def on_http_resp(self, resp_header, resp_body):
"""
:type resp_header: HttpResponseHeader
:type resp_body: bytes
"""
if self.parse_config.level == OutputLevel.ONLY_URL:
self._println(resp_header.status_line)
elif self.parse_config.level == OutputLevel.HEADER:
self._println(resp_header.raw_data)
self._println()
elif self.parse_config.level >= OutputLevel.TEXT_BODY:
self._println(resp_header.raw_data)
self._println()
mime, charset = content_utils.parse_content_type(resp_header.content_type)
# usually charset is not set in http post
output_body = self._if_output(mime)
if self.parse_config.encoding and not charset:
charset = self.parse_config.encoding
if resp_header.compress == Compress.IDENTITY:
# if is gzip by content magic header
# someone missed the content-encoding header
if content_utils.gzipped(resp_body):
resp_header.compress = Compress.GZIP
if output_body:
self._print_body(resp_body, resp_header.compress, mime, charset)
self._println()
if not config.get_config().group:
self._do_output()
def do_parse(source):
parser = argparse.ArgumentParser()
if source == 'file':
parser.add_argument("infile", nargs='?', default='-',
help="the pcap file to parse, -(default value) means stdin")
elif source == 'device':
parser.add_argument("device", nargs='?', default="any",
help="the network device to capture, any(default value) mean all device")
parser.add_argument("-i", "--ip", help="only parse packages with specified source OR dest ip")
parser.add_argument("-p", "--port", type=int,
help="only parse packages with specified source OR dest port")
parser.add_argument("-v", "--verbosity", help="increase output verbosity(-vv is recommended)",
action="count")
parser.add_argument("-g", "--group", help="group http request/response by connection",
action="store_true")
parser.add_argument("-o", "--output", help="output to file instead of stdout")
parser.add_argument("-e", "--encoding", help="decode the data use specified encodings.")
parser.add_argument("-b", "--beauty", help="output json in a pretty way.", action="store_true")
parser.add_argument("-d", "--domain", help="filter http data by request domain")
parser.add_argument("-u", "--uri", help="filter http data by request uri pattern")
parser.add_argument("-m", "--method", help="filter http data by request method")
parser.add_argument("-k", "--keyword", help="filter http data by body content")
args = parser.parse_args()
_filter = config.get_filter()
_filter.ip = args.ip
_filter.port = args.port
_filter.domain = args.domain
if isinstance(_filter.domain, six.text_type):
_filter.domain = _filter.domain.encode()
_filter.uri_pattern = args.uri
if isinstance(_filter.uri_pattern, six.text_type):
_filter.uri_pattern = _filter.uri_pattern.encode()
_filter.method = args.method
_filter.keyword = args.keyword
filter_exp = 'tcp'
if args.port:
filter_exp += " port " + str(args.port)
if args.ip:
filter_exp = "host " + args.ip + " and " + filter_exp
# deal with configs
parse_config = config.get_config()
if args.verbosity:
parse_config.level = args.verbosity
if args.encoding:
parse_config.encoding = args.encoding
parse_config.pretty = args.beauty
parse_config.group = args.group
if args.output:
output_file = open(args.output, "w+")
else:
output_file = sys.stdout
config.out = output_file
try:
if source == 'file':
file_path = args.infile
if not file_path:
print("file name empty", file=sys.stderr)
sys.exit(-1)
infile = None
try:
if live_cap.has_pcap() and file_path != '-' and False:
# now slow than pure python version...
print("Use libpcap to pcap file, filter: {}".format(filter_exp),
file=sys.stderr)
producer = live_cap.libpcap_produce(filename=file_path, filter_exp=filter_exp)
else:
if file_path != '-':
infile = io.open(file_path, "rb")
else:
infile = sys.stdin
producer = parse_pcap_file(infile)
run_parser(producer)
finally:
if infile is not None:
infile.close()
elif source == 'device':
device = args.device
if not device:
print("device name empty", file=sys.stderr)
sys.exit(-1)
if not live_cap.has_pcap():
print("Libpcap not found, install it first", file=sys.stderr)
print("Capture device: {}, filter: {}".format(device, filter_exp), file=sys.stderr)
producer = live_cap.libpcap_produce(device=device, filter_exp=filter_exp)
run_parser(producer)
finally:
if args.output:
output_file.close()
def __init__(self, client_host, remote_host):
self.parse_config = config.get_config()
self.buf = StringIO()
self.client_host = client_host
self.remote_host = remote_host
def parse_(source):
parser = argparse.ArgumentParser()
if source == 'file':
parser.add_argument("infile", nargs='?', default='-',
help="the pcap file to parse, -(default value) means stdin")
elif source == 'device':
parser.add_argument("device", nargs='?', default="any",
help="the network device to capture, any(default value) mean all device")
parser.add_argument("-i", "--ip", help="only parse packages with specified source OR dest ip")
parser.add_argument("-p", "--port", type=int,
help="only parse packages with specified source OR dest port")
parser.add_argument("-v", "--verbosity", help="increase output verbosity(-vv is recommended)",
action="count")
parser.add_argument("-g", "--group", help="group http request/response by connection",
action="store_true")
parser.add_argument("-o", "--output", help="output to file instead of stdout")
parser.add_argument("-e", "--encoding", help="decode the data use specified encodings.")
parser.add_argument("-b", "--beauty", help="output json in a pretty way.", action="store_true")
parser.add_argument("-d", "--domain", help="filter http data by request domain")
parser.add_argument("-u", "--uri", help="filter http data by request uri pattern")
args = parser.parse_args()
_filter = config.get_filter()
_filter.ip = args.ip
_filter.port = args.port
_filter.domain = args.domain
if isinstance(_filter.domain, six.text_type):
_filter.domain = _filter.domain.encode()
_filter.uri_pattern = args.uri
if isinstance(_filter.uri_pattern, six.text_type):
_filter.uri_pattern = _filter.uri_pattern.encode()
filter_exp = 'tcp'
if args.port:
filter_exp += " port " + str(args.port)
if args.ip:
filter_exp = "host " + args.ip + " and " + filter_exp
# deal with configs
parse_config = config.get_config()
if args.verbosity:
parse_config.level = args.verbosity
if args.encoding:
parse_config.encoding = args.encoding
parse_config.pretty = args.beauty
parse_config.group = args.group
if args.output:
output_file = open(args.output, "w+")
else:
output_file = sys.stdout
config.out = output_file
try:
if source == 'file':
file_path = args.infile
if not file_path:
print("file name empty", file=sys.stderr)
sys.exit(-1)
infile = None
try:
if live_cap.has_pcap() and file_path != '-' and False:
# now slow than pure python version...
print("Use libpcap to pcap file, filter: {}".format(filter_exp),
file=sys.stderr)
producer = live_cap.libpcap_produce(filename=file_path, filter_exp=filter_exp)
else:
if file_path != '-':
infile = io.open(file_path, "rb")
else:
infile = sys.stdin
producer = parse_pcap_file(infile)
run_parser(producer)
finally:
if infile is not None:
infile.close()
elif source == 'device':
device = args.device
if not device:
print("device name empty", file=sys.stderr)
sys.exit(-1)
if not live_cap.has_pcap():
print("Libpcap not found, install it first", file=sys.stderr)
print("Capture device: {}, filter: {}".format(device, filter_exp), file=sys.stderr)
producer = live_cap.libpcap_produce(device=device, filter_exp=filter_exp)
run_parser(producer)
finally:
if args.output:
output_file.close()