def main(args, pcap_file):
CTCore.pcap_file = pcap_file[0]
print("[A] Analyzing PCAP: " + CTCore.pcap_file)
CTCore.b_use_short_uri = args.short_url # Display short URI paths
CTCore.b_auto_ungzip = args.ungzip
if(args.report is not None):
CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
if not CTCore.conversations:
sys.exit("No HTTP conversations were found in PCAP file")
print(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
print(CTCore.activity_date_time)
except:
print "Couldn't retrieve time"
print("[+] Conversations Found:" + CTCore.newLine)
print CTCore.show_conversations()
# If chosen just to dump files and exit
if (args.dump is not None):
try:
CTCore.ungzip_all()
CTCore.dump_all_files(args.dump[0],True)
except Exception, ed:
print ed
def do_ziplist(self, line):
try:
line = str(line)
import zipfile
l = line.split(" ")
if (l[0] == ""):
self.help_ziplist()
else:
id, size = get_id_size(line)
if in_range(id):
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
fp = StringIO.StringIO(response)
fp.write(response)
zfp = zipfile.ZipFile(fp, "r")
self.retval = " " + str(len(zfp.namelist())) + \
" Files found in zip object {} ({}):".format(
str(id),name) + newLine
for cnt, fl in enumerate(zfp.namelist()):
self.retval += " [Z] " + str(cnt + 1) + " : " + fl
cnt += 1
self.retval += newLine
except Exception,e:
self.retval = "Error unzipping object: " + str(e)
def do_jsbeautify(self,line):
try:
import jsbeautifier
l = line.split(" ")
if len(l) < 2:
self.help_jsbeautify()
else:
OPTIONS = ['slice','obj']
option = l[0]
if option not in OPTIONS:
print "Invalid option"
return False
id = l[1]
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
if option == "slice":
offset = int(l[2])
length = l[3]
bytes, length = get_bytes(response,offset,length)
js_bytes = bytes
res = jsbeautifier.beautify(js_bytes)
print res
if option == "obj":
res = jsbeautifier.beautify(response)
obj_num = CTCore.add_object("jsbeautify",res,id=id)
print " JavaScript Beautify of object {} ({}) successful!".format(str(id), name)
print " New object created: {}".format(obj_num) + newLine
except Exception,e:
print str(e)
def main(args):
file_path = args[1]
print("[A] Analyzing PCAP: " + args[1])
parse_pcap.run(file_path)
print(CTCore.newLine + "[+] Traffic Activity Time: " + CTCore.activity_date_time.strftime('%a, %x %X'))
print("[+] Conversations Found:" + CTCore.newLine)
CTCore.show_conversations()
start_ws = True
if (len(args) > 2):
if args[2].lower() == "-s":
start_ws = False
else:
CTCore.PORT = int(args[2])
if (start_ws):
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
except Exception,e:
print "[E] Error starting Web Service:"
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already Taken."
print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
def do_ls(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
CTCore.list_pcap(".")
else:
CTCore.list_pcap(os.path.expanduser(l[0]))
except Exception,e:
print str(e)
def do_urlb64d(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_urlb64d()
else:
id = int(l[0])
if in_range(id):
CTCore.urlb64d(id)
except Exception,e:
print str(e)
def do_hexdump(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_hexdump()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, size)
name = CTCore.get_name(id)
print "Displaying hexdump of object {} ({}) body [{} bytes]:".format(id, name, size)
print newLine + hexdump(response) + newLine
except Exception,e:
print str(e)
def do_load(self, line):
# try:
# CTCore.load_pcap(line)
# except Exception, e:
# print str(e)
try:
l = line.split(" ")
if (l[0] == ""):
self.help_load()
else:
CTCore.load_pcap(line)
exit(0)
except Exception,e:
print str(e)
def do_req(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_req()
else:
id, size = get_id_size(line)
request, size = CTCore.get_request_size(id, "all")
name = CTCore.get_name(id)
print "Displaying request for object {} ({}) [{} bytes]:".format(id, name, size)
CTCore.show_errors()
print newLine + request
except Exception,e:
print str(e)
def do_body(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_body()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, size)
name = CTCore.get_name(id)
print "Displaying body of object {} ({}) [{} bytes]:".format(id, name, size)
CTCore.show_errors()
print newLine + response
except Exception,e:
print str(e)
def main(args, pcap_file):
if not os.path.exists(args.dump[0]):
os.makedirs(args.dump[0])
CTCore.pcap_file = pcap_file[0]
if(args.report is not None):
CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
# If chosen just to dump files and exit
if (args.dump is not None):
try:
CTCore.ungzip_all()
CTCore.dump_all_files(args.dump[0],True)
except Exception, ed:
print ed
def do_vt(self,line):
try:
line = str(line)
l = line.split(" ")
if (l[0] == ""):
self.help_vt()
else:
if not CTCore.VT_APIKEY:
print newLine + "No Virus Total API key found, please enter your API key:",
CTCore.VT_APIKEY = raw_input()
id = int(l[0])
body, sz = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
self.retval = " VirusTotal result for object {} ({}):".format(str(id),name) + newLine
hash = hashlib.md5(StringIO.StringIO(body).getvalue()).hexdigest()
vtdata = CTCore.send_to_vt(hash, CTCore.VT_APIKEY)
if vtdata[0] != -1:
jsonDict = vtdata[1]
if jsonDict.has_key('response_code'):
if jsonDict['response_code'] == 1:
if jsonDict.has_key('scans') and jsonDict.has_key('scan_date') \
and jsonDict.has_key('total') and jsonDict.has_key('positives') and jsonDict.has_key('permalink'):
self.retval += " Detection: {}/{}".format(jsonDict['positives'], jsonDict['total'])
self.retval += " Last Analysis Date: {}".format(jsonDict['scan_date'])
self.retval += " Report Link: {}".format(jsonDict['permalink']) + newLine
if jsonDict['positives'] > 0:
self.retval += " Scan Result:"
for av in jsonDict['scans']:
av_res = jsonDict['scans'][av]
if av_res.has_key('detected') and av_res.has_key('version') and av_res.has_key('result') and av_res.has_key('update'):
if av_res['detected']:
self.retval += "\t{}\t{}\t{}\t{}".format(av, av_res['result'], av_res['version'], av_res['update'])
else:
self.retval += " Missing elements in Virus Total Response"
else:
self.retval += " File not found in VirusTotal"
else:
self.retval += " Response from VirusTotal isn't valid"
else:
self.retval += vtdata[1]
self.retval += newLine
except Exception,e:
self.retval = str(e)
def do_strings(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_strings()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print "Strings found in object {} ({}) [{} bytes]:".format(id, name, size)
strings = CTCore.get_strings(response)
print (newLine.join(str for str in strings))
except Exception,e:
print str(e)
def do_hexdump(self, line, xor=None, custsize=None):
try:
line = str(line)
l = line.split(" ")
if (l[0] == ""):
self.help_hexdump()
else:
id, size = get_id_size(line)
if custsize:
size = custsize
response, size = CTCore.get_response_and_size(id, size)
name = CTCore.get_name(id)
self.retval = "Displaying hexdump of object {} ({}) body [{} bytes]:".format(id, name, size)
self.retval += newLine + hexdump(response) + newLine
except Exception,e:
self.retval = str(e)
def run(file_path):
conn_dict = OrderedDict()
try:
if file_path != '-':
infile = io.open(file_path, "rb")
else:
infile = sys.stdin
try:
pcap_file(conn_dict, infile)
finally:
time.sleep(0.1)
CTCore.sort_convs()
infile.close()
finally:
for conn in conn_dict.values():
conn.finish()
def get_plaintext_body_by_id(self, id):
if id < len(self.conversations) and self.conversations[id].magic_ext == "GZ":
data, name = CTCore.ungzip(id)
else:
data = self.get_body_by_id(id)
return data
def check_path(path,type="file"):
directory = os.path.dirname(path)
if type == "file" and os.path.isdir(path):
CTCore.alert_message("Please specify a full path and not a folder",msg_type.ERROR)
return False
if not os.path.isdir(directory):
print newLine + " Directory {} doesn't exists. Create? (Y/n):".format(directory),
ans = raw_input()
if ans.lower() == "y" or ans == "":
os.makedirs(directory)
return True
else:
return False
else:
return True
def do_iframes(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_resp()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
parser = CTCore.CapTipperHTMLParser("iframe")
print "Searching for iframes in object {} ({})...".format(str(id),name)
parser.feed(response)
parser.print_iframes()
print ""
except Exception,e:
print str(e)
def do_vt(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_vt()
else:
id = int(l[0])
body, sz = get_response_size(id, "all")
name = CTCore.get_name(id)
print " VirusTotal result for object {} ({}):".format(str(id),name) + newLine
import hashlib
hash = hashlib.md5(StringIO.StringIO(body).getvalue()).hexdigest()
vtdata = CTCore.send_to_vt(hash, CTCore.APIKEY)
if vtdata[0] != -1:
jsonDict = vtdata[1]
if jsonDict.has_key('response_code'):
if jsonDict['response_code'] == 1:
if jsonDict.has_key('scans') and jsonDict.has_key('scan_date') \
and jsonDict.has_key('total') and jsonDict.has_key('positives') and jsonDict.has_key('permalink'):
print " Detection: {}/{}".format(jsonDict['positives'], jsonDict['total'])
print " Last Analysis Date: {}".format(jsonDict['scan_date'])
print " Report Link: {}".format(jsonDict['permalink']) + newLine
if jsonDict['positives'] > 0:
print " Scan Result:"
for av in jsonDict['scans']:
av_res = jsonDict['scans'][av]
if av_res.has_key('detected') and av_res.has_key('version') and av_res.has_key('result') and av_res.has_key('update'):
if av_res['detected']:
print "\t{}\t{}\t{}\t{}".format(av, av_res['result'], av_res['version'], av_res['update'])
else:
print " Missing elements in Virus Total Response"
else:
print " File not found in VirusTotal"
else:
print " Response from VirusTotal isn't valid"
else:
print vtdata[1]
print ""
except Exception,e:
print str(e)
def do_iframes(self,line,tag="iframe"):
try:
line = str(line)
l = line.split(" ")
if (l[0] == ""):
self.help_resp()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
parser = CTCore.srcHTMLParser(tag)
self.retval = "Searching for iframes in object {} ({})...".format(str(id),name)
parser.feed(response)
self.retval += "{} found{}".format(len(parser.tags), newLine)
return parser
except Exception,e:
self.retval = str(e)
def do_unzlib(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_unzlib()
else:
if l[0].lower() == "all":
CTCore.unzlib_all()
else:
id = int(l[0])
if in_range(id):
obj_num, name = CTCore.unzlib(id)
if obj_num != -1:
print " ZLIB Decompression of object {} ({}) successful!".format(str(id), name)
print " New object created: {}".format(obj_num) + newLine
else:
CTCore.show_errors()
except Exception,e:
print str(e)
def do_ungzip(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_ungzip()
else:
id = l[0]
body, sz = get_response_size(id, "all")
name = CTCore.get_name(id)
import gzip
decomp = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(body))
page = decomp.read()
obj_num = CTCore.add_object("ungzip",page,id=id)
print " GZIP Decompression of object {} ({}) successful!".format(str(id), name)
print " New object created: {}".format(obj_num) + newLine
except Exception,e:
print str(e)
def do_dump(self,line):
try:
l = line.split(" ")
if len(l) < 2:
self.help_dump()
else:
if l[0].lower() == "all":
dump_exe = True
if len(l) > 2 and l[2].lower() == "-e":
dump_exe = False
CTCore.dump_all_files(l[1], dump_exe)
else:
id = l[0]
path = l[1]
if check_path(path, type="file"):
CTCore.dump_file(id,path)
except Exception,e:
print str(e)
def do_slice(self,line):
try:
l = line.split(" ")
if len(l) < 3:
self.help_slice()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
offset = int(l[1])
length = l[2]
bytes, length = get_bytes(response,offset,length)
print "Displaying {} of bytes from offset {} in object {} ({}):".format(length, offset, id, name)
print ""
print bytes
print ""
except Exception,e:
print str(e)
def do_ungzip(self,line):
try:
line = str(line)
l = line.split(" ")
if (l[0] == ""):
self.help_ungzip()
else:
if l[0].lower() == "all":
CTCore.ungzip_all()
else:
id = int(l[0])
if in_range(id):
obj_num, name = CTCore.ungzip_and_add(id)
if obj_num != -1:
CTCore.conversations[int(id)].decoded = int(obj_num)
self.retval = " GZIP Decompression of object {} ({}) successful!".format(str(id), name)
self.retval += " New object created: {}".format(obj_num) + newLine
else:
CTCore.show_errors()
except Exception,e:
self.retval = str(e)
def do_hashes(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_hashes()
else:
id = int(l[0])
body, sz = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print " Hashes of object {} ({}):".format(str(id),name) + newLine
for alg in hashlib.algorithms:
hashfunc = getattr(hashlib, alg)
hash = hashfunc(StringIO.StringIO(body).getvalue()).hexdigest()
print " {0:8} : {1}".format(alg, hash)
print ""
except Exception,e:
print str(e)
def do_peinfo(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_peinfo()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print "Displaying PE info of object {} ({}) [{} bytes]:".format(id, name, size)
if len(l) > 1 and l[1].lower() == "-p":
print "Checking for packers..."
pescan = PEScanner(response, '', peid_sigs="userdb.txt")
else:
pescan = PEScanner(response, '', '')
out = pescan.collect()
print '\n'.join(out)
except Exception,e:
print str(e)
def do_peinfo(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_peinfo()
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print "Displaying PE info of object {} ({}) [{} bytes]:".format(
id, name, size)
if len(l) > 1 and l[1].lower() == "-p":
print "Checking for packers..."
pescan = PEScanner(response, '', peid_sigs="userdb.txt")
else:
pescan = PEScanner(response, '', '')
out = pescan.collect()
print '\n'.join(out)
except Exception, e:
print str(e)
def do_jsbeautify(self, line):
try:
line = str(line)
import jsbeautifier
l = line.split(" ")
if len(l) < 2:
self.help_jsbeautify()
else:
OPTIONS = ['slice', 'obj']
option = l[0]
if option not in OPTIONS:
self.retval = "Invalid option"
return False
id = l[1]
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
if option == "slice":
offset = int(l[2])
length = l[3]
bytes, length = get_bytes(response, offset, length)
js_bytes = bytes
res = jsbeautifier.beautify(js_bytes)
self.retval = res
if option == "obj":
res = jsbeautifier.beautify(response)
obj_num = CTCore.add_object("jsbeautify", res, id=id)
self.retval = " JavaScript Beautify of object {} ({}) successful!".format(
str(id), name)
self.retval += " New object created: {}".format(
obj_num) + newLine
except Exception, e:
self.retval = str(e)
def do_hashes(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_hashes()
else:
id = int(l[0])
body, sz = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print " Hashes of object {} ({}):".format(str(id),
name) + newLine
for alg in hashlib.algorithms:
hashfunc = getattr(hashlib, alg)
hash = hashfunc(
StringIO.StringIO(body).getvalue()).hexdigest()
print " {0:8} : {1}".format(alg, hash)
print ""
except Exception, e:
print str(e)
def do_head(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_head()
else:
id = int(l[0])
header = get_head(id)
name = CTCore.get_name(id)
print "Displaying header of object {} ({}):".format(str(id), name)
print newLine + header
except Exception,e:
print str(e)
def do_hexdump(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_hexdump()
else:
id, size = get_id_size(line)
response, size = get_response_size(id, size)
name = CTCore.get_name(id)
print "Displaying hexdump of object {} ({}) body [{} bytes]:".format(
id, name, size)
print newLine + hexdump(response) + newLine
except Exception, e:
print str(e)
def do_find(self,line):
try:
l = line.split(" ")
if len(l) < 2:
self.help_find()
else:
pattern = " ".join(l[1:])
if l[0].lower() == "all":
print "Searching '{}' in all objects:".format(pattern)
for i in range(0,len(CTCore.objects)):
response, size = CTCore.get_response_and_size(i, "all")
name = CTCore.get_name(i)
search_res = find_pattern(response, pattern)
if len(search_res) > 0:
print newLine + " {} [{}]:".format(name,str(i))
for res in search_res:
print " " + res
print ""
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print "Searching '{}' in object {} ({}):".format(pattern, id, name)
print ""
search_res = find_pattern(response, pattern)
if len(search_res) > 0:
for res in search_res:
print res
else:
print " No Results found"
print ""
except Exception,e:
print str(e)
def do_find(self, line):
try:
l = line.split(" ")
if len(l) < 2:
self.help_find()
else:
pattern = " ".join(l[1:])
if l[0].lower() == "all":
print "Searching '{}' in all objects:".format(pattern)
for i in range(0, len(CTCore.objects)):
response, size = CTCore.get_response_and_size(i, "all")
name = CTCore.get_name(i)
search_res = find_pattern(response, pattern)
if len(search_res) > 0:
print newLine + " {} [{}]:".format(name, str(i))
for res in search_res:
print " " + res
print ""
else:
id, size = get_id_size(line)
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print "Searching '{}' in object {} ({}):".format(
pattern, id, name)
print ""
search_res = find_pattern(response, pattern)
if len(search_res) > 0:
for res in search_res:
print res
else:
print " No Results found"
print ""
except Exception, e:
print str(e)
def do_head(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_head()
else:
id = int(l[0])
header = get_head(id)
name = CTCore.get_name(id)
print "Displaying header of object {} ({}):".format(
str(id), name)
print newLine + header
except Exception, e:
print str(e)
def do_ungzip(self, line):
try:
line = str(line)
l = line.split(" ")
if (l[0] == ""):
self.help_ungzip()
else:
if l[0].lower() == "all":
CTCore.ungzip_all()
else:
id = int(l[0])
if in_range(id):
obj_num, name = CTCore.ungzip_and_add(id)
if obj_num != -1:
CTCore.conversations[int(id)].decoded = int(
obj_num)
self.retval = " GZIP Decompression of object {} ({}) successful!".format(
str(id), name)
self.retval += " New object created: {}".format(
obj_num) + newLine
else:
CTCore.show_errors()
except Exception, e:
self.retval = str(e)
def do_ziplist(self, line):
try:
import zipfile
l = line.split(" ")
if (l[0] == ""):
self.help_ziplist()
else:
id, size = get_id_size(line)
if in_range(id):
response, size = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
fp = StringIO.StringIO(response)
fp.write(response)
zfp = zipfile.ZipFile(fp, "r")
print " " + str(len(zfp.namelist(
))) + " Files found in zip object {} ({}):".format(
str(id), name) + newLine
for cnt, fl in enumerate(zfp.namelist()):
print " [Z] " + str(cnt + 1) + " : " + fl
cnt += 1
print ""
except Exception, e:
print "Error unzipping object: " + str(e)
def _do_output(self):
printer_lock.acquire()
try:
value = self.buf.getvalue()
self.buf = StringIO()
if value:
#print("[%s:%d] -- -- --> [%s:%d] " % (self.client_host[0], self.client_host[1],
# self.remote_host[0], self.remote_host[1]),
# file=config.out)
#print(value.encode('utf8'), file=config.out)
CTCore.finish_conversation(self)
#config.out.flush()
except IOError as e:
if e.errno == 32:
# may be pipe closed
sys.exit(0)
else:
print(e, file=sys.stderr)
sys.exit(-1)
finally:
printer_lock.release()
def main(args):
file_path = args[1]
print("[A] Analyzing PCAP: " + args[1])
parse_pcap.run(file_path)
print(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
print(CTCore.activity_date_time.strftime('%a, %x %X'))
except:
print "Couldn't retrieve time"
print("[+] Conversations Found:" + CTCore.newLine)
CTCore.show_conversations()
start_ws = True
if (len(args) > 2):
if args[2].lower() == "-s":
start_ws = False
else:
CTCore.PORT = int(args[2])
if (start_ws):
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
except Exception,e:
print "[E] Error starting Web Service:"
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already Taken."
print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
def _do_output(self):
printer_lock.acquire()
try:
value = self.buf.getvalue()
self.buf = StringIO()
if value:
#print("[%s:%d] -- -- --> [%s:%d] " % (self.client_host[0], self.client_host[1],
# self.remote_host[0], self.remote_host[1]),
# file=config.out)
#print(value.encode('utf8'), file=config.out)
CTCore.finish_conversation(self)
#config.out.flush()
except IOError as e:
if e.errno == 32:
# may be pipe closed
sys.exit(0)
else:
print(e, file=sys.stderr)
sys.exit(-1)
finally:
printer_lock.release()
def do_plugin(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_plugin()
elif (l[0] == "-l"):
print "Loaded Plugins ({}):".format(len(CTCore.plugins))
for plug in CTCore.plugins:
print " {} : {} - {}".format(plug.id, plug.name,
plug.description)
print ""
else:
if (l[0].isdigit() and int(l[0]) < len(CTCore.plugins)):
plugin_name = CTCore.plugins[int(l[0])].name
else:
plugin_name = l[0]
plugin_args = l[1:]
result = CTCore.run_plugin(plugin_name, plugin_args)
if result is not None:
print result
except Exception, e:
print str(e)
def main(args, pcap_file):
if (args.update):
CTCore.update_captipper()
CTCore.pcap_file = pcap_file[0]
print("[A] Analyzing PCAP: " + CTCore.pcap_file)
start_ws = args.server_off # Boolean to start web server
CTCore.PORT = args.port # Web server port
CTCore.b_use_short_uri = args.short_url # Display short URI paths
CTCore.b_auto_ungzip = args.ungzip
if (args.report is not None):
CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
if not CTCore.conversations:
sys.exit("No HTTP conversations were found in PCAP file")
print(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
print(CTCore.activity_date_time)
except:
print "Couldn't retrieve time"
print("[+] Conversations Found:" + CTCore.newLine)
CTCore.show_conversations()
if (start_ws and args.dump is None and args.report is None):
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
except Exception, e:
CTCore.alert_message("Error starting Web Server:",
CTCore.msg_type.ERROR)
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already taken."
print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
CTCore.web_server_turned_on = True
except Exception, e:
CTCore.alert_message("Error starting Web Server:",
CTCore.msg_type.ERROR)
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already taken."
print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
# If chosen just to dump files and exit
if (args.dump is not None):
try:
CTCore.ungzip_all()
CTCore.dump_all_files(args.dump[0], True)
except Exception, ed:
print ed
# If chosen to create a report
elif (args.report is not None):
report = Report(CTCore.hosts, CTCore.conversations,
CTCore.VERSION + " b" + CTCore.BUILD)
report.CreateReport(args.report[0])
else:
try:
CTPlugin.init_plugins()
interpreter = console()
interpreter.cmdloop()
except:
def get_name_by_id(self, id):
name = CTCore.get_name(id)
return name
def get_body_by_id(self, id):
response, size = CTCore.get_response_and_size(id, "all")
return response
def do_wire(self, line):
try:
CTCore.load_wire()
except Exception, e:
print str(e)
def do_convs(self, line):
line = str(line)
self.retval = "Conversations Found:" + newLine
self.retval += CTCore.show_conversations()
def do_objects(self, line):
self.retval = CTCore.show_objects()
def do_hosts(self, line):
self.retval = "Found Hosts:" + newLine
self.retval += CTCore.show_hosts()
def do_convs(self, line):
print "Conversations Found:" + newLine
CTCore.show_conversations()
def do_objects(self, line):
CTCore.show_objects()
print ""
def do_hosts(self, line):
print "Found Hosts:" + newLine
CTCore.show_hosts()
def do_vt(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_vt()
else:
if not CTCore.VT_APIKEY:
print newLine + "No Virus Total API key found, please enter your API key:",
CTCore.VT_APIKEY = raw_input()
id = int(l[0])
body, sz = CTCore.get_response_and_size(id, "all")
name = CTCore.get_name(id)
print " VirusTotal result for object {} ({}):".format(
str(id), name) + newLine
hash = hashlib.md5(
StringIO.StringIO(body).getvalue()).hexdigest()
vtdata = CTCore.send_to_vt(hash, CTCore.VT_APIKEY)
if vtdata[0] != -1:
jsonDict = vtdata[1]
if jsonDict.has_key('response_code'):
if jsonDict['response_code'] == 1:
if jsonDict.has_key('scans') and jsonDict.has_key('scan_date') \
and jsonDict.has_key('total') and jsonDict.has_key('positives') and jsonDict.has_key('permalink'):
print " Detection: {}/{}".format(
jsonDict['positives'], jsonDict['total'])
print " Last Analysis Date: {}".format(
jsonDict['scan_date'])
print " Report Link: {}".format(
jsonDict['permalink']) + newLine
if jsonDict['positives'] > 0:
print " Scan Result:"
for av in jsonDict['scans']:
av_res = jsonDict['scans'][av]
if av_res.has_key(
'detected') and av_res.has_key(
'version'
) and av_res.has_key(
'result'
) and av_res.has_key('update'):
if av_res['detected']:
print "\t{}\t{}\t{}\t{}".format(
av, av_res['result'],
av_res['version'],
av_res['update'])
else:
print " Missing elements in Virus Total Response"
else:
print " File not found in VirusTotal"
else:
print " Response from VirusTotal isn't valid"
else:
print vtdata[1]
print ""
except Exception, e:
print str(e)
def do_update(self, line):
try:
CTCore.update_captipper()
except Exception, e:
print str(e)
