(
color, "%s:%s -> %s:%s %i bytes" % (src, sport, dst, dport, count))
if 'xor_key' in tcp.module_data:
data = multibyte_xor(data, tcp.module_data['xor_key'])
if tcp.module_data['hexdump']:
data = hexdump(data)
chop.prettyprnt(color, data)
tcp.discard(count)
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
direction = 'to_server'
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
direction = 'to_client'
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(
color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" %
(src, sport, dst, dport, count, entropy(data)))
if tcp.module_data['oneshot']:
tcp.stream_data['data'] += data
if tcp.module_data['oneshot_split']:
tcp.stream_data[direction] += data
if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']:
return
if 'xor_key' in tcp.module_data:
data = multibyte_xor(data, tcp.module_data['xor_key'])
if tcp.module_data['hexdump']:
data = hexdump(data)
if module_data['base64']:
data = b64encode(data)
chop.prettyprnt(color, data)
chop.json({'payload': data, 'direction': direction})
tcp.discard(count)
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
direction = 'to_server'
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
direction = 'to_client'
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data)))
if tcp.module_data['oneshot']:
tcp.stream_data['data'] += data
if tcp.module_data['oneshot_split']:
tcp.stream_data[direction] += data
if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']:
return
if 'xor_key' in tcp.module_data:
data = multibyte_xor(data, tcp.module_data['xor_key'])
if tcp.module_data['hexdump']:
data = hexdump(data)
if tcp.module_data['base64']:
data = b64encode(data)
chop.prettyprnt(color, data)
chop.json({'payload': data, 'direction': direction})
tcp.discard(count)
