def on_http_resp(self, resp_header, resp_body): """ :type resp_header: HttpResponseHeader :type resp_body: bytes """ if self.parse_config.level == OutputLevel.ONLY_URL: self._println(resp_header.status_line) elif self.parse_config.level == OutputLevel.HEADER: self._println(resp_header.raw_data) self._println() elif self.parse_config.level >= OutputLevel.TEXT_BODY: self._println(resp_header.raw_data) self._println() mime, charset = content_utils.parse_content_type(resp_header.content_type) # usually charset is not set in http post output_body = self._if_output(mime) if self.parse_config.encoding and not charset: charset = self.parse_config.encoding if resp_header.compress == Compress.IDENTITY: # if is gzip by content magic header # someone missed the content-encoding header if content_utils.gzipped(resp_body): resp_header.compress = Compress.GZIP if output_body: self._print_body(resp_body, resp_header.compress, mime, charset) self._println() if not config.get_config().group: self._do_output()
def do_parse(source): parser = argparse.ArgumentParser() if source == 'file': parser.add_argument("infile", nargs='?', default='-', help="the pcap file to parse, -(default value) means stdin") elif source == 'device': parser.add_argument("device", nargs='?', default="any", help="the network device to capture, any(default value) mean all device") parser.add_argument("-i", "--ip", help="only parse packages with specified source OR dest ip") parser.add_argument("-p", "--port", type=int, help="only parse packages with specified source OR dest port") parser.add_argument("-v", "--verbosity", help="increase output verbosity(-vv is recommended)", action="count") parser.add_argument("-g", "--group", help="group http request/response by connection", action="store_true") parser.add_argument("-o", "--output", help="output to file instead of stdout") parser.add_argument("-e", "--encoding", help="decode the data use specified encodings.") parser.add_argument("-b", "--beauty", help="output json in a pretty way.", action="store_true") parser.add_argument("-d", "--domain", help="filter http data by request domain") parser.add_argument("-u", "--uri", help="filter http data by request uri pattern") parser.add_argument("-m", "--method", help="filter http data by request method") parser.add_argument("-k", "--keyword", help="filter http data by body content") args = parser.parse_args() _filter = config.get_filter() _filter.ip = args.ip _filter.port = args.port _filter.domain = args.domain if isinstance(_filter.domain, six.text_type): _filter.domain = _filter.domain.encode() _filter.uri_pattern = args.uri if isinstance(_filter.uri_pattern, six.text_type): _filter.uri_pattern = _filter.uri_pattern.encode() _filter.method = args.method _filter.keyword = args.keyword filter_exp = 'tcp' if args.port: filter_exp += " port " + str(args.port) if args.ip: filter_exp = "host " + args.ip + " and " + filter_exp # deal with configs parse_config = config.get_config() if args.verbosity: parse_config.level = args.verbosity if args.encoding: parse_config.encoding = args.encoding parse_config.pretty = args.beauty parse_config.group = args.group if args.output: output_file = open(args.output, "w+") else: output_file = sys.stdout config.out = output_file try: if source == 'file': file_path = args.infile if not file_path: print("file name empty", file=sys.stderr) sys.exit(-1) infile = None try: if live_cap.has_pcap() and file_path != '-' and False: # now slow than pure python version... print("Use libpcap to pcap file, filter: {}".format(filter_exp), file=sys.stderr) producer = live_cap.libpcap_produce(filename=file_path, filter_exp=filter_exp) else: if file_path != '-': infile = io.open(file_path, "rb") else: infile = sys.stdin producer = parse_pcap_file(infile) run_parser(producer) finally: if infile is not None: infile.close() elif source == 'device': device = args.device if not device: print("device name empty", file=sys.stderr) sys.exit(-1) if not live_cap.has_pcap(): print("Libpcap not found, install it first", file=sys.stderr) print("Capture device: {}, filter: {}".format(device, filter_exp), file=sys.stderr) producer = live_cap.libpcap_produce(device=device, filter_exp=filter_exp) run_parser(producer) finally: if args.output: output_file.close()
def __init__(self, client_host, remote_host): self.parse_config = config.get_config() self.buf = StringIO() self.client_host = client_host self.remote_host = remote_host
def parse_(source): parser = argparse.ArgumentParser() if source == 'file': parser.add_argument("infile", nargs='?', default='-', help="the pcap file to parse, -(default value) means stdin") elif source == 'device': parser.add_argument("device", nargs='?', default="any", help="the network device to capture, any(default value) mean all device") parser.add_argument("-i", "--ip", help="only parse packages with specified source OR dest ip") parser.add_argument("-p", "--port", type=int, help="only parse packages with specified source OR dest port") parser.add_argument("-v", "--verbosity", help="increase output verbosity(-vv is recommended)", action="count") parser.add_argument("-g", "--group", help="group http request/response by connection", action="store_true") parser.add_argument("-o", "--output", help="output to file instead of stdout") parser.add_argument("-e", "--encoding", help="decode the data use specified encodings.") parser.add_argument("-b", "--beauty", help="output json in a pretty way.", action="store_true") parser.add_argument("-d", "--domain", help="filter http data by request domain") parser.add_argument("-u", "--uri", help="filter http data by request uri pattern") args = parser.parse_args() _filter = config.get_filter() _filter.ip = args.ip _filter.port = args.port _filter.domain = args.domain if isinstance(_filter.domain, six.text_type): _filter.domain = _filter.domain.encode() _filter.uri_pattern = args.uri if isinstance(_filter.uri_pattern, six.text_type): _filter.uri_pattern = _filter.uri_pattern.encode() filter_exp = 'tcp' if args.port: filter_exp += " port " + str(args.port) if args.ip: filter_exp = "host " + args.ip + " and " + filter_exp # deal with configs parse_config = config.get_config() if args.verbosity: parse_config.level = args.verbosity if args.encoding: parse_config.encoding = args.encoding parse_config.pretty = args.beauty parse_config.group = args.group if args.output: output_file = open(args.output, "w+") else: output_file = sys.stdout config.out = output_file try: if source == 'file': file_path = args.infile if not file_path: print("file name empty", file=sys.stderr) sys.exit(-1) infile = None try: if live_cap.has_pcap() and file_path != '-' and False: # now slow than pure python version... print("Use libpcap to pcap file, filter: {}".format(filter_exp), file=sys.stderr) producer = live_cap.libpcap_produce(filename=file_path, filter_exp=filter_exp) else: if file_path != '-': infile = io.open(file_path, "rb") else: infile = sys.stdin producer = parse_pcap_file(infile) run_parser(producer) finally: if infile is not None: infile.close() elif source == 'device': device = args.device if not device: print("device name empty", file=sys.stderr) sys.exit(-1) if not live_cap.has_pcap(): print("Libpcap not found, install it first", file=sys.stderr) print("Capture device: {}, filter: {}".format(device, filter_exp), file=sys.stderr) producer = live_cap.libpcap_produce(device=device, filter_exp=filter_exp) run_parser(producer) finally: if args.output: output_file.close()