def handleIncomingData(self, data, lower=None):
"""
Called on incoming data
@param data: tcp data received
@type data: string
@param lower: template tcp data received
@type lower: templatemessage
"""
if lower is not None:
layer_app = lower.get('SSH')
app_data = layer_app.get('data')
self.buf += app_data
try:
self.privateAppendFile(destname="ssh_dump", data=data)
decoded_msgs, left = self.codec.decode(data=self.buf, delimiter = self.delimiter)
self.buf = left
for d in decoded_msgs:
summary = d.replace("\r","")
new_tpl = self.encapsule(ip_event=AdapterIP.received(), ssh_event=templates.data_received(data=summary))
new_tpl.addRaw(summary)
self.logRecvEvent( shortEvt = "ssh", tplEvt = new_tpl )
except Exception as e:
self.error('Error while waiting on incoming data: %s' % str(e))
self.info("buffer = " + self.buf)
def onInactivityTimeout(self):
"""
"""
tpl = TestTemplatesLib.TemplateMessage()
tpl.addLayer(layer=AdapterIP.ip(more=AdapterIP.received()))
tpl.addLayer(layer=templates.udp(more=templates.received()))
self.onInactivity(lower=tpl)
def onStartListeningFailed(self, e): """ """ self.debug( e ) # log event tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.listening_failed() ) self.logRecvEvent( shortEvt = "listening failed", tplEvt = tpl )
def onStopListening(self): """ """ self.debug( 'on stop listening called' ) # log event tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.stopped() ) self.logRecvEvent( shortEvt = "stopped", tplEvt = tpl )
def onIncomingData(self, data=None, noMoreData=False): """ On incoming data """ try: if noMoreData: lower = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.data_received() ) self.handleNoMoreData(lower=lower) else: lower = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.data_received(data=data) ) # log event if self.logEventReceived: lower.addRaw(raw=data) self.logRecvEvent( shortEvt = 'data', tplEvt = lower ) # handle data self.handleIncomingData( data, lower=lower ) except Exception as e: self.error( "on incoming ssh data: %s" % e )
def onStartListening(self): """ """ self.debug( 'on start listening called' ) if self.cfg['agent-support']: self.islistening = True # log event tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.listening() ) self.logRecvEvent( shortEvt = "listening", tplEvt = tpl )
def onSocketError(self, e): """ """ self.error( "generic error: %s" % str(e) ) # log event tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.generic_error() ) self.logRecvEvent( shortEvt = "error", tplEvt = tpl ) # clean the socket self.cleanSocket()
def encapsule(self, ip_event, ssh_event):
"""
encapsule template
"""
# prepare layers
# ip
src = self.sourceIp
dst = self.cfg['dst-ip']
srcP = self.sourcePort
dstP = self.cfg['dst-port']
if ip_event == AdapterIP.received():
src = self.cfg['dst-ip']
dst = self.sourceIp
srcP = self.cfg['dst-port']
dstP = self.sourcePort
layer_ip = AdapterIP.ip( source=src, destination=dst, version=self.cfg['sock-family'], more=ip_event )
# tcp
if ip_event == AdapterIP.received():
moreTcp = AdapterTCP.received()
else:
moreTcp = AdapterTCP.sent()
layer_tcp = AdapterTCP.tcp(source=srcP, destination=dstP, more=moreTcp)
# ssh
layer_ssh = templates.ssh()
layer_ssh.addMore(more=ssh_event)
# prepare template
if self.cfg['agent-support']:
layer_agent= TestTemplatesLib.TemplateLayer('AGENT')
layer_agent.addKey(name='name', data=self.cfg['agent']['name'] )
layer_agent.addKey(name='type', data=self.cfg['agent']['type'] )
tpl = TestTemplatesLib.TemplateMessage()
if self.cfg['agent-support']:
tpl.addLayer(layer=layer_agent)
tpl.addLayer(layer=layer_ip)
tpl.addLayer(layer=layer_tcp)
tpl.addLayer(layer=layer_ssh)
return tpl
def onDisconnectionByPeer(self, e):
"""
On disconnection by peer
"""
self.debug("disconnected by the server: %s" % str(e) )
# log event
if self.logEventReceived:
tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.disconnected_by_server() )
self.logRecvEvent( shortEvt = "disconnected by peer", tplEvt = tpl )
self.cleanSocket()
def onSocketError(self, e): """ On socket error """ self.error( "socket error: %s" % str(e) ) # log event if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.generic_error() ) self.logRecvEvent( shortEvt = "error", tplEvt = tpl ) self.cleanSocket()
def onConnectionFailed(self, errno, errstr): """ On connection failed """ self.debug( "connection failed" ) # log event if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connection_failed(errno=str(errno), errstr=errstr) ) self.logRecvEvent( shortEvt = "connection failed", tplEvt = tpl ) self.cleanSocket()
def onConnection(self): """ On connection """ self.debug( "connected" ) # log event if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connected() ) self.logRecvEvent( shortEvt = "connected", tplEvt = tpl ) # start ssh negotation self.negotiation()
def onConnectionTimeout(self, e): """ On connection timeout """ self.__setSource() self.debug( "connection timeout: %s" % str(e) ) # log event if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connection_timeout() ) self.logRecvEvent( shortEvt = "connection timeout", tplEvt = tpl ) self.cleanSocket()
def onConnectionRefused(self): """ On connection refused """ self.__setSource() self.debug( "connection refused" ) # log event if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connection_refused() ) self.logRecvEvent( shortEvt = "connection refused", tplEvt = tpl ) self.cleanSocket()
def onIncomingData(self, data=None, fromAddr=None): """ """ try: ip, port = fromAddr # separator feature is disabled if data is not None: # log event data_size = len(data) if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received(data=data, data_length=str(data_size)), src_ip=ip, src_port=port ) else: tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received(data_length=str(data_size)), src_ip=ip, src_port=port ) if self.logEventReceived: tpl.addRaw(raw=data) self.logRecvEvent( shortEvt = "data", tplEvt = tpl ) # handle data self.handleIncomingData( data, lower=tpl ) # separator feature is enabled, split the buffer by the separator else: datas = self.buf[fromAddr].split(self.cfg['sep-in']) for data in datas[:-1]: pdu = data+self.cfg['sep-in'] # log event pdu_size = len(data) if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received( data=pdu, data_length=str(pdu_size) ), src_ip=ip, src_port=port ) else: tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received( data_length=str(pdu_size) ), src_ip=ip, src_port=port ) if self.logEventReceived: tpl.addRaw(raw=pdu) self.logRecvEvent( shortEvt = "data reassembled", tplEvt = tpl ) # handle data self.handleIncomingData( pdu, lower=tpl) self.buf[fromAddr] = datas[-1] except Exception as e: self.error( str(e) )
def onDisconnection(self): """ On disconnection """ self.channelOpened = False self.connected = False self.debug( "disconnected" ) # log event if self.logEventReceived: tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.disconnected() ) self.logRecvEvent( shortEvt = "disconnected", tplEvt = tpl ) self.unsetRunning() self.sshChannel = None
def onClientIncomingData(self, clientAddress, data=None):
"""
"""
try:
ip, port = clientAddress
id = self.clients[clientAddress]['id']
# separator feature is disabled
if data is not None:
# log event
data_size = len(data)
if self.logEventReceived:
tpl = self.encapsule(ip_event=AdapterIP.received(),
udp_event=templates.received(
data=data,
data_length=str(data_size),
id=id),
src_ip=ip,
src_port=port)
else:
tpl = self.encapsule(ip_event=AdapterIP.received(),
udp_event=templates.received(
data_length=str(data_size),
id=id),
src_ip=ip,
src_port=port)
if self.logEventReceived:
tpl.addRaw(raw=data)
self.logRecvEvent(shortEvt="client #%s data" %
self.clients[clientAddress]['id'],
tplEvt=tpl)
# handle data
self.handleIncomingData(clientAddress=clientAddress,
data=data,
lower=tpl)
# separator feature is enabled, split the buffer by the separator
else:
datas = self.clients[clientAddress]['buffer'].split(
self.cfg['sep-in'])
for data in datas[:-1]:
pdu = data + self.cfg['sep-in']
# log event
pdu_size = len(data)
if self.logEventReceived:
tpl = self.encapsule(ip_event=AdapterIP.received(),
udp_event=templates.received(
data=pdu,
data_length=str(pdu_size),
id=id),
src_ip=ip,
src_port=port)
else:
tpl = self.encapsule(ip_event=AdapterIP.received(),
udp_event=templates.received(
data_length=str(pdu_size),
id=id),
src_ip=ip,
src_port=port)
if self.logEventReceived:
tpl.addRaw(raw=pdu)
self.logRecvEvent(
shortEvt="client #%s data reassembled" % id,
tplEvt=tpl)
# handle data
self.handleIncomingData(clientAddress=clientAddress,
data=pdu,
lower=tpl)
self.clients[clientAddress]['buffer'] = datas[-1]
except Exception as e:
self.error(str(e))
def onInactivityTimeout(self): """ """ tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received(), src_ip=self.cfg['dst-ip'], src_port=self.cfg['dst-port'] ) self.onInactivity(lower=tpl)
def onReceiving(self, data, fromAddr, toAddr, lower):
"""
Function to overwrite
Called on incoming data
@param data: data received
@type data: string
@param lower: template data received
@type lower: templatemessage
"""
# extract transport info
self.lastActivity = time.time()
srcIp, srcPort = fromAddr
dstIp, dstPort = toAddr
# the separator feature is disabled, to nothing
if self.cfg['sep-disabled']:
try:
self.handleIncomingData(data=data, lower=lower)
except Exception as e:
self.error(
"on handle incoming udp data, upper layer problem: %s" %
str(e))
else:
# bufferize data
if self.buf.has_key(fromAddr):
self.buf[fromAddr] = ''.join([self.buf[fromAddr], data])
else:
self.buf[fromAddr] = data
# split data with the separator
datas = self.buf[fromAddr].split(self.cfg['sep-in'])
for d in datas[:-1]:
udp_data = d + self.cfg['sep-in']
udp_data_size = len(udp_data)
# construct high template and log it
tpl = TestTemplatesLib.TemplateMessage()
tpl.addLayer(
layer=AdapterIP.ip(source=srcIp,
destination=dstIp,
more=AdapterIP.received(),
version=self.cfg['ip-version']))
if self.logEventReceived:
udp_layer = templates.udp(
source=srcPort,
destination=dstPort,
more=templates.received(
data=udp_data, data_length=str(udp_data_size)))
else:
udp_layer = templates.udp(
source=srcPort,
destination=dstPort,
more=templates.received(
data_length=str(udp_data_size)))
tpl.addLayer(layer=udp_layer)
if self.logEventReceived:
tpl.addRaw(raw=udp_data)
self.logRecvEvent(shortEvt='data reassembled', tplEvt=tpl)
# handle data
self.handleIncomingData(udp_data, lower=tpl)
self.buf[fromAddr] = datas[-1]