def taste(tcp):
((src, sport), (dst, dport)) = tcp.addr
if tcp.module_data['isodate']:
timestamp = packet_isodate(tcp.timestamp)
else:
timestamp = packet_timedate(tcp.timestamp)
tcp.module_data['streams'][str(tcp.addr)] = {
'type': 'stream',
'data': {
'comm_order': [],
'start_time': timestamp,
'end_time': timestamp,
'src': src,
'sport': sport,
'dst': dst,
'dport': dport,
'client_data_transfer': 0,
'server_data_transfer': 0,
'total_packets': 0
}
}
if 'start_time' not in tcp.module_data['pcap_summary']['data']:
tcp.module_data['pcap_summary']['data']['start_time'] = timestamp
tcp.module_data['pcap_summary']['data']['total_streams'] += 1
return True
def taste(tcp):
((src, sport), (dst, dport)) = tcp.addr
if tcp.module_data["isodate"]:
timestamp = packet_isodate(tcp.timestamp)
else:
timestamp = packet_timedate(tcp.timestamp)
tcp.module_data["streams"][str(tcp.addr)] = {
"type": "stream",
"data": {
"comm_order": [],
"start_time": timestamp,
"end_time": timestamp,
"src": src,
"sport": sport,
"dst": dst,
"dport": dport,
"client_data_transfer": 0,
"server_data_transfer": 0,
"total_packets": 0,
},
}
if "start_time" not in tcp.module_data["pcap_summary"]["data"]:
tcp.module_data["pcap_summary"]["data"]["start_time"] = timestamp
tcp.module_data["pcap_summary"]["data"]["total_streams"] += 1
return True
def taste(tcp):
((src, sport), (dst, dport)) = tcp.addr
if sport != 80 and dport != 80:
return False
if tcp.module_data['verbose']:
chop.tsprnt("New session: %s:%s->%s:%s" % (src, sport, dst, dport))
d = {
'timestamp': packet_timedate(tcp.timestamp),
'src': src,
'sport': sport,
'dst': dst,
'dport': dport,
}
tcp.stream_data['cfg'] = htpy.config()
tcp.stream_data['cfg'].log_level = htpy.HTP_LOG_DEBUG2
tcp.stream_data['cp'] = htpy.connp(tcp.stream_data['cfg'])
tcp.stream_data['cp'].set_obj({'module_data': tcp.module_data, 'd': d})
tcp.stream_data['cp'].register_log(log)
tcp.stream_data['cp'].register_request_headers(request_headers)
tcp.stream_data['cp'].register_response_headers(response_headers)
if 'blen' in tcp.module_data:
tcp.stream_data['cp'].register_request_body_data(request_body)
tcp.stream_data['cp'].register_response_body_data(response_body)
return True
def taste(tcp):
((src, sport), (dst, dport)) = tcp.addr
if sport != 80 and dport != 80:
return False
if tcp.module_data['verbose']:
chop.tsprnt("New session: %s:%s->%s:%s" % (src, sport, dst, dport))
d = {
'timestamp': packet_timedate(tcp.timestamp),
'src': src,
'sport': sport,
'dst': dst,
'dport': dport,
}
tcp.stream_data['cfg'] = htpy.config()
tcp.stream_data['cfg'].log_level = htpy.HTP_LOG_DEBUG2
tcp.stream_data['cp'] = htpy.connp(tcp.stream_data['cfg'])
tcp.stream_data['cp'].set_obj({'module_data': tcp.module_data, 'd': d})
tcp.stream_data['cp'].register_log(log)
tcp.stream_data['cp'].register_request_headers(request_headers)
tcp.stream_data['cp'].register_response_headers(response_headers)
if 'blen' in tcp.module_data:
tcp.stream_data['cp'].register_request_body_data(request_body)
tcp.stream_data['cp'].register_response_body_data(response_body)
return True
def taste(tcp):
((src, sport), (dst, dport)) = tcp.addr
if sport != 80 and dport != 80:
return False
tcp.stream_data['cp'] = htpy.init()
tcp.stream_data['cp'].set_obj({'stream_data': tcp.stream_data, 'module_data': tcp.module_data})
tcp.stream_data['cp'].register_log(log)
tcp.stream_data['cp'].register_request_headers(request_headers)
tcp.stream_data['cp'].register_response_headers(response_headers)
if 'blen' in tcp.module_data:
tcp.stream_data['cp'].register_request_body_data(request_body)
tcp.stream_data['cp'].register_response_body_data(response_body)
tcp.stream_data['d'] = {
'timestamp': packet_timedate(tcp.timestamp),
'src': src,
'sport': sport,
'dst': dst,
'dport': dport,
}
return True
def handleStream(tcp):
key = str(tcp.addr)
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.module_data["isodate"]:
timestamp = packet_isodate(tcp.timestamp)
else:
timestamp = packet_timedate(tcp.timestamp)
ps = tcp.module_data["pcap_summary"]["data"]
cs = tcp.module_data["streams"][key]["data"]
if tcp.server.count_new > 0:
comm = {
"data_to": "S",
"data_len": tcp.server.count_new,
"entropy": entropy(tcp.server.data[: tcp.server.count_new]),
}
cs["comm_order"].append(comm)
cs["server_data_transfer"] += tcp.server.count_new
ps["total_data_transfer"] += tcp.server.count_new
tcp.discard(tcp.server.count_new)
else:
comm = {
"data_to": "C",
"data_len": tcp.client.count_new,
"entropy": entropy(tcp.client.data[: tcp.client.count_new]),
}
cs["comm_order"].append(comm)
cs["client_data_transfer"] += tcp.client.count_new
ps["total_data_transfer"] += tcp.client.count_new
tcp.discard(tcp.client.count_new)
cs["end_time"] = timestamp
cs["total_packets"] += 1
ps["total_packets"] += 1
ps["end_time"] = timestamp
return
def handleStream(tcp):
key = str(tcp.addr)
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.module_data['isodate']:
timestamp = packet_isodate(tcp.timestamp)
else:
timestamp = packet_timedate(tcp.timestamp)
ps = tcp.module_data['pcap_summary']['data']
cs = tcp.module_data['streams'][key]['data']
if tcp.server.count_new > 0:
comm = {
'data_to': 'S',
'data_len': tcp.server.count_new,
'entropy': entropy(tcp.server.data[:tcp.server.count_new])
}
cs['comm_order'].append(comm)
cs['server_data_transfer'] += tcp.server.count_new
ps['total_data_transfer'] += tcp.server.count_new
tcp.discard(tcp.server.count_new)
else:
comm = {
'data_to': 'C',
'data_len': tcp.client.count_new,
'entropy': entropy(tcp.client.data[:tcp.client.count_new])
}
cs['comm_order'].append(comm)
cs['client_data_transfer'] += tcp.client.count_new
ps['total_data_transfer'] += tcp.client.count_new
tcp.discard(tcp.client.count_new)
cs['end_time'] = timestamp
cs['total_packets'] += 1
ps['total_packets'] += 1
ps['end_time'] = timestamp
return
'qname': str(q.qname),
'qtype': QTYPE[q.qtype],
'qclass': QTYPE[q.qclass]
}
d['questions'].append(dq)
d['rr'] = []
for r in o.rr:
dr = {
'rname': str(r.rname),
'rtype': QTYPE.lookup(r.rtype, r.rtype),
'rclass': CLASS[r.rclass],
'ttl': r.ttl,
'rdata': str(r.rdata)
}
d['rr'].append(dr)
d['timestamp'] = packet_timedate(udp.timestamp)
d['src'] = src
d['sport'] = sport
d['dst'] = dst
d['dport'] = dport
if module_data['mongo']:
module_data['db'].insert(d)
chop.prnt(d)
chop.json(d)
def shutdown(module_data):
return
'qtype': QTYPE[q.qtype],
'qclass': QTYPE[q.qclass]
}
d['questions'].append(dq)
d['rr'] = []
for r in o.rr:
dr = {
'rname': str(r.rname),
'rtype': QTYPE.lookup(r.rtype,r.rtype),
'rclass': CLASS[r.rclass],
'ttl': r.ttl,
'rdata': str(r.rdata)
}
d['rr'].append(dr)
d['timestamp'] = packet_timedate(udp.timestamp)
d['src'] = src
d['sport'] = sport
d['dst'] = dst
d['dport'] = dport
if module_data['prnt']:
chop.prnt(d)
if module_data['mongo']:
module_data['db'].insert(d)
if module_data['json']:
chop.json(d)
def shutdown(module_data):
return