def dotransform(request, response): pcap = request.value usedb = config['working/usedb'] if usedb > 0: # Connect to the database so we can insert the record created below x = mongo_connect() c = x['STREAMS'] # Hash the pcap file try: md5hash = md5_for_file(pcap) except Exception as e: return response + UIMessage(str(e)) d = find_session(md5hash) folder = d[2] else: folder = config['working/directory'] l = len(folder) + 11 raw = pcap[l:-5] raw = raw.split('-') banner = 'Protocol:%s\nSource:%s\nDestination:%s' % (raw[0], raw[1], raw[2]) e = pcapStream(banner) response += e return response
def dotransform(request, response): pcap = request.value usedb = config['working/usedb'] # Check to see if we are using the database or not if usedb == 0: return response + UIMessage('You have chosen not to use a database') else: pass d = mongo_connect() c = d['PACKETS'] y = d['PACKETSUMMARY'] url = config['web/server'].strip('\'') port = config['web/port'].strip('\'') # Hash the pcap file try: md5pcap = md5_for_file(pcap) except Exception as e: return response + UIMessage(str(e)) def convert_encoding(data, encoding='utf-8'): if isinstance(data, dict): return dict((convert_encoding(key), convert_encoding(value)) \ for key, value in data.iteritems()) elif isinstance(data, list): return [convert_encoding(element) for element in data] elif isinstance(data, unicode): return data.encode(encoding, errors='replace') else: return data # Get the PCAP ID for the pcap file try: s = d.INDEX.find({"MD5 Hash": md5pcap}).count() if s == 0: t = d.STREAMS.find({"MD5 Hash": md5pcap}).count() if t > 0: r = d.STREAMS.find({"MD5 Hash": md5pcap}, {"PCAP ID": 1, "Stream ID": 1, "_id": 0}) for i in r: pcap_id = i['PCAP ID'] streamid = i['Stream ID'] else: return response + UIMessage('No PCAP ID, you need to index the pcap file') if s > 0: r = d.INDEX.find({"MD5 Hash": md5pcap}, {"PCAP ID": 1, "_id": 0}) for i in r: pcap_id = i['PCAP ID'] streamid = i['PCAP ID'] except Exception as e: return response + UIMessage(str(e)) stream_url = 'http://%s:%s/pcap/%s/packets' % (url, port, streamid) pkts = loadpackets(pcap) # Dump the full packets into the database for later use. x = find_layers(pkts, pcap, pcap_id, streamid) try: for s in x: tstamp = s['Buffer']['timestamp'] q = d.PACKETS.find({"Buffer.timestamp": tstamp}).count() if q > 0: pass else: v = OrderedDict(json.loads(json.dumps(convert_encoding(s), encoding='latin-1', ensure_ascii=False))) c.insert(v) except Exception as e: error_logging(str(e), 'Packets') # Build the packet summary so we can make pretty pages. count = 1 packet = OrderedDict() try: for p in pkts: tstamp = datetime.datetime.fromtimestamp(p.time).strftime('%Y-%m-%d %H:%M:%S.%f') p_header = {"PCAP ID": pcap_id, "Buffer": {"timestamp": tstamp, "packetnumber": count, "pcapfile": pcap, "packet_length": p.len, "StreamID": streamid}} packet.update(p_header) if p.haslayer(IP): p_ip = {"IP": {"ip_src": p[IP].src, "ip_dst": p[IP].dst, "ip_ttl": p[IP].ttl}} packet.update(p_ip) layers = [] counter = 0 while True: layer = p.getlayer(counter) if layer != None: if layer.name == 'HTTP': pass else: layers.append(layer.name) else: break counter += 1 p_layers = {"Layers": layers} packet.update(p_layers) view_url = 'http://%s:%s/pcap/%s/%s/packets/%s' % (url, port, pcap_id, streamid, count) p_view = {"View": view_url} packet.update(p_view) t = d.PACKETSUMMARY.find({"Buffer.timestamp": tstamp}).count() if t > 0: pass else: y.insert(packet) count += 1 packet.clear() except Exception as e: error_logging(str(e), 'PacketSummary') # Return the Maltego Entity a = pcapStream(stream_url) response += a return response