def __init__(self, setup): super(SnifferEngine, self).__init__() self.setup = setup sys.stderr.write("[+] Starting sniffer...\n") # check if sniffer directory exists if not os.path.isdir(self.setup['SNIFFER_DIR']): sys.stderr.write("Could not load directory specified in sniffer_dir: {}\n".format(self.setup['SNIFFER_DIR'])) exit() sys.stderr.write("[+] Successfully loaded sniffer directory: {}\n".format(self.setup['SNIFFER_DIR'])) if setup['TLS_PROXY_PORT'] > 0: from Malcom.sniffer.tlsproxy.tlsproxy import MalcomTLSProxy sys.stderr.write("[+] Starting TLS proxy on port {}\n".format(setup['TLS_PROXY_PORT'])) self.tls_proxy = MalcomTLSProxy(setup['TLS_PROXY_PORT']) self.tls_proxy.engine = self self.tls_proxy.start() else: self.tls_proxy = None self.sessions = {} self.model = Model(self.setup) self.db_lock = threading.Lock() self.messenger = SnifferMessenger() self.messenger.snifferengine = self
class SnifferEngine(object): """docstring for SnifferEngine""" def __init__(self, setup, yara_rules=None): super(SnifferEngine, self).__init__() self.setup = setup sys.stderr.write("[+] Starting sniffer...\n") # check if sniffer directory exists if not os.path.isdir(self.setup['SNIFFER_DIR']): sys.stderr.write("Could not load directory specified in sniffer_dir: {}\n".format(self.setup['SNIFFER_DIR'])) exit() sys.stderr.write("[+] Successfully loaded sniffer directory: {}\n".format(self.setup['SNIFFER_DIR'])) if setup['TLS_PROXY_PORT'] > 0: from Malcom.sniffer.tlsproxy.tlsproxy import MalcomTLSProxy sys.stderr.write("[+] Starting TLS proxy on port {}\n".format(setup['TLS_PROXY_PORT'])) self.tls_proxy = MalcomTLSProxy(setup['TLS_PROXY_PORT']) self.tls_proxy.engine = self self.tls_proxy.start() else: self.tls_proxy = None self.sessions = {} self.model = Model(self.setup) self.db_lock = threading.Lock() self.messenger = SnifferMessenger() self.messenger.snifferengine = self if has_yara and yara_rules: try: self.yara_rules = self.load_yara_rules(yara_rules) except Exception, e: sys.stderr.write("Could not load yara rules specified in yara_path: {}\n".format(e)) exit() else:
class SnifferEngine(object): """docstring for SnifferEngine""" def __init__(self, setup): super(SnifferEngine, self).__init__() self.setup = setup sys.stderr.write("[+] Starting sniffer...\n") # check if sniffer directory exists if not os.path.isdir(self.setup['SNIFFER_DIR']): sys.stderr.write("Could not load directory specified in sniffer_dir: {}\n".format(self.setup['SNIFFER_DIR'])) exit() sys.stderr.write("[+] Successfully loaded sniffer directory: {}\n".format(self.setup['SNIFFER_DIR'])) if setup['TLS_PROXY_PORT'] > 0: from Malcom.sniffer.tlsproxy.tlsproxy import MalcomTLSProxy sys.stderr.write("[+] Starting TLS proxy on port {}\n".format(setup['TLS_PROXY_PORT'])) self.tls_proxy = MalcomTLSProxy(setup['TLS_PROXY_PORT']) self.tls_proxy.engine = self self.tls_proxy.start() else: self.tls_proxy = None self.sessions = {} self.model = Model(self.setup) self.db_lock = threading.Lock() self.messenger = SnifferMessenger() self.messenger.snifferengine = self def fetch_sniffer_session(self, session_id): try: debug_output("Fetching session {} from memory".format(session_id)) session = self.sessions.get(ObjectId(session_id)) except Exception as e: debug_output("An {} error occurred when fetching session '{}': {}".format(type(e).__name__, session_id, e), 'error') return # if not found, recreate it from the DB if not session: debug_output("Fetching session {} from DB".format(session_id)) s = self.model.get_sniffer_session(session_id) if not s: return None # TLS interception only possible if PCAP hasn't been generated yet intercept_tls = s['intercept_tls'] and not s['pcap'] if s: session = SnifferSession(s['name'], None, None, self, id=s['_id'], filter_restore=s['filter'], intercept_tls=intercept_tls) session.pcap = s['pcap'] session.public = s['public'] session.date_created = s['date_created'] self.sessions[session.id] = session session_data = bson_loads(s['session_data']) session.nodes = session_data['nodes'] session.edges = session_data['edges'] session.packet_count = s['packet_count'] session.flows = {} for flow in session_data['flows']: f = Flow.load_flow(flow) session.flows[f.fid] = f return session def new_session(self, params): session_name = params['session_name'] remote_addr = params['remote_addr'] filter = params['filter'] intercept_tls = params['intercept_tls'] sniffer_session = SnifferSession(session_name, remote_addr, filter, self, None, intercept_tls) sniffer_session.pcap = params['pcap'] sniffer_session.public = params['public'] return self.model.save_sniffer_session(sniffer_session) def delete_session(self, session_id): session = self.fetch_sniffer_session(session_id) if not session: return 'notfound' if session.status(): return "running" else: self.model.del_sniffer_session(session, self.setup['SNIFFER_DIR']) return "removed" def commit_to_db(self, session): with self.db_lock: session.save_pcap() self.model.save_sniffer_session(session) debug_output("[+] Sniffing session {} saved".format(session.name)) return True