def dotransform(request, response):
pcap = request.value
usedb = config['working/usedb']
if usedb > 0:
# Connect to the database so we can insert the record created below
x = mongo_connect()
c = x['STREAMS']
# Hash the pcap file
try:
md5hash = md5_for_file(pcap)
except Exception as e:
return response + UIMessage(str(e))
d = find_session(md5hash)
folder = d[2]
else:
folder = config['working/directory']
l = len(folder) + 11
raw = pcap[l:-5]
raw = raw.split('-')
banner = 'Protocol:%s\nSource:%s\nDestination:%s' % (raw[0], raw[1],
raw[2])
e = pcapStream(banner)
response += e
return response
def dotransform(request, response):
pcap = request.value
usedb = config['working/usedb']
if usedb > 0:
# Connect to the database so we can insert the record created below
x = mongo_connect()
c = x['STREAMS']
# Hash the pcap file
try:
md5hash = md5_for_file(pcap)
except Exception as e:
return response + UIMessage(str(e))
d = find_session(md5hash)
folder = d[2]
else:
folder = config['working/directory']
l = len(folder) + 11
raw = pcap[l:-5]
raw = raw.split('-')
banner = 'Protocol:%s\nSource:%s\nDestination:%s' % (raw[0], raw[1], raw[2])
e = pcapStream(banner)
response += e
return response
def dotransform(request, response):
pcap = request.value
usedb = config['working/usedb']
# Check to see if we are using the database or not
if usedb == 0:
return response + UIMessage('You have chosen not to use a database')
else:
pass
d = mongo_connect()
c = d['PACKETS']
y = d['PACKETSUMMARY']
url = config['web/server'].strip('\'')
port = config['web/port'].strip('\'')
# Hash the pcap file
try:
md5pcap = md5_for_file(pcap)
except Exception as e:
return response + UIMessage(str(e))
def convert_encoding(data, encoding='utf-8'):
if isinstance(data, dict):
return dict((convert_encoding(key), convert_encoding(value)) \
for key, value in data.iteritems())
elif isinstance(data, list):
return [convert_encoding(element) for element in data]
elif isinstance(data, unicode):
return data.encode(encoding, errors='replace')
else:
return data
# Get the PCAP ID for the pcap file
try:
s = d.INDEX.find({"MD5 Hash": md5pcap}).count()
if s == 0:
t = d.STREAMS.find({"MD5 Hash": md5pcap}).count()
if t > 0:
r = d.STREAMS.find({"MD5 Hash": md5pcap}, {"PCAP ID": 1, "Stream ID": 1, "_id": 0})
for i in r:
pcap_id = i['PCAP ID']
streamid = i['Stream ID']
else:
return response + UIMessage('No PCAP ID, you need to index the pcap file')
if s > 0:
r = d.INDEX.find({"MD5 Hash": md5pcap}, {"PCAP ID": 1, "_id": 0})
for i in r:
pcap_id = i['PCAP ID']
streamid = i['PCAP ID']
except Exception as e:
return response + UIMessage(str(e))
stream_url = 'http://%s:%s/pcap/%s/packets' % (url, port, streamid)
pkts = loadpackets(pcap)
# Dump the full packets into the database for later use.
x = find_layers(pkts, pcap, pcap_id, streamid)
try:
for s in x:
tstamp = s['Buffer']['timestamp']
q = d.PACKETS.find({"Buffer.timestamp": tstamp}).count()
if q > 0:
pass
else:
v = OrderedDict(json.loads(json.dumps(convert_encoding(s), encoding='latin-1', ensure_ascii=False)))
c.insert(v)
except Exception as e:
error_logging(str(e), 'Packets')
# Build the packet summary so we can make pretty pages.
count = 1
packet = OrderedDict()
try:
for p in pkts:
tstamp = datetime.datetime.fromtimestamp(p.time).strftime('%Y-%m-%d %H:%M:%S.%f')
p_header = {"PCAP ID": pcap_id, "Buffer": {"timestamp": tstamp, "packetnumber": count, "pcapfile": pcap,
"packet_length": p.len, "StreamID": streamid}}
packet.update(p_header)
if p.haslayer(IP):
p_ip = {"IP": {"ip_src": p[IP].src, "ip_dst": p[IP].dst, "ip_ttl": p[IP].ttl}}
packet.update(p_ip)
layers = []
counter = 0
while True:
layer = p.getlayer(counter)
if layer != None:
if layer.name == 'HTTP':
pass
else:
layers.append(layer.name)
else:
break
counter += 1
p_layers = {"Layers": layers}
packet.update(p_layers)
view_url = 'http://%s:%s/pcap/%s/%s/packets/%s' % (url, port, pcap_id, streamid, count)
p_view = {"View": view_url}
packet.update(p_view)
t = d.PACKETSUMMARY.find({"Buffer.timestamp": tstamp}).count()
if t > 0:
pass
else:
y.insert(packet)
count += 1
packet.clear()
except Exception as e:
error_logging(str(e), 'PacketSummary')
# Return the Maltego Entity
a = pcapStream(stream_url)
response += a
return response