class DNSSOARR(DNSRR):
name = "DNS SOA Resource Record"
show_indent = 0
fields_desc = [
DNSStrField("rrname", ""),
ShortEnumField("type", 1, dnstypes),
ShortEnumField("rclass", 1, dnsclasses),
IntField("ttl", 0),
ShortField("rdlen", 0),
StrField("mname", ""),
StrField("rname", ""),
IntField("serial", 0),
IntField("refresh", 0),
IntField("retry", 0),
IntField("expire", 0),
IntField("minimum", 0)
]
class CustomTLV(Packet):
""" Custom TLV protocol layer for scapy """
fields_desc = [
ShortField("type", 0),
ShortField("length", 4),
StrField("value", "")
]
class HTTPresponse(Packet):
name = "HTTP Response"
fields_desc = [
StrField("StatusLine", None, fmt="H"),
StrField("AcceptRanges", None, fmt="H"),
StrField("Age", None, fmt="H"),
StrField("ETag", None, fmt="H"),
StrField("Location", None, fmt="H"),
StrField("ProxyAuthenticate", None, fmt="H"),
StrField("RetryAfter", None, fmt="H"),
StrField("Server", None, fmt="H"),
StrField("Vary", None, fmt="H"),
StrField("WWWAuthenticate", None, fmt="H")
]
def do_dissect(self, s):
fields_rfc = [
"Status-Line", "Accept-Ranges", "Age", "ETag", "Location",
"Proxy-Authenticate", "Retry-After", "Server", "Vary",
"WWW-Authenticate"
]
a = s.split("\r\n")
obj = self.fields_desc[:]
obj.reverse()
fields_rfc.reverse()
while obj:
f = obj.pop()
g = fields_rfc.pop()
for x in a:
if (g == "Status-Line"):
prog = re.compile(
"^HTTP/((0\.9)|(1\.0)|(1\.1))\ [0-9]{3}.*")
else:
prog = re.compile(g + ":", re.IGNORECASE)
result = prog.search(x)
if result:
self.setfieldval(f.name, x + '\r\n')
a.remove(x)
return '\r\n' + "".join(a)
class SigfoxUplinkPCAP(Packet):
name = "SigfoxPacket "
fields_desc = [StrField("Frame", "")]
class OpenFlowBody_v1_3(Packet):
"""
OpenFlow Packet v1.3
"""
name = 'OpenFlowBody_v1_3'
fields_desc = [
# Header
ByteEnumField('Type', None, ofp_v1_3_message_type),
ShortField('Length', None),
IntField('ID', None),
# Error message body
ConditionalField(ShortField('ErrorType', None),
lambda pkt: pkt.Type == 1),
ConditionalField(ShortField('ErrorCode', None),
lambda pkt: pkt.Type == 1),
# Echo Request / Echo Reply message body
ConditionalField(StrField('Data', None),
lambda pkt: pkt.Type in [1, 2, 3]),
# Vendor message body
#ConditionalField(IntField('VendorID', None), lambda pkt: pkt.Type == 4), # type ????
# Experimenter
ConditionalField(XIntField('ExperimenterID', None),
lambda pkt: pkt.Type == 4),
ConditionalField(IntField('ExperimenterType', None),
lambda pkt: pkt.Type == 4),
# Features Reply message body
ConditionalField(XLongField('DatapathID', None),
lambda pkt: pkt.Type == 6),
ConditionalField(IntField('MaxBuffers', None),
lambda pkt: pkt.Type == 6),
ConditionalField(ByteField('MaxTables', None),
lambda pkt: pkt.Type == 6),
ConditionalField(ByteField('AuxiliaryID', None),
lambda pkt: pkt.Type == 6),
ConditionalField(XByteField('FeaturesReplyPad', None),
lambda pkt: pkt.Type == 6),
ConditionalField(XIntField('Capabilities', None),
lambda pkt: pkt.Type == 6),
ConditionalField(IntField('FeaturesReplyReserved', None),
lambda pkt: pkt.Type == 6),
# Set Config message body
ConditionalField(XShortField('SwitchConfigurationFlags', None),
lambda pkt: pkt.Type == 9),
ConditionalField(ShortField('MissSendLength', None),
lambda pkt: pkt.Type == 9),
# Packet Input Notification message body
ConditionalField(
IntField('PacketInputNotificationPacketBufferID', None),
lambda pkt: pkt.Type == 10),
ConditionalField(ShortField('EthernetFrameLength', None),
lambda pkt: pkt.Type == 10),
ConditionalField(ByteField('PacketInputNotificationReason', None),
lambda pkt: pkt.Type == 10),
ConditionalField(ByteField('PacketInputNotificationTableID', None),
lambda pkt: pkt.Type == 10),
ConditionalField(XLongField('PacketInputNotificationCookie', None),
lambda pkt: pkt.Type == 10),
# Flow Removed Notification message body
ConditionalField(XLongField('FlowRemovedNotificationCookie', None),
lambda pkt: pkt.Type == 11),
ConditionalField(ShortField('FlowRemovedNotificationPriority', None),
lambda pkt: pkt.Type == 11),
ConditionalField(ByteField('FlowRemovedNotificationReason', None),
lambda pkt: pkt.Type == 11),
ConditionalField(ByteField('FlowRemovedNotificationTableID', None),
lambda pkt: pkt.Type == 11),
ConditionalField(IntField('Duration_sec', None),
lambda pkt: pkt.Type == 11),
ConditionalField(IntField('Duration_nsec', None),
lambda pkt: pkt.Type == 11),
ConditionalField(
ShortField('FlowRemovedNotificationIdleTimeout', None),
lambda pkt: pkt.Type == 11),
ConditionalField(ShortField('HardTimeout', None),
lambda pkt: pkt.Type == 11),
ConditionalField(LongField('NumberOfPacketsTransferred', None),
lambda pkt: pkt.Type == 11),
ConditionalField(LongField('NumberOfOctetsTransferred', None),
lambda pkt: pkt.Type == 11),
# Port Status Notification message body
ConditionalField(ByteField('PortStatusNotificationReason', None),
lambda pkt: pkt.Type == 12),
ConditionalField(XByteField('PortStatusNotificationPad', None),
lambda pkt: pkt.Type == 12),
ConditionalField(
_PacketField('PortStatusNotification<PortDescriptors>', None,
PortDescriptorField_v1_3, 39),
lambda pkt: pkt.Type == 12),
# Packet Output message body
ConditionalField(IntField('PacketOutputPacketBufferID', None),
lambda pkt: pkt.Type == 13),
ConditionalField(IntField('PacketOutputIngress<PortNumber>', None),
lambda pkt: pkt.Type == 13),
ConditionalField(ShortField('LengthOfActionDescriptors', None),
lambda pkt: pkt.Type == 13),
ConditionalField(XByteField('PacketOutputPad', None),
lambda pkt: pkt.Type == 13),
ConditionalField(
_PacketField('PacketOutput<ActionDescriptors>', None,
ActionDescriptorField_v1_3, 5),
lambda pkt: pkt.Type == 13),
# Flow Modification message body
ConditionalField(LongField('FlowModificationCookie', None),
lambda pkt: pkt.Type == 14),
ConditionalField(XLongField('FlowModificationCookieMask', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ByteField('FlowModificationTableID', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ByteField('FlowModificationCommand', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('FlowModificationIdleTimeout', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('FlowModificationHardTimeout', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('FlowModificationPriority', None),
lambda pkt: pkt.Type == 14),
ConditionalField(IntField('FlowModificationPacketBufferID', None),
lambda pkt: pkt.Type == 14),
ConditionalField(IntField('FlowModificationOutputPort', None),
lambda pkt: pkt.Type == 14),
ConditionalField(IntField('FlowModificationOutputGroup', None),
lambda pkt: pkt.Type == 14),
ConditionalField(XShortField('FlowModificationFlags', None),
lambda pkt: pkt.Type == 14),
ConditionalField(XByteField('FlowModificationPad', None),
lambda pkt: pkt.Type == 14),
# Group Modification message body
ConditionalField(ShortField('GroupModificationCommand', None),
lambda pkt: pkt.Type == 15),
ConditionalField(ByteField('GroupModificationType', None),
lambda pkt: pkt.Type == 15),
ConditionalField(ByteField('GroupModificationPad', None),
lambda pkt: pkt.Type == 15),
ConditionalField(IntField('GroupModificationGroupID', None),
lambda pkt: pkt.Type == 15),
ConditionalField(
_PacketField('GroupModificationBucket', None, OpenFlowBucket_v1_3,
18), lambda pkt: pkt.Type == 15),
# Port Modification message body
ConditionalField(ShortField('PortModification<PortNumber>', None),
lambda pkt: pkt.Type == 16),
ConditionalField(XByteField('PortModificationPad', None),
lambda pkt: pkt.Type == 16),
ConditionalField(MACField('PortModificationEthernetAddress', None),
lambda pkt: pkt.Type == 16),
ConditionalField(XByteField('PortModificationPad2', None),
lambda pkt: pkt.Type == 16),
ConditionalField(XIntField('<PortConfigurationFlags>', None),
lambda pkt: pkt.Type == 16),
ConditionalField(XIntField('<PortConfigurationFlags>Mask', None),
lambda pkt: pkt.Type == 16),
ConditionalField(XIntField('<PortConfigurationFlags>Advertise', None),
lambda pkt: pkt.Type == 16),
ConditionalField(XByteField('PortModificationPad3', None),
lambda pkt: pkt.Type == 16),
# Table Modification message body
ConditionalField(ByteField('TableModificationTableID', None),
lambda pkt: pkt.Type == 17),
ConditionalField(XByteField('TableModificationPad', None),
lambda pkt: pkt.Type == 17),
ConditionalField(XIntField('TableModificationConfiguration', None),
lambda pkt: pkt.Type == 17),
# Multipart Request / Multipart Reply message body
ConditionalField(ShortField('MultipartType', None),
lambda pkt: pkt.Type in [18, 19]),
ConditionalField(XShortField('MultipartFlags', None),
lambda pkt: pkt.Type in [18, 19]),
ConditionalField(XByteField('MultipartPad', None),
lambda pkt: pkt.Type in [18, 19]),
ConditionalField(ByteField('MultipartBody', None),
lambda pkt: pkt.Type in [18, 19]),
# Barrier Reply message body
ConditionalField(IntField('BarrierReplyID', None),
lambda pkt: pkt.Type == 21),
# Queue Get Config Request / Queue Get Config Reply message body
ConditionalField(IntField('QueueGetConfigRequestPort', None),
lambda pkt: pkt.Type in [22, 23]),
ConditionalField(ByteField('QueueGetConfigRequestPad', None),
lambda pkt: pkt.Type in [22, 23]),
ConditionalField(
_PacketField('OpenFlowPacketQueue', None, OpenFlowPacketQueue_v1_3,
16), lambda pkt: pkt.Type == 23),
# Role Request / Role Reply message body
ConditionalField(IntField('RoleRequestRole', None),
lambda pkt: pkt.Type in [24, 25]),
ConditionalField(ByteField('RoleRequestPad', None),
lambda pkt: pkt.Type in [24, 25]),
ConditionalField(LongField('RoleRequestGenerationID', None),
lambda pkt: pkt.Type in [24, 25]),
# Get Async Reply / Set Async messages body
ConditionalField(XIntField('GetAsyncReplyPacketInMask', None),
lambda pkt: pkt.Type in [27, 28]),
ConditionalField(XIntField('GetAsyncReplyPortStatusMask', None),
lambda pkt: pkt.Type in [27, 28]),
ConditionalField(XIntField('GetAsyncReplyFlowRemovedMask', None),
lambda pkt: pkt.Type in [27, 28]),
# Meter Modification message body
ConditionalField(ShortField('MeterModificationCommand', None),
lambda pkt: pkt.Type == 29),
ConditionalField(XShortField('MeterModificationFlags', None),
lambda pkt: pkt.Type == 29),
ConditionalField(IntField('MeterModificationMeterID', None),
lambda pkt: pkt.Type == 29),
ConditionalField(
_PacketField('MeterModificationMeterBand', None,
OpenFlowMeterBand_v1_3, 12),
lambda pkt: pkt.Type == 29),
StrField('Payload', None),
]
def __init__(self, name, default, cls, length=None):
StrField.__init__(self, name, default)
self.cls = cls
if length is not None:
self.length_from = lambda pkt, length=length: length
class OpenFlowBody_v1_0(Packet):
"""
OpenFlow Packet v1.0
"""
name = 'OpenFlowBody_v1_0'
fields_desc = [
# Header
ByteEnumField('Type', None, ofp_v1_0_message_type),
ShortField('Length', None),
IntField('ID', None),
# Error message body
ConditionalField(ShortField('ErrorType', None),
lambda pkt: pkt.Type == 1),
ConditionalField(ShortField('ErrorCode', None),
lambda pkt: pkt.Type == 1),
# Echo Request / Echo Reply message body
ConditionalField(StrField('Data', None),
lambda pkt: pkt.Type in [2, 3]),
# Vendor message body
ConditionalField(IntField('VendorID', None),
lambda pkt: pkt.Type == 4),
# Features Reply message body
ConditionalField(XLongField('DatapathID', None),
lambda pkt: pkt.Type == 6),
ConditionalField(IntField('AvailableNumberOfPacketsCanBeHeld', None),
lambda pkt: pkt.Type == 6),
ConditionalField(ByteField('NumberOfFlowTabs', None),
lambda pkt: pkt.Type == 6),
ConditionalField(X3BytesField('FeaturesReplyReserved', None),
lambda pkt: pkt.Type == 6),
ConditionalField(XIntField('<SwitchCapabilityFlags>', None),
lambda pkt: pkt.Type == 6),
ConditionalField(XIntField('ActionCapabilityFlags', None),
lambda pkt: pkt.Type == 6),
ConditionalField(
_PacketField('FeaturesReply<PortDescriptors>', None,
PortDescriptorField_v1_0, 48),
lambda pkt: pkt.Type == 6),
# Get Config Reply / Set Config message body
ConditionalField(XShortField('SwitchConfigurationFlags', None),
lambda pkt: pkt.Type in [8, 9]),
ConditionalField(ShortField('MissSendLength', None),
lambda pkt: pkt.Type in [8, 9]),
# Packet Input Notification message body
ConditionalField(
IntField('PacketInputNotificationPacketBufferID', None),
lambda pkt: pkt.Type == 10),
ConditionalField(ShortField('EthernetFrameLength', None),
lambda pkt: pkt.Type == 10),
ConditionalField(
ShortField('PacketInputNotificationIngresss<PortNumber>', None),
lambda pkt: pkt.Type == 10),
ConditionalField(ByteField('PacketInputNotificationReason', None),
lambda pkt: pkt.Type == 10),
ConditionalField(XByteField('PacketInputNotificationReserved', None),
lambda pkt: pkt.Type == 10),
ConditionalField(
StrLenField('EthenretFrame',
None,
length_from=lambda pkt: pkt.EthernetFrameLength),
lambda pkt: pkt.Type == 10),
# Flow Removed Notification message body
ConditionalField(
_PacketField('FlowRemovedNotification<FlowMatchDescriptor>', None,
FlowMatchDescriptorField_v1_0, 40),
lambda pkt: pkt.Type == 11),
ConditionalField(ShortField('FlowRemovedNotificationPriority', None),
lambda pkt: pkt.Type == 11),
ConditionalField(ByteField('FlowRemovedNotificationReason', None),
lambda pkt: pkt.Type == 11),
ConditionalField(XByteField('FlowRemovedNotificationReserved', None),
lambda pkt: pkt.Type == 11),
ConditionalField(IntField('LifetimeDuration', None),
lambda pkt: pkt.Type == 11),
ConditionalField(
ShortField('FlowRemovedNotificationSoftLifetime', None),
lambda pkt: pkt.Type == 11),
ConditionalField(
StrFixedLenField('FlowRemovedNotification_Reserved', None, 48),
lambda pkt: pkt.Type == 11),
ConditionalField(LongField('NumberOfPacketsTransferred', None),
lambda pkt: pkt.Type == 11),
ConditionalField(LongField('NumberOfOctetsTransferred', None),
lambda pkt: pkt.Type == 11),
# Port Status Notification message body
ConditionalField(ByteField('PortStatusNotificationReason', None),
lambda pkt: pkt.Type == 12),
ConditionalField(
StrFixedLenField('PortStatusNotificationReserved', None, 64),
lambda pkt: pkt.Type == 12),
ConditionalField(
_PacketField('PortStatusNotification<PortDescriptors>', None,
PortDescriptorField_v1_0, 48),
lambda pkt: pkt.Type == 12),
# Packet Output message body
ConditionalField(IntField('PacketOutputPacketBufferID', None),
lambda pkt: pkt.Type == 13),
ConditionalField(ShortField('PacketOutputIngress<PortNumber>', None),
lambda pkt: pkt.Type == 13),
ConditionalField(ShortField('LengthOfActionDescriptors', None),
lambda pkt: pkt.Type == 13),
ConditionalField(
_PacketField('PacketOutput<ActionDescriptors>', None,
ActionDescriptorField_v1_0), ## ???? bytes ##
lambda pkt: pkt.Type == 13),
ConditionalField(StrField('<PacketData>', None),
lambda pkt: pkt.Type == 13),
# Flow Modification message body
ConditionalField(
_PacketField('FlowModification<FlowMatchDescriptor>', None,
FlowMatchDescriptorField_v1_0, 40),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('Command', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('FlowModificationSoftLifetime', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('HardLifetime', None),
lambda pkt: pkt.Type == 14),
ConditionalField(ShortField('FlowModificationPriority', None),
lambda pkt: pkt.Type == 14),
ConditionalField(IntField('FlowModificationPacketBufferID', None),
lambda pkt: pkt.Type == 14),
ConditionalField(
ShortField('FlowModificationEgress<PortNumber>', None),
lambda pkt: pkt.Type == 14),
ConditionalField(XShortField('FlowModificationCU', None),
lambda pkt: pkt.Type == 14),
ConditionalField(XIntField('FlowModificationReserved', None),
lambda pkt: pkt.Type == 14),
ConditionalField(
_PacketField('FlowModification<ActionDescriptors>', None,
ActionDescriptorField_v1_0), ## ???? bytes
lambda pkt: pkt.Type == 14),
# Port Modification message body
ConditionalField(ShortField('PortModification<PortNumber>', None),
lambda pkt: pkt.Type == 15),
ConditionalField(MACField('Ethernet Address', None),
lambda pkt: pkt.Type == 15),
ConditionalField(XIntField('<PortConfigurationFlags>', None),
lambda pkt: pkt.Type == 15),
ConditionalField(XIntField('<PortConfigurationFlags>Mask', None),
lambda pkt: pkt.Type == 15),
ConditionalField(XIntField('<PortFeatureFlags>', None),
lambda pkt: pkt.Type == 15),
# Stats Request message body
ConditionalField(
_PacketField('StatsRequest', None, StatsRequestBody_v1_0, 48),
lambda pkt: pkt.Type == 16),
# Stats Reply message body
ConditionalField(
_PacketField('StatsReply', None,
StatsReplyBody_v1_0), ## ???? bytes
lambda pkt: pkt.Type == 17),
StrField('Payload', None),
]
def __init__(self, name, default, cls, length=None):
StrField.__init__(self, name, default)
self.cls = cls
if length is not None:
self.length_from = lambda pkt,length=length: length
def __init__(self, funcname):
StrField.__init__(self, funcname, "")
class HumanIRC(Packet):
name = 'HumanIRC'
fields_desc = [
StrField('action', ''),
]
class PAYLOAD(Packet):
name = "PAYLOAD"
fields_desc = [StrField("message", "idle")]
class HTTPRequest(Packet):
name = "HTTP Request"
http_methods = "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)"
fields_desc = [
StrField("Method", None, fmt="H"),
StrField("Host", None, fmt="H"),
StrField("User-Agent", None, fmt="H"),
StrField("Accept", None, fmt="H"),
StrField("Accept-Language", None, fmt="H"),
StrField("Accept-Encoding", None, fmt="H"),
StrField("Accept-Charset", None, fmt="H"),
StrField("Referer", None, fmt="H"),
StrField("Authorization", None, fmt="H"),
StrField("Expect", None, fmt="H"),
StrField("From", None, fmt="H"),
StrField("If-Match", None, fmt="H"),
StrField("If-Modified-Since", None, fmt="H"),
StrField("If-None-Match", None, fmt="H"),
StrField("If-Range", None, fmt="H"),
StrField("If-Unmodified-Since", None, fmt="H"),
StrField("Max-Forwards", None, fmt="H"),
StrField("Proxy-Authorization", None, fmt="H"),
StrField("Range", None, fmt="H"),
StrField("TE", None, fmt="H"),
StrField("Cache-Control", None, fmt="H"),
StrField("Connection", None, fmt="H"),
StrField("Date", None, fmt="H"),
StrField("Pragma", None, fmt="H"),
StrField("Trailer", None, fmt="H"),
StrField("Transfer-Encoding", None, fmt="H"),
StrField("Upgrade", None, fmt="H"),
StrField("Via", None, fmt="H"),
StrField("Warning", None, fmt="H"),
StrField("Keep-Alive", None, fmt="H"),
StrField("Allow", None, fmt="H"),
StrField("Content-Encoding", None, fmt="H"),
StrField("Content-Language", None, fmt="H"),
StrField("Content-Length", None, fmt="H"),
StrField("Content-Location", None, fmt="H"),
StrField("Content-MD5", None, fmt="H"),
StrField("Content-Range", None, fmt="H"),
StrField("Content-Type", None, fmt="H"),
StrField("Expires", None, fmt="H"),
StrField("Last-Modified", None, fmt="H"),
StrField("Cookie", None, fmt="H"),
StrField("Additional-Headers", None, fmt="H")
]
def do_dissect(self, s):
''' From the HTTP packet string, populate the scapy object '''
first_line, body = _dissect_headers(self, s)
self.setfieldval('Method', first_line)
return body
def self_build(self, field_pos_list=None):
''' Generate the HTTP packet string (the oppposite of do_dissect) '''
return _self_build(self, field_pos_list)
class HTTPResponse(Packet):
name = "HTTP Response"
fields_desc = [
StrField("Status-Line", None, fmt="H"),
StrField("Accept-Ranges", None, fmt="H"),
StrField("Age", None, fmt="H"),
StrField("E-Tag", None, fmt="H"),
StrField("Location", None, fmt="H"),
StrField("Proxy-Authenticate", None, fmt="H"),
StrField("Retry-After", None, fmt="H"),
StrField("Server", None, fmt="H"),
StrField("Vary", None, fmt="H"),
StrField("WWW-Authenticate", None, fmt="H"),
StrField("Cache-Control", None, fmt="H"),
StrField("Connection", None, fmt="H"),
StrField("Date", None, fmt="H"),
StrField("Pragma", None, fmt="H"),
StrField("Trailer", None, fmt="H"),
StrField("Transfer-Encoding", None, fmt="H"),
StrField("Upgrade", None, fmt="H"),
StrField("Via", None, fmt="H"),
StrField("Warning", None, fmt="H"),
StrField("Keep-Alive", None, fmt="H"),
StrField("Allow", None, fmt="H"),
StrField("Content-Encoding", None, fmt="H"),
StrField("Content-Language", None, fmt="H"),
StrField("Content-Length", None, fmt="H"),
StrField("Content-Location", None, fmt="H"),
StrField("Content-MD5", None, fmt="H"),
StrField("Content-Range", None, fmt="H"),
StrField("Content-Type", None, fmt="H"),
StrField("Expires", None, fmt="H"),
StrField("Last-Modified", None, fmt="H"),
StrField("Additional-Headers", None, fmt="H")
]
def do_dissect(self, s):
''' From the HTTP packet string, populate the scapy object '''
first_line, body = _dissect_headers(self, s)
self.setfieldval('Status-Line', first_line)
return body
def self_build(self, field_pos_list=None):
''' From the HTTP packet string, populate the scapy object '''
return _self_build(self, field_pos_list)
class HTTPrequest(Packet):
name = "HTTP Request"
http_methods = "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)"
fields_desc = [
StrField("Method", None, fmt="H"),
StrField("Host", None, fmt="H"),
StrField("UserAgent", None, fmt="H"),
StrField("Accept", None, fmt="H"),
StrField("AcceptLanguage", None, fmt="H"),
StrField("AcceptEncoding", None, fmt="H"),
StrField("AcceptCharset", None, fmt="H"),
StrField("Referer", None, fmt="H"),
StrField("Authorization", None, fmt="H"),
StrField("Expect", None, fmt="H"),
StrField("From", None, fmt="H"),
StrField("IfMatch", None, fmt="H"),
StrField("IfModifiedSince", None, fmt="H"),
StrField("IfNoneMatch", None, fmt="H"),
StrField("IfRange", None, fmt="H"),
StrField("IfUnmodifiedSince", None, fmt="H"),
StrField("MaxForwards", None, fmt="H"),
StrField("ProxyAuthorization", None, fmt="H"),
StrField("Range", None, fmt="H"),
StrField("TE", None, fmt="H")
]
def do_dissect(self, s):
fields_rfc = [
"Method", "Host", "User-Agent", "Accept", "Accept-Language",
"Accept-Encoding", "Accept-Charset", "Referer", "Authorization",
"Expect", "From", "If-Match", "If-Modified-Since", "If-None-Match",
"If-Range", "If-Unmodified-Since", "Max-Forwards",
"Proxy-Authorization", "Range", "TE"
]
a = s.split("\r\n")
obj = self.fields_desc[:]
obj.reverse()
fields_rfc.reverse()
while obj:
f = obj.pop()
g = fields_rfc.pop()
for x in a:
if (g == "Method"):
prog = re.compile(self.http_methods)
else:
prog = re.compile(g + ":", re.IGNORECASE)
result = prog.search(x)
if result:
self.setfieldval(f.name, x + '\r\n')
a.remove(x)
return '\r\n' + "".join(a)
class HTTP(Packet):
name = "HTTP"
fields_desc = [
StrField("CacheControl", None, fmt="H"),
StrField("Connection", None, fmt="H"),
StrField("Date", None, fmt="H"),
StrField("Pragma", None, fmt="H"),
StrField("Trailer", None, fmt="H"),
StrField("TransferEncoding", None, fmt="H"),
StrField("Upgrade", None, fmt="H"),
StrField("Via", None, fmt="H"),
StrField("Warning", None, fmt="H"),
StrField("KeepAlive", None, fmt="H"),
StrField("Allow", None, fmt="H"),
StrField("ContentEncoding", None, fmt="H"),
StrField("ContentLanguage", None, fmt="H"),
StrField("ContentLength", None, fmt="H"),
StrField("ContentLocation", None, fmt="H"),
StrField("ContentMD5", None, fmt="H"),
StrField("ContentRange", None, fmt="H"),
StrField("ContentType", None, fmt="H"),
StrField("Expires", None, fmt="H"),
StrField("LastModified", None, fmt="H")
]
def do_dissect(self, s):
fields_rfc = [
"Cache-Control", "Connection", "Date", "Pragma", "Trailer",
"Transfer-Encoding", "Upgrade", "Via", "Warning", "Keep-Alive",
"Allow", "Content-Encoding", "Content-Language", "Content-Length",
"Content-Location", "Content-MD5", "Content-Range", "Content-Type",
"Expires", "Last-Modified"
]
a = s.split("\r\n")
obj = self.fields_desc[:]
obj.reverse()
fields_rfc.reverse()
while obj:
f = obj.pop()
g = fields_rfc.pop()
for x in a:
prog = re.compile(g + ":", re.IGNORECASE)
result = prog.search(x)
if result:
self.setfieldval(f.name, x + '\r\n')
a.remove(x)
return "\r\n".join(a)
def guess_payload_class(self, payload):
prog = re.compile("^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)")
result = prog.search(payload)
if result:
return HTTPrequest
else:
prog = re.compile("^HTTP/((0\.9)|(1\.0)|(1\.1))\ [0-9]{3}.*")
result = prog.search(payload)
if result:
return HTTPresponse
return Packet.guess_payload_class(self, payload)
