def __init__(self,
messages=None,
_id=None,
applicativeData=None,
name="Session"):
"""
:parameter messages: the messages exchanged in the current session
:type data: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
:parameter _id: the unique identifier of the session
:type _id: :class:`uuid.UUID`
:keyword applicativeData: a list of :class:`netzob.Model.Vocabulary.ApplicaticeData.ApplicativeData`
"""
self.__messages = SortedTypedList(AbstractMessage)
self.__applicativeData = TypedList(ApplicativeData)
if messages is None:
messages = []
self.messages = messages
if _id is None:
_id = uuid.uuid4()
self.id = _id
if applicativeData is None:
applicativeData = []
self.applicativeData = applicativeData
self.name = name
def readMessages(self, filePathList, delimitor=b"\n"):
"""Read all the messages found in the specified filePathList and given a delimitor.
:param filePathList: paths of the file to parse
:type filePathList: a list of :class:`str`
:param delimitor: the delimitor used to find messages in the same file
:type delimitor: :class:`str`
:return: a sorted list of messages
:rtype: a :class:`netzob.Common.Utils.SortedTypedList.SortedTypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the " +
"file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("File", "\n".join(errorMessageList))
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, delimitor)
return self.messages
def __init__(self, name=None):
self.id = uuid.uuid4()
self.name = name
self.description = ""
self.__fields = TypedList(AbstractField)
self.__parent = None
self.__encodingFunctions = SortedTypedList(EncodingFunction)
self.__visualizationFunctions = TypedList(VisualizationFunction)
self.__transformationFunctions = TypedList(TransformationFunction)
self._variable = None
class PCAPImporter(object):
"""PCAP importer to read pcaps and extract messages out of them.
We recommend to use static methods such as
- PCAPImporter.readFiles(...)
- PCAPimporter.readFile(...)
refer to their documentation to have an overview of the required parameters.
>>> from netzob.all import *
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap").values()
>>> print(len(messages))
14
>>> for m in messages:
... print(repr(m.data))
b'CMDidentify#\\x07\\x00\\x00\\x00Roberto'
b'RESidentify#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
b'CMDinfo#\\x00\\x00\\x00\\x00'
b'RESinfo#\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00info'
b'CMDstats#\\x00\\x00\\x00\\x00'
b'RESstats#\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00stats'
b'CMDauthentify#\\n\\x00\\x00\\x00aStrongPwd'
b'RESauthentify#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
b'CMDencrypt#\\x06\\x00\\x00\\x00abcdef'
b"RESencrypt#\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00$ !&'$"
b"CMDdecrypt#\\x06\\x00\\x00\\x00$ !&'$"
b'RESdecrypt#\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00abcdef'
b'CMDbye#\\x00\\x00\\x00\\x00'
b'RESbye#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=2).values()
>>> print(repr(messages[0].data))
b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00E\\x00\\x003\\xdc\\x11@\\x00@\\x11`\\xa6\\x7f\\x00\\x00\\x01\\x7f\\x00\\x00\\x01\\xe1\\xe7\\x10\\x92\\x00\\x1f\\xfe2CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=3).values()
>>> print(repr(messages[0].data))
b'E\\x00\\x003\\xdc\\x11@\\x00@\\x11`\\xa6\\x7f\\x00\\x00\\x01\\x7f\\x00\\x00\\x01\\xe1\\xe7\\x10\\x92\\x00\\x1f\\xfe2CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=4).values()
>>> print(repr(messages[0].data))
b'\\xe1\\xe7\\x10\\x92\\x00\\x1f\\xfe2CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=5).values()
>>> print(repr(messages[0].data))
b'CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_http.pcap", importLayer=5, bpfFilter="tcp").values()
>>> print(repr(messages[0].data))
b'GET / HTTP/1.1\\r\\nHost: www.free.fr\\r\\nUser-Agent: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa(bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb)ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\\r\\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\nAccept-Language: en-US,en;q=0.5\\r\\nAccept-Encoding: gzip, deflate\\r\\nConnection: keep-alive\\r\\n\\r\\n'
Parameter `mergePacketsInFlow` can be use to merge consecutive messages that share the same source and destination (mimic a TCP flow). In practice, this parameter was introduced for L5 network messages to support TCP flows but it can be use for any level of network messages.
>>> from netzob.all import *
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_http_flow.pcap", mergePacketsInFlow=False).values()
>>> print(len(messages))
4
>>> print(len(messages[1].data))
1228
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_http_flow.pcap", mergePacketsInFlow=True).values()
>>> print(len(messages))
2
>>> print(len(messages[1].data))
3224
"""
INVALID_BPF_FILTER = 0
INVALID_LAYER2 = 1
INVALID_LAYER3 = 2
INVALID_LAYER4 = 3
PROTOCOL201 = 201
# Supported datalinks (by pcapy)
SUPPORTED_DATALINKS = {
pcapy.DLT_ARCNET: "DLT_ARCNET",
pcapy.DLT_FDDI: "DLT_FDDI",
pcapy.DLT_LOOP: "DLT_LOOP",
pcapy.DLT_PPP_ETHER: "DLT_PPP_ETHER",
pcapy.DLT_ATM_RFC1483: "DLT_ATM_RFC1483",
pcapy.DLT_IEEE802: "DLT_IEEE802",
pcapy.DLT_LTALK: "DLT_LTALK",
pcapy.DLT_PPP_SERIAL: "DLT_PPP_SERIAL",
pcapy.DLT_C_HDLC: "DLT_C_HDLC",
pcapy.DLT_IEEE802_11: "IEEE802_11",
pcapy.DLT_NULL: "DLT_NULL",
pcapy.DLT_RAW: "DLT_RAW",
pcapy.DLT_EN10MB: "DLT_EN10MB",
pcapy.DLT_LINUX_SLL: "LINUX_SLL",
pcapy.DLT_PPP: "DLT_PPP",
pcapy.DLT_SLIP: "DLT_SLIP",
}
def __init__(self):
pass
@typeCheck(str, str, int)
def __readMessagesFromFile(self, filePath, bpfFilter, nbPackets):
"""Internal methods to read all messages from a given PCAP file."""
if (filePath is None):
raise TypeError("filePath cannot be None")
if (nbPackets < 0):
raise ValueError(
"A positive (or null) value is required for the number of packets to read."
)
# Check file can be opened (and read)
try:
fp = open(filePath, 'r')
fp.close()
except IOError as e:
if e.errno == errno.EACCES:
raise IOError(
"Error while trying to open the file {0}, more permissions are required to read it."
).format(filePath)
else:
raise e
# Check (and configure) the bpf filter
packetReader = pcapy.open_offline(filePath)
try:
packetReader.setfilter(bpfFilter)
except:
raise ValueError(
"The provided BPF filter is not valid (it should follow the BPF format)"
)
# Check the datalink
self.datalink = packetReader.datalink()
if self.datalink not in list(PCAPImporter.SUPPORTED_DATALINKS.keys()):
self._logger.debug("Unkown datalinks")
if self.importLayer > 1 and self.datalink != pcapy.DLT_EN10MB and self.datalink != pcapy.DLT_LINUX_SLL and self.datalink != PCAPImporter.PROTOCOL201:
errorMessage = _("This pcap cannot be imported since the " +
"layer 2 is not supported ({0})").format(
str(self.datalink))
raise NetzobImportException("PCAP", errorMessage,
self.INVALID_LAYER2)
else:
packetReader.loop(nbPackets, self.__packetHandler)
def __packetHandler(self, header, payload):
"""Internal callback executed on each packet when parsing the pcap"""
(secs, usecs) = header.getts()
epoch = secs + (usecs / 1000000.0)
if self.importLayer == 1 or self.importLayer == 2:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2 of a packet: {0}".
format(e))
return
if len(l2Payload) == 0:
return
# Build the L2NetworkMessage
l2Message = L2NetworkMessage(payload, epoch, l2Proto, l2SrcAddr,
l2DstAddr)
self.messages.add(l2Message)
elif self.importLayer == 3:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload, etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload, ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
except NetzobImportException as e:
self._logger.warn("An error occured while decoding layer2 and layer3 of a packet: {0}".format(e))
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload,
ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2 and layer3 of a packet: {0}".
format(e))
return
if len(l3Payload) == 0:
return
# Build the L3NetworkMessage
l3Message = L3NetworkMessage(l2Payload, epoch, l2Proto, l2SrcAddr,
l2DstAddr, l3Proto, l3SrcAddr,
l3DstAddr)
self.messages.add(l3Message)
elif self.importLayer == 4:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload,
ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
(l4Proto, l4SrcPort, l4DstPort,
l4Payload) = self.__decodeLayer4(ipProtocolNum, l3Payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2, layer3 or layer4 of a packet: {0}".
format(e))
return
if len(l4Payload) == 0:
return
# Build the L4NetworkMessage
l4Message = L4NetworkMessage(
l3Payload, epoch, l2Proto, l2SrcAddr, l2DstAddr, l3Proto,
l3SrcAddr, l3DstAddr, l4Proto, l4SrcPort, l4DstPort)
self.messages.add(l4Message)
else:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload,
ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
(l4Proto, l4SrcPort, l4DstPort,
l4Payload) = self.__decodeLayer4(ipProtocolNum, l3Payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2, layer3, layer4 or layer5 of a packet: {0}".
format(e))
return
if len(l4Payload) == 0:
return
l5Message = L4NetworkMessage(
l4Payload, epoch, l2Proto, l2SrcAddr, l2DstAddr, l3Proto,
l3SrcAddr, l3DstAddr, l4Proto, l4SrcPort, l4DstPort)
self.messages.add(l5Message)
def __decodeLayer2(self, header, payload):
"""Internal method that parses the specified header and extracts
layer2 related proprieties."""
def formatMacAddress(arrayMac):
return ":".join("{0:0>2}".format(hex(b)[2:])
for b in arrayMac.tolist())
if self.datalink == pcapy.DLT_EN10MB:
l2Decoder = Decoders.EthDecoder()
l2Proto = "Ethernet"
layer2 = l2Decoder.decode(payload)
l2SrcAddr = formatMacAddress(layer2.get_ether_shost())
l2DstAddr = formatMacAddress(layer2.get_ether_dhost())
l2Payload = payload[layer2.get_header_size():]
etherType = layer2.get_ether_type()
elif self.datalink == pcapy.DLT_LINUX_SLL:
l2Decoder = Decoders.LinuxSLLDecoder()
l2Proto = "Linux SLL"
layer2 = l2Decoder.decode(payload)
l2SrcAddr = layer2.get_addr()
l2DstAddr = None
l2Payload = payload[layer2.get_header_size():]
etherType = layer2.get_ether_type()
elif self.datalink == PCAPImporter.PROTOCOL201:
l2Proto = "Protocol 201"
hdr = payload.encode('hex')[0:8]
if hdr[6:] == "01":
l2SrcAddr = "Received"
else:
l2SrcAddr = "Sent"
l2DstAddr = None
l2Payload = payload[8:]
etherType = payload[4:6]
return (l2Proto, l2SrcAddr, l2DstAddr, l2Payload, etherType)
def __decodeLayer3(self, etherType, l2Payload):
"""Internal method that parses the specified header and extracts
layer3 related proprieties."""
if etherType == Packets.IP.ethertype:
l3Proto = "IP"
l3Decoder = Decoders.IPDecoder()
layer3 = l3Decoder.decode(l2Payload)
paddingSize = len(l2Payload) - layer3.get_ip_len()
l3SrcAddr = layer3.get_ip_src()
l3DstAddr = layer3.get_ip_dst()
l3Payload = l2Payload[layer3.get_header_size():]
if paddingSize > 0 and len(l3Payload) > paddingSize:
l3Payload = l3Payload[:len(l3Payload) - paddingSize]
ipProtocolNum = layer3.get_ip_p()
return (l3Proto, l3SrcAddr, l3DstAddr, l3Payload, ipProtocolNum)
else:
warnMessage = _("Cannot import one of the provided packets since "
+ "its layer 3 is unsupported (Only IP is " +
"currently supported, packet ethernet " +
"type = {0})").format(etherType)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage,
self.INVALID_LAYER3)
def __decodeLayer4(self, ipProtocolNum, l3Payload):
"""Internal method that parses the specified header and extracts
layer4 related proprieties."""
if ipProtocolNum == Packets.UDP.protocol:
l4Proto = "UDP"
l4Decoder = Decoders.UDPDecoder()
layer4 = l4Decoder.decode(l3Payload)
l4SrcPort = layer4.get_uh_sport()
l4DstPort = layer4.get_uh_dport()
l4Payload = layer4.get_data_as_string()
return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
elif ipProtocolNum == Packets.TCP.protocol:
l4Proto = "TCP"
l4Decoder = Decoders.TCPDecoder()
layer4 = l4Decoder.decode(l3Payload)
l4SrcPort = layer4.get_th_sport()
l4DstPort = layer4.get_th_dport()
l4Payload = layer4.get_data_as_string()
return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
else:
warnMessage = _("Cannot import one of the provided packets since " +
"its layer 4 is unsupported (Only UDP and TCP " +
"are currently supported, packet IP protocol " +
"number = {0})").format(ipProtocolNum)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage, self.INVALID_LAYER4)
@typeCheck(list, str, int, int)
def readMessages(self, filePathList, bpfFilter="", importLayer=5, nbPackets=0):
warnMessage = _("Cannot import one of the provided packets since "
+ "its layer 4 is unsupported (Only UDP and TCP " +
"are currently supported, packet IP protocol " +
"number = {0})").format(ipProtocolNum)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage,
self.INVALID_LAYER4)
@typeCheck(list, str, int, int, bool)
def readMessages(self,
filePathList,
bpfFilter="",
importLayer=5,
nbPackets=0,
mergePacketsInFlow=False,
):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).
Finally, the number of packets to capture can be specified.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the "
+ "file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("PCAP", "\n".join(errorMessageList))
# Verify the expected import layer
availableLayers = [1, 2, 3, 4, 5]
if importLayer not in availableLayers:
raise Exception(
"Only layers level {0} are available.".format(availableLayers))
self.importLayer = importLayer
# Call the method that does the import job for each PCAP file
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, bpfFilter, nbPackets)
#Create a session and attribute it to messages:
session = Session(list(self.messages.values()),name=filePath)
for message in self.messages.values():
message.session = session
# if requested, we merge consecutive messages that share same source and destination
if mergePacketsInFlow:
mergedMessages = SortedTypedList(AbstractMessage)
previousMessage = None
for message in self.messages.values():
if previousMessage is not None and message.source == previousMessage.source and message.destination == previousMessage.destination:
previousMessage.data += message.data
else:
mergedMessages.add(message)
previousMessage = message
self.messages = mergedMessages
return self.messages
@staticmethod
@typeCheck(list, str, int, int, bool)
def readFiles(filePathList, bpfFilter="", importLayer=5, nbPackets=0, mergePacketsInFlow=False):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload)
The number of packets to capture can be specified.
:param filePathList: a list of pcap files to read
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
importer = PCAPImporter()
return importer.readMessages(filePathList,bpfFilter, importLayer, nbPackets, mergePacketsInFlow)
@staticmethod
@typeCheck(str, str, int, int, bool)
def readFile(filePath, bpfFilter="", importLayer=5, nbPackets=0, mergePacketsInFlow=False):
"""Read all messages from the specified PCAP file. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload) and merge consecutive messages with same source and destination.
Finally, the number of packets to capture can be specified.
:param filePath: the pcap path
:type filePath: :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
importer = PCAPImporter()
return importer.readFiles([filePath], bpfFilter, importLayer,
nbPackets, mergePacketsInFlow)
@staticmethod
@typeCheck(L2NetworkMessage)
def getMessageDetails(message):
"""Decode a raw network message and print the content of each
encapsulated layer.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
"""
decoder = Decoders.EthDecoder()
return decoder.decode(
TypeConverter.convert(message.data, HexaString, Raw))
def readMessages(self,
filePathList,
bpfFilter="",
importLayer=5,
nbPackets=0,
mergePacketsInFlow=False,
):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).
Finally, the number of packets to capture can be specified.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the "
+ "file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("PCAP", "\n".join(errorMessageList))
# Verify the expected import layer
availableLayers = [1, 2, 3, 4, 5]
if importLayer not in availableLayers:
raise Exception(
"Only layers level {0} are available.".format(availableLayers))
self.importLayer = importLayer
# Call the method that does the import job for each PCAP file
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, bpfFilter, nbPackets)
#Create a session and attribute it to messages:
session = Session(list(self.messages.values()),name=filePath)
for message in self.messages.values():
message.session = session
# if requested, we merge consecutive messages that share same source and destination
if mergePacketsInFlow:
mergedMessages = SortedTypedList(AbstractMessage)
previousMessage = None
for message in self.messages.values():
if previousMessage is not None and message.source == previousMessage.source and message.destination == previousMessage.destination:
previousMessage.data += message.data
else:
mergedMessages.add(message)
previousMessage = message
self.messages = mergedMessages
return self.messages
def clearEncodingFunctions(self):
"""Remove all the encoding functions attached to the current element"""
self.__encodingFunctions = SortedTypedList(EncodingFunction)
for child in self.fields:
child.clearEncodingFunctions()
class AbstractField(AbstractMementoCreator, metaclass=abc.ABCMeta):
"""Represents all the different classes which participates in fields definitions of a message format."""
def __init__(self, name=None):
self.id = uuid.uuid4()
self.name = name
self.description = ""
self.__fields = TypedList(AbstractField)
self.__parent = None
self.__encodingFunctions = SortedTypedList(EncodingFunction)
self.__visualizationFunctions = TypedList(VisualizationFunction)
self.__transformationFunctions = TypedList(TransformationFunction)
self._variable = None
@typeCheck(bool, bool, bool)
def getCells(self, encoded=True, styled=True, transposed=False):
"""Returns a matrix with a different line for each messages attached to the symbol of the current element.
The matrix includes a different column for each leaf children of the current element.
In each cell, the slices of messages once aligned.
Attached :class:`EncodingFunction` can also be considered if parameter encoded is set to True.
In addition, visualizationFunctions are also applied if parameter styled is set to True.
If parameter Transposed is set to True, the matrix is built with rows for fields and columns for messages.
>>> from netzob.all import *
>>> messages = [RawMessage("hello {0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby', 'lapy'] for city in ['Paris', 'Berlin', 'New-York']]
>>> fh1 = Field(ASCII("hello "), name="hello")
>>> fh2 = Field(Alt([ASCII("netzob"), ASCII("zoby"), ASCII("lapy"), ASCII("sygus")]), name="pseudo")
>>> fheader = Field(name="header")
>>> fheader.fields = [fh1, fh2]
>>> fb1 = Field(ASCII(", what's up in "), name="whatsup")
>>> fb2 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> fb3 = Field(" ?", name="end")
>>> fbody = Field(name="body")
>>> fbody.fields = [fb1, fb2, fb3]
>>> symbol = Symbol([fheader, fbody], messages=messages)
>>> print(symbol)
hello | pseudo | whatsup | city | end
-------- | -------- | ----------------- | ---------- | ----
'hello ' | 'netzob' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'New-York' | ' ?'
-------- | -------- | ----------------- | ---------- | ----
>>> fh1.addEncodingFunction(TypeEncodingFunction(HexaString))
>>> fb2.addEncodingFunction(TypeEncodingFunction(HexaString))
>>> print(symbol)
hello | pseudo | whatsup | city | end
-------------- | -------- | ----------------- | ------------------ | ----
'68656c6c6f20' | 'netzob' | ", what's up in " | '5061726973' | ' ?'
'68656c6c6f20' | 'netzob' | ", what's up in " | '4265726c696e' | ' ?'
'68656c6c6f20' | 'netzob' | ", what's up in " | '4e65772d596f726b' | ' ?'
'68656c6c6f20' | 'zoby' | ", what's up in " | '5061726973' | ' ?'
'68656c6c6f20' | 'zoby' | ", what's up in " | '4265726c696e' | ' ?'
'68656c6c6f20' | 'zoby' | ", what's up in " | '4e65772d596f726b' | ' ?'
'68656c6c6f20' | 'lapy' | ", what's up in " | '5061726973' | ' ?'
'68656c6c6f20' | 'lapy' | ", what's up in " | '4265726c696e' | ' ?'
'68656c6c6f20' | 'lapy' | ", what's up in " | '4e65772d596f726b' | ' ?'
-------------- | -------- | ----------------- | ------------------ | ----
>>> print(fheader.getCells())
Field | Field
-------------- | --------
'68656c6c6f20' | 'netzob'
'68656c6c6f20' | 'netzob'
'68656c6c6f20' | 'netzob'
'68656c6c6f20' | 'zoby'
'68656c6c6f20' | 'zoby'
'68656c6c6f20' | 'zoby'
'68656c6c6f20' | 'lapy'
'68656c6c6f20' | 'lapy'
'68656c6c6f20' | 'lapy'
-------------- | --------
>>> print(fh1.getCells())
Field
--------------
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
--------------
>>> print(fh2.getCells())
Field
--------
'netzob'
'netzob'
'netzob'
'zoby'
'zoby'
'zoby'
'lapy'
'lapy'
'lapy'
--------
>>> print(fbody.getCells())
Field | Field | Field
----------------- | ------------------ | -----
", what's up in " | '5061726973' | ' ?'
", what's up in " | '4265726c696e' | ' ?'
", what's up in " | '4e65772d596f726b' | ' ?'
", what's up in " | '5061726973' | ' ?'
", what's up in " | '4265726c696e' | ' ?'
", what's up in " | '4e65772d596f726b' | ' ?'
", what's up in " | '5061726973' | ' ?'
", what's up in " | '4265726c696e' | ' ?'
", what's up in " | '4e65772d596f726b' | ' ?'
----------------- | ------------------ | -----
>>> print(fb1.getCells())
Field
-----------------
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
-----------------
>>> print(fb2.getCells())
Field
------------------
'5061726973'
'4265726c696e'
'4e65772d596f726b'
'5061726973'
'4265726c696e'
'4e65772d596f726b'
'5061726973'
'4265726c696e'
'4e65772d596f726b'
------------------
>>> print(fb3.getCells())
Field
-----
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
-----
:keyword encoded: if set to True, encoding functions are applied on returned cells
:type encoded: :class:`bool`
:keyword styled: if set to True, visualization functions are applied on returned cells
:type styled: :class:`bool`
:keyword transposed: is set to True, the returned matrix is transposed (1 line for each field)
:type transposed: :class:`bool`
:return: a matrix representing the aligned messages following fields definitions.
:rtype: a :class:`netzob.Common.Utils.MatrixList.MatrixList`
:raises: :class:`netzob.Model.Vocabulary.AbstractField.AlignmentException` if an error occurs while aligning messages
"""
if len(self.messages) < 1:
raise ValueError("This symbol does not contain any message.")
# Fetch all the data to align
data = [message.data for message in self.messages]
# [DEBUG] set to false for debug only. A sequential alignment is more simple to debug
useParallelAlignment = False
if useParallelAlignment:
# Execute a parallel alignment
from netzob.Common.Utils.DataAlignment.ParallelDataAlignment import ParallelDataAlignment
return ParallelDataAlignment.align(data, self, encoded=encoded)
else:
# Execute a sequential alignment
from netzob.Common.Utils.DataAlignment.DataAlignment import DataAlignment
return DataAlignment.align(data, self, encoded=encoded)
@typeCheck(bool, bool)
def getValues(self, encoded=True, styled=True):
"""Returns all the values the current element can take following messages attached to the symbol of current element.
Specific encodingFunctions can also be considered if parameter encoded is set to True.
In addition, visualizationFunctions are also applied if parameter styled is set to True.
>>> from netzob.all import *
>>> messages = [RawMessage("hello {0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby', 'lapy'] for city in ['Paris', 'Berlin', 'New-York']]
>>> f1 = Field("hello ", name="hello")
>>> f2 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
>>> f3 = Field(", what's up in ", name="whatsup")
>>> f4 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> f5 = Field(" ?", name="end")
>>> symbol = Symbol([f1, f2, f3, f4, f5], messages=messages)
>>> print(symbol)
hello | pseudo | whatsup | city | end
-------- | -------- | ----------------- | ---------- | ----
'hello ' | 'netzob' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'New-York' | ' ?'
-------- | -------- | ----------------- | ---------- | ----
>>> symbol.addEncodingFunction(TypeEncodingFunction(HexaString))
>>> print(symbol)
hello | pseudo | whatsup | city | end
-------------- | -------------- | -------------------------------- | ------------------ | ------
'68656c6c6f20' | '6e65747a6f62' | '2c2077686174277320757020696e20' | '5061726973' | '203f'
'68656c6c6f20' | '6e65747a6f62' | '2c2077686174277320757020696e20' | '4265726c696e' | '203f'
'68656c6c6f20' | '6e65747a6f62' | '2c2077686174277320757020696e20' | '4e65772d596f726b' | '203f'
'68656c6c6f20' | '7a6f6279' | '2c2077686174277320757020696e20' | '5061726973' | '203f'
'68656c6c6f20' | '7a6f6279' | '2c2077686174277320757020696e20' | '4265726c696e' | '203f'
'68656c6c6f20' | '7a6f6279' | '2c2077686174277320757020696e20' | '4e65772d596f726b' | '203f'
'68656c6c6f20' | '6c617079' | '2c2077686174277320757020696e20' | '5061726973' | '203f'
'68656c6c6f20' | '6c617079' | '2c2077686174277320757020696e20' | '4265726c696e' | '203f'
'68656c6c6f20' | '6c617079' | '2c2077686174277320757020696e20' | '4e65772d596f726b' | '203f'
-------------- | -------------- | -------------------------------- | ------------------ | ------
>>> print(symbol.getValues())
[b'68656c6c6f206e65747a6f622c2077686174277320757020696e205061726973203f', b'68656c6c6f206e65747a6f622c2077686174277320757020696e204265726c696e203f', b'68656c6c6f206e65747a6f622c2077686174277320757020696e204e65772d596f726b203f', b'68656c6c6f207a6f62792c2077686174277320757020696e205061726973203f', b'68656c6c6f207a6f62792c2077686174277320757020696e204265726c696e203f', b'68656c6c6f207a6f62792c2077686174277320757020696e204e65772d596f726b203f', b'68656c6c6f206c6170792c2077686174277320757020696e205061726973203f', b'68656c6c6f206c6170792c2077686174277320757020696e204265726c696e203f', b'68656c6c6f206c6170792c2077686174277320757020696e204e65772d596f726b203f']
>>> print(f1.getValues())
[b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20', b'68656c6c6f20']
>>> print(f2.getValues())
[b'6e65747a6f62', b'6e65747a6f62', b'6e65747a6f62', b'7a6f6279', b'7a6f6279', b'7a6f6279', b'6c617079', b'6c617079', b'6c617079']
>>> print(f3.getValues())
[b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20', b'2c2077686174277320757020696e20']
>>> print(f4.getValues())
[b'5061726973', b'4265726c696e', b'4e65772d596f726b', b'5061726973', b'4265726c696e', b'4e65772d596f726b', b'5061726973', b'4265726c696e', b'4e65772d596f726b']
>>> print(f5.getValues())
[b'203f', b'203f', b'203f', b'203f', b'203f', b'203f', b'203f', b'203f', b'203f']
:keyword encoded: if set to True, encoding functions are applied on returned cells
:type encoded: :class:`bool`
:keyword styled: if set to True, visualization functions are applied on returned cells
:type styled: :class:`bool`
:return: a list detailling all the values current element takes.
:rtype: a :class:`list` of :class:`str`
:raises: :class:`netzob.Model.Vocabulary.AbstractField.AlignmentException` if an error occurs while aligning messages
"""
cells = self.getCells(encoded=encoded, styled=styled)
values = []
for line in cells:
values.append(b''.join(line))
return values
@typeCheck(bool, bool)
def getMessageCells(self, encoded=False, styled=False):
"""Computes and returns the alignment of each message belonging to
the current field as proposed by getCells() method but indexed
per message.
>>> from netzob.all import *
>>> messages = [RawMessage("{0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby'] for city in ['Paris', 'Berlin']]
>>> f1 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
>>> f2 = Field(", what's up in ", name="whatsup")
>>> f3 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> f4 = Field(" ?", name="end")
>>> symbol = Symbol([f1, f2, f3, f4], messages=messages)
>>> print(symbol)
pseudo | whatsup | city | end
-------- | ----------------- | -------- | ----
'netzob' | ", what's up in " | 'Paris' | ' ?'
'netzob' | ", what's up in " | 'Berlin' | ' ?'
'zoby' | ", what's up in " | 'Paris' | ' ?'
'zoby' | ", what's up in " | 'Berlin' | ' ?'
-------- | ----------------- | -------- | ----
>>> messageCells = symbol.getMessageCells()
>>> for message in symbol.messages:
... print(message.data, messageCells[message])
netzob, what's up in Paris ? [b'netzob', b", what's up in ", b'Paris', b' ?']
netzob, what's up in Berlin ? [b'netzob', b", what's up in ", b'Berlin', b' ?']
zoby, what's up in Paris ? [b'zoby', b", what's up in ", b'Paris', b' ?']
zoby, what's up in Berlin ? [b'zoby', b", what's up in ", b'Berlin', b' ?']
:keyword encoded: if set to true, values are encoded
:type encoded: :class:`bool`
:keyword styled: if set to true, values are styled
:type styled: :class:`bool`
:return: a dict indexed by messages that denotes their cells
:rtype: a :class:`dict`
"""
if encoded is None:
raise TypeError("Encoded cannot be None")
if styled is None:
raise TypeError("Styled cannot be None")
result = OrderedDict()
fieldCells = self.getCells(encoded=encoded, styled=styled)
for iMessage, message in enumerate(self.messages):
result[message] = fieldCells[iMessage]
return result
@typeCheck(bool, bool)
def getMessageValues(self, encoded=False, styled=False):
"""Computes and returns the alignment of each message belonging to
the current field as proposed by getValues() method but indexed
per message.
>>> from netzob.all import *
>>> messages = [RawMessage("{0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby'] for city in ['Paris', 'Berlin']]
>>> f1 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
>>> f2 = Field(", what's up in ", name="whatsup")
>>> f3 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> f4 = Field(" ?", name="end")
>>> symbol = Symbol([f1, f2, f3, f4], messages=messages)
>>> print(symbol)
pseudo | whatsup | city | end
-------- | ----------------- | -------- | ----
'netzob' | ", what's up in " | 'Paris' | ' ?'
'netzob' | ", what's up in " | 'Berlin' | ' ?'
'zoby' | ", what's up in " | 'Paris' | ' ?'
'zoby' | ", what's up in " | 'Berlin' | ' ?'
-------- | ----------------- | -------- | ----
>>> messageValues = f3.getMessageValues()
>>> for message in symbol.messages:
... print(message.data, messageValues[message])
netzob, what's up in Paris ? b'Paris'
netzob, what's up in Berlin ? b'Berlin'
zoby, what's up in Paris ? b'Paris'
zoby, what's up in Berlin ? b'Berlin'
:keyword encoded: if set to true, values are encoded
:type encoded: :class:`bool`
:keyword styled: if set to true, values are styled
:type styled: :class:`bool`
:return: a dict indexed by messages that denotes their values
:rtype: a :class:`dict`
"""
if encoded is None:
raise TypeError("Encoded cannot be None")
if styled is None:
raise TypeError("Styled cannot be None")
result = OrderedDict()
fieldValues = self.getValues(encoded=encoded, styled=styled)
for iMessage, message in enumerate(self.messages):
result[message] = fieldValues[iMessage]
return result
# def getMessagesWithValue(self, value):
# """Computes and returns the messages that have a specified value
# in the current field.
# >>> from netzob.all import *
# >>> messages = [RawMessage("hello {0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby', 'lapy'] for city in ['Paris', 'Berlin', 'New-York']]
# >>> f1 = Field("hello ", name="hello")
# >>> f2 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
# >>> f3 = Field(", what's up in ", name="whatsup")
# >>> f4 = Field(["Paris", "Berlin", "New-York"], name="city")
# >>> f5 = Field(" ?", name="end")
# >>> symbol = Symbol([f1, f2, f3, f4, f5], messages=messages)
# >>> print(symbol.specialize())
# >>> print(symbol)
# hello | netzob | , what's up in | Paris | ?
# hello | netzob | , what's up in | Berlin | ?
# hello | netzob | , what's up in | New-York | ?
# hello | zoby | , what's up in | Paris | ?
# hello | zoby | , what's up in | Berlin | ?
# hello | zoby | , what's up in | New-York | ?
# hello | lapy | , what's up in | Paris | ?
# hello | lapy | , what's up in | Berlin | ?
# hello | lapy | , what's up in | New-York | ?
# >>> lapySymbol = Symbol(messages=symbol.fields[1].getMessagesWithValue("lapy"))
# >>> print(lapySymbol)
# hello lapy, what's up in Paris ?
# hello lapy, what's up in Berlin ?
# hello lapy, what's up in New-York ?
# >>> Format.splitStatic(lapySymbol)
# >>> lapySymbol.encodingFunctions.add(TypeEncodingFunction(HexaString))
# >>> print(lapySymbol)
# 68656c6c6f206c6170792c2077686174277320757020696e20 | 5061726973203f
# 68656c6c6f206c6170792c2077686174277320757020696e20 | 4265726c696e203f
# 68656c6c6f206c6170792c2077686174277320757020696e20 | 4e65772d596f726b203f
# :parameter value: a Raw value
# :type value: :class:`object`
# :return: a list of messages
# :rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
# """
# if value is None:
# raise TypeError("Value cannot be None")
# fieldValues = self.getValues(encoded=False, styled=False)
# result = []
# for i_message, message in enumerate(self.messages):
# if fieldValues[i_message] == value:
# result.append(message)
# return result
@abc.abstractmethod
def specialize(self, mutator=None):
"""Specialize and generate a :class:`netzob.Model.Vocabulary.Messages.RawMessage` which content
follows the fields definitions attached to current element.
:keyword mutator: if set, the mutator will be used to mutate the fields definitions
:type mutator: :class:`netzob.Model.Mutators.AbstractMutator`
:return: a generated content represented with an hexastring
:rtype: :class:`str`
:raises: :class:`netzob.Model.Vocabulary.AbstractField.GenerationException` if an error occurs while generating a message
"""
return
@staticmethod
def abstract(data, fields):
"""Search in the fields/symbols the first one that can abstract the data.
>>> from netzob.all import *
>>> messages = ["{0}, what's up in {1} ?".format(pseudo, city) for pseudo in ['netzob', 'zoby'] for city in ['Paris', 'Berlin']]
>>> f1a = Field(name="name", domain="netzob")
>>> f2a = Field(name="question", domain=", what's up in ")
>>> f3a = Field(name="city", domain=Alt(["Paris", "Berlin"]))
>>> f4a = Field(name="mark", domain=" ?")
>>> s1 = Symbol([f1a, f2a, f3a, f4a], name="Symbol-netzob")
>>> f1b = Field(name="name", domain="zoby")
>>> f2b = Field(name="question", domain=", what's up in ")
>>> f3b = Field(name="city", domain=Alt(["Paris", "Berlin"]))
>>> f4b = Field(name="mark", domain=" ?")
>>> s2 = Symbol([f1b, f2b, f3b, f4b], name="Symbol-zoby")
>>> for m in messages:
... (abstractedSymbol, structured_data) = AbstractField.abstract(m, [s1, s2])
... print(structured_data)
... print(abstractedSymbol.name)
OrderedDict([('name', b'netzob'), ('question', b", what's up in "), ('city', b'Paris'), ('mark', b' ?')])
Symbol-netzob
OrderedDict([('name', b'netzob'), ('question', b", what's up in "), ('city', b'Berlin'), ('mark', b' ?')])
Symbol-netzob
OrderedDict([('name', b'zoby'), ('question', b", what's up in "), ('city', b'Paris'), ('mark', b' ?')])
Symbol-zoby
OrderedDict([('name', b'zoby'), ('question', b", what's up in "), ('city', b'Berlin'), ('mark', b' ?')])
Symbol-zoby
:parameter data: the data that should be abstracted in symbol
:type data: :class:`str`
:parameter fields: a list of fields/symbols targeted during the abstraction process
:type fields: :class:`list` of :class:`netzob.Model.Vocabulary.AbstractField`
:return: a field/symbol and the structured received message
:rtype: a tuple (:class:`netzob.Model.Vocabulary.AbstractField`, dict)
:raises: :class:`netzob.Model.Vocabulary.AbstractField.AbstractionException` if an error occurs while abstracting the data
"""
from netzob.Common.Utils.DataAlignment.DataAlignment import DataAlignment
for field in fields:
try:
# Try to align/parse the data with the current field
alignedData = DataAlignment.align([data], field, encoded=False)
# If it matches, we build a dict that contains, for each field, the associated value that was present in the message
structured_data = OrderedDict()
for fields_value in alignedData:
for i, field_value in enumerate(fields_value):
structured_data[alignedData.headers[i]] = field_value
return (field, structured_data)
except:
pass
from netzob.Model.Vocabulary.UnknownSymbol import UnknownSymbol
from netzob.Model.Vocabulary.Messages.RawMessage import RawMessage
unknown_symbol = UnknownSymbol(RawMessage(data))
structured_data = OrderedDict()
logging.error(
"Impossible to abstract the message in one of the specified symbols, we create an unknown symbol for it: '%s'",
unknown_symbol)
return (unknown_symbol, structured_data)
def getSymbol(self):
"""Computes the symbol to which this field is attached.
To retrieve it, this method recursively call the parent of the current object until the root is found.
If the last root is not a :class:`netzob.Model.Vocabulary.Symbol`, it raises an Exception.
:returns: the symbol if available
:type: :class:`netzob.Model.Vocabulary.Symbol`
:raises: :class:`netzob.Model.Vocabulary.AbstractField.NoSymbolException`
"""
from netzob.Model.Vocabulary.Symbol import Symbol
if isinstance(self, Symbol):
return self
elif self.hasParent():
return self.parent.getSymbol()
else:
raise NoSymbolException(
"Impossible to retrieve the symbol attached to this element")
def getLeafFields(self,
depth=None,
currentDepth=0,
includePseudoFields=False):
"""Extract the leaf fields to consider regarding the specified depth
>>> from netzob.all import *
>>> field = Field("hello", name="F0")
>>> print([f.name for f in field.getLeafFields()])
['F0']
>>> field = Field(name="L0")
>>> headerField = Field(name="L0_header")
>>> payloadField = Field(name="L0_payload")
>>> footerField = Field(name="L0_footer")
>>> fieldL1 = Field(name="L1")
>>> fieldL1_header = Field(name="L1_header")
>>> fieldL1_payload = Field(name="L1_payload")
>>> fieldL1.fields = [fieldL1_header, fieldL1_payload]
>>> payloadField.fields = [fieldL1]
>>> field.fields = [headerField, payloadField, footerField]
>>> print([f.name for f in field.getLeafFields(depth=None)])
['L0_header', 'L1_header', 'L1_payload', 'L0_footer']
>>> print([f.name for f in field.getLeafFields(depth=0)])
['L0']
>>> print([f.name for f in field.getLeafFields(depth=1)])
['L0_header', 'L0_payload', 'L0_footer']
>>> print([f.name for f in field.getLeafFields(depth=2)])
['L0_header', 'L1', 'L0_footer']
:return: the list of leaf fields
:rtype: :class:`list` of :class:`netzob.Model.Vocabulary.AbstractField.AbstractField`.
"""
if currentDepth is None:
currentDepth = 0
if len(self.fields) == 0:
return [self]
if currentDepth == depth:
return [self]
leafFields = []
for fields in self.fields:
# Handle case where the field is pseudo (meaning it does not procude concrete value)
if fields.isPseudoField:
if includePseudoFields:
pass
else:
continue
if fields is not None:
leafFields.extend(
fields.getLeafFields(depth, currentDepth + 1,
includePseudoFields))
return leafFields
def hasParent(self):
"""Computes if the current element has a parent.
:returns: True if current element has a parent.
:rtype: :class:`bool`
"""
return self.__parent is not None
def clearFields(self):
"""Remove all the children attached to the current element"""
while (len(self.__fields) > 0):
self.__fields.pop()
def clearEncodingFunctions(self):
"""Remove all the encoding functions attached to the current element"""
self.__encodingFunctions.clear()
for child in self.fields:
child.clearEncodingFunctions()
def clearVisualizationFunctions(self):
"""Remove all the visualization functions attached to the current element"""
while (len(self.__visualizationFunctions) > 0):
self.__visualizationFunctions.pop()
def clearTransformationFunctions(self):
"""Remove all the transformation functions attached to the current element"""
while (len(self.__transformationFunctions) > 0):
self.__transformationFunctions.pop()
# Standard methods
def __str__(self):
result = self.getCells(encoded=True)
return str(result)
@typeCheck(int)
def _str_debug(self, deepness=0):
"""Returns a string which denotes
the current field definition using a tree display"""
tab = ["|-- " for x in range(deepness)]
tab.append(str(self.name))
lines = [''.join(tab)]
from netzob.Model.Vocabulary.Field import Field
if isinstance(self, Field):
lines.append(self.domain._str_debug(deepness + 1))
for f in self.fields:
lines.append(f._str_debug(deepness + 1))
return '\n'.join(lines)
# PROPERTIES
@property
def id(self):
"""Unique identifier of the field.
This value must be a unique UUID instance (generated with uuid.uuid4()).
:type: :class:`uuid.UUID`
:raises: :class:`TypeError`, :class:`ValueError`
"""
return self.__id
@id.setter
@typeCheck(uuid.UUID)
def id(self, id):
if id is None:
raise ValueError("id is Mandatory.")
self.__id = id
@property
def name(self):
"""Public name (may not be unique), default value is None
:type: :class:`str`
:raises: :class:`TypeError`
"""
return self.__name
@name.setter
@typeCheck(str)
def name(self, name):
self.__name = name
@property
def description(self):
"""User description of the field. Default value is ''.
:type: :class:`str`
:raises: :class:`TypeError`
"""
return self.__description
@description.setter
@typeCheck(str)
def description(self, description):
self.__description = description
@property
def encodingFunctions(self):
"""Sorted typed list of encoding function to attach on field.
.. note:: list implemented as a :class:`netzob.Common.Utils.TypedList.TypedList`
:type: a list of :class:`netzob.Model.Vocabulary.Functions.EncodingFunction`
:raises: :class:`TypeError`
.. warning:: Setting this value with a list copies its members and not the list itself.
"""
return self.__encodingFunctions
@encodingFunctions.setter
def encodingFunctions(self, encodingFunctions):
self.clearEncodingFunctions()
for encodingFunction in encodingFunctions:
self.addEncodingFunction(encodingFunction)
def addEncodingFunction(self, encodingFunction):
self.encodingFunctions.add(encodingFunction)
for child in self.fields:
child.addEncodingFunction(encodingFunction)
@property
def visualizationFunctions(self):
"""Sorted list of visualization function to attach on field.
:type: a list of :class:`netzob.Model.Vocabulary.Functions.VisualizationFunction`
:raises: :class:`TypeError`
.. warning:: Setting this value with a list copies its members and not the list itself.
"""
return self.__visualizationFunctions
@visualizationFunctions.setter
def visualizationFunctions(self, visualizationFunctions):
self.clearVisualizationFunctions()
self.visualizationFunctions.extend(visualizationFunctions)
@property
def transformationFunctions(self):
"""Sorted list of transformation function to attach on field.
:type: a list of :class:`netzob.Model.Vocabulary.Functions.TransformationFunction`
:raises: :class:`TypeError`
.. warning:: Setting this value with a list copies its members and not the list itself.
"""
return self.__transformationFunctions
@transformationFunctions.setter
def transformationFunctions(self, transformationFunctions):
self.clearTransformationFunctions()
self.transformationFunctions.extend(transformationFunctions)
@property
def fields(self):
"""Sorted list of field fields."""
return self.__fields
@fields.setter
def fields(self, fields):
from netzob.Model.Vocabulary.Field import Field
# First it checks the specified children are abstractfiled
if fields is not None:
for c in fields:
if not isinstance(c, Field):
raise TypeError(
"Cannot edit the fields because at least one specified element is not an AbstractField its a {0}."
.format(type(c)))
self.clearFields()
if fields is not None:
for c in fields:
c.parent = self
self.__fields.append(c)
@property
def parent(self):
"""The parent of this current element.
If current element has no parent, its value is **None**.
:type: a :class:`netzob.Model.Vocabulary.AbstractField.AbstractField`
:raises: :class:`TypeError`
"""
return self.__parent
@parent.setter
def parent(self, parent):
if not isinstance(parent, AbstractField):
raise TypeError(
"Specified parent must be an AbstractField and not an {0}".
format(type(parent)))
self.__parent = parent
def storeInMemento(self):
pass
def restoreFromMemento(self, memento):
pass
class Session(object):
"""A session includes messages exchanged in the same session. Messages
are automaticaly sorted.
Applicative data can be attached to sessions.
>>> import time
>>> from netzob.all import *
>>> # we create 3 messages
>>> msg1 = RawMessage("ACK", source="A", destination="B", date=time.mktime(time.strptime("9 Aug 13 10:45:05", "%d %b %y %H:%M:%S")))
>>> msg2 = RawMessage("SYN", source="A", destination="B", date=time.mktime(time.strptime("9 Aug 13 10:45:01", "%d %b %y %H:%M:%S")))
>>> msg3 = RawMessage("SYN/ACK", source="B", destination="A", date=time.mktime(time.strptime("9 Aug 13 10:45:03", "%d %b %y %H:%M:%S")))
>>> session = Session([msg1, msg2, msg3])
>>> print(session.messages.values()[0].data)
SYN
>>> print(session.messages.values()[1].data)
SYN/ACK
>>> print(session.messages.values()[2].data)
ACK
"""
def __init__(self,
messages=None,
_id=None,
applicativeData=None,
name="Session"):
"""
:parameter messages: the messages exchanged in the current session
:type data: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
:parameter _id: the unique identifier of the session
:type _id: :class:`uuid.UUID`
:keyword applicativeData: a list of :class:`netzob.Model.Vocabulary.ApplicaticeData.ApplicativeData`
"""
self.__messages = SortedTypedList(AbstractMessage)
self.__applicativeData = TypedList(ApplicativeData)
if messages is None:
messages = []
self.messages = messages
if _id is None:
_id = uuid.uuid4()
self.id = _id
if applicativeData is None:
applicativeData = []
self.applicativeData = applicativeData
self.name = name
@property
def id(self):
"""The unique identifier of the session.
:type: :class:`uuid.UUID`
"""
return self.__id
@id.setter
@typeCheck(uuid.UUID)
def id(self, _id):
if _id is None:
raise TypeError("Id cannot be None")
self.__id = _id
@property
def messages(self):
"""The messages exchanged in the current session.
Messages are sorted.
:type: a :class:`netzob.Common.Utils.TypedList.TypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
"""
return self.__messages
def clearMessages(self):
"""Delete all the messages attached to the current session"""
for msg in list(self.__messages.values()):
msg.session = None
self.__messages.clear()
@messages.setter
def messages(self, messages):
if messages is None:
messages = []
# First it checks the specified messages are all AbstractMessages
for msg in messages:
if not isinstance(msg, AbstractMessage):
raise TypeError(
"Cannot add messages of type {0} in the session, only AbstractMessages are allowed."
.format(type(msg)))
self.clearMessages()
for message in messages:
self.__messages.add(message)
message.session = self
@property
def applicativeData(self):
"""Applicative data attached to the current session.
>>> from netzob.all import *
>>> appData = ApplicativeData("test", Integer(20))
>>> session = Session(applicativeData=[appData])
>>> print(len(session.applicativeData))
1
>>> appData2 = ApplicativeData("test2", ASCII("helloworld"))
>>> session.applicativeData.append(appData2)
>>> print(len(session.applicativeData))
2
>>> print(session.applicativeData[0])
Applicative Data: test=Integer=20 ((8, 8)))
>>> print(session.applicativeData[1])
Applicative Data: test2=ASCII=helloworld ((0, 80)))
:type: a list of :class:`netzob.Model.Vocabulary.ApplicativeData.ApplicativeData`.
"""
return self.__applicativeData
def clearApplicativeData(self):
while (len(self.__applicativeData) > 0):
self.__applicativeData.pop()
@applicativeData.setter
def applicativeData(self, applicativeData):
for app in applicativeData:
if not isinstance(app, ApplicativeData):
raise TypeError(
"Cannot add an applicative data with type {0}, only ApplicativeData accepted."
.format(type(app)))
self.clearApplicativeData()
for app in applicativeData:
self.applicativeData.append(app)
@property
def name(self):
return self.__name
@name.setter
@typeCheck(str)
def name(self, _name):
if _name is None:
raise TypeError("Name cannot be None")
self.__name = _name
def getEndpointsList(self):
"""Retrieve all the endpoints couples that are present in the
session.
>>> from netzob.all import *
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="C")
>>> session = Session([msg1, msg2, msg3])
>>> print(len(session.getEndpointsList()))
2
>>> print(session.getEndpointsList())
[('A', 'B'), ('A', 'C')]
:return: a list containing couple of endpoints (src, dst).
:rtype: a :class:`list`
"""
endpointsList = []
for message in list(self.messages.values()):
src = message.source
dst = message.destination
endpoints1 = (src, dst)
endpoints2 = (dst, src)
if (not endpoints1 in endpointsList) and (not endpoints2
in endpointsList):
endpointsList.append(endpoints1)
return endpointsList
def getTrueSessions(self):
"""Retrieve the true sessions embedded in the current
session. A session is here characterized by a uniq endpoints
couple.
TODO: a more precise solution would be to use flow
reconstruction (as in TCP).
>>> from netzob.all import *
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="C")
>>> session = Session([msg1, msg2, msg3])
>>> print(len(session.getTrueSessions()))
2
>>> for trueSession in session.getTrueSessions():
... print(trueSession.name)
Session: 'A' - 'B'
Session: 'A' - 'C'
:return: a list containing true sessions embedded in the current session.
:rtype: a :class:`list`
"""
trueSessions = []
for endpoints in self.getEndpointsList():
trueSessionMessages = []
src = None
dst = None
for message in list(self.messages.values()):
if message.source in endpoints and message.destination in endpoints:
trueSessionMessages.append(message)
if src is None:
src = message.source
if dst is None:
dst = message.destination
trueSession = Session(messages=trueSessionMessages,
applicativeData=self.applicativeData,
name="Session: '" + str(src) + "' - '" +
str(dst) + "'")
trueSessions.append(trueSession)
return trueSessions
def isTrueSession(self):
"""Tell if the current session is true. A session is said to
be true if the communication flow pertain to a uniq
applicative session between a couple of endpoints.
>>> from netzob.all import *
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="B")
>>> session = Session([msg1, msg2, msg3])
>>> print(session.isTrueSession())
True
:return: a boolean telling if the current session is a true one (i.e. it corresponds to a uniq applicative session between two endpoints).
:rtype: a :class:`bool`
"""
if len(self.getTrueSessions()) == 1:
return True
else:
return False
@typeCheck(list)
def abstract(self, symbolList):
"""This method abstract each message of the current session
into symbols according to a list of symbols given as
parameter.
>>> from netzob.all import *
>>> symbolSYN = Symbol([Field(ASCII("SYN"))], name="Symbol_SYN")
>>> symbolSYNACK = Symbol([Field(ASCII("SYN/ACK"))], name="Symbol_SYNACK")
>>> symbolACK = Symbol([Field(ASCII("ACK"))], name="Symbol_ACK")
>>> symbolList = [symbolSYN, symbolSYNACK, symbolACK]
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="B")
>>> session = Session([msg1, msg2, msg3])
>>> if session.isTrueSession():
... for src, dst, sym in session.abstract(symbolList):
... print(str(src) + " - " + str(dst) + " : " + str(sym.name))
A - B : Symbol_SYN
B - A : Symbol_SYNACK
A - B : Symbol_ACK
:return: a list of tuples containing the following elements : (source, destination, symbol).
:rtype: a :class:`list`
"""
abstractSession = []
if not self.isTrueSession():
self._logger.warn(
"The current session cannot be abstracted as it not a true session (i.e. it may contain inner true sessions)."
)
return abstractSession
for message in list(self.messages.values()):
symbol = AbstractField.abstract(message.data, symbolList)
abstractSession.append(
(message.source, message.destination, symbol))
return abstractSession
class Session(object):
"""A session includes messages exchanged in the same session. Messages
are automaticaly sorted.
Applicative data can be attached to sessions.
>>> import time
>>> from netzob.all import *
>>> # we create 3 messages
>>> msg1 = RawMessage("ACK", source="A", destination="B", date=time.mktime(time.strptime("9 Aug 13 10:45:05", "%d %b %y %H:%M:%S")))
>>> msg2 = RawMessage("SYN", source="A", destination="B", date=time.mktime(time.strptime("9 Aug 13 10:45:01", "%d %b %y %H:%M:%S")))
>>> msg3 = RawMessage("SYN/ACK", source="B", destination="A", date=time.mktime(time.strptime("9 Aug 13 10:45:03", "%d %b %y %H:%M:%S")))
>>> session = Session([msg1, msg2, msg3])
>>> print(session.messages.values()[0].data)
SYN
>>> print(session.messages.values()[1].data)
SYN/ACK
>>> print(session.messages.values()[2].data)
ACK
"""
def __init__(self,
messages=None,
_id=None,
applicativeData=None,
name="Session"):
"""
:parameter messages: the messages exchanged in the current session
:type data: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
:parameter _id: the unique identifier of the session
:type _id: :class:`uuid.UUID`
:keyword applicativeData: a list of :class:`netzob.Model.Vocabulary.ApplicaticeData.ApplicativeData`
"""
self.__messages = SortedTypedList(AbstractMessage)
self.__applicativeData = TypedList(ApplicativeData)
if messages is None:
messages = []
self.messages = messages
if _id is None:
_id = uuid.uuid4()
self.id = _id
if applicativeData is None:
applicativeData = []
self.applicativeData = applicativeData
self.name = name
@property
def id(self):
"""The unique identifier of the session.
:type: :class:`uuid.UUID`
"""
return self.__id
@id.setter
@typeCheck(uuid.UUID)
def id(self, _id):
if _id is None:
raise TypeError("Id cannot be None")
self.__id = _id
@property
def messages(self):
"""The messages exchanged in the current session.
Messages are sorted.
:type: a :class:`netzob.Common.Utils.TypedList.TypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
"""
return self.__messages
def clearMessages(self):
"""Delete all the messages attached to the current session"""
for msg in list(self.__messages.values()):
msg.session = None
self.__messages.clear()
@messages.setter
def messages(self, messages):
if messages is None:
messages = []
# First it checks the specified messages are all AbstractMessages
for msg in messages:
if not isinstance(msg, AbstractMessage):
raise TypeError(
"Cannot add messages of type {0} in the session, only AbstractMessages are allowed.".
format(type(msg)))
self.clearMessages()
for message in messages:
self.__messages.add(message)
message.session = self
@property
def applicativeData(self):
"""Applicative data attached to the current session.
>>> from netzob.all import *
>>> appData = ApplicativeData("test", Integer(20))
>>> session = Session(applicativeData=[appData])
>>> print(len(session.applicativeData))
1
>>> appData2 = ApplicativeData("test2", ASCII("helloworld"))
>>> session.applicativeData.append(appData2)
>>> print(len(session.applicativeData))
2
>>> print(session.applicativeData[0])
Applicative Data: test=Integer=20 ((8, 8)))
>>> print(session.applicativeData[1])
Applicative Data: test2=ASCII=helloworld ((0, 80)))
:type: a list of :class:`netzob.Model.Vocabulary.ApplicativeData.ApplicativeData`.
"""
return self.__applicativeData
def clearApplicativeData(self):
while (len(self.__applicativeData) > 0):
self.__applicativeData.pop()
@applicativeData.setter
def applicativeData(self, applicativeData):
for app in applicativeData:
if not isinstance(app, ApplicativeData):
raise TypeError(
"Cannot add an applicative data with type {0}, only ApplicativeData accepted.".
format(type(app)))
self.clearApplicativeData()
for app in applicativeData:
self.applicativeData.append(app)
@property
def name(self):
return self.__name
@name.setter
@typeCheck(str)
def name(self, _name):
if _name is None:
raise TypeError("Name cannot be None")
self.__name = _name
def getEndpointsList(self):
"""Retrieve all the endpoints couples that are present in the
session.
>>> from netzob.all import *
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="C")
>>> session = Session([msg1, msg2, msg3])
>>> print(len(session.getEndpointsList()))
2
>>> print(session.getEndpointsList())
[('A', 'B'), ('A', 'C')]
:return: a list containing couple of endpoints (src, dst).
:rtype: a :class:`list`
"""
endpointsList = []
for message in list(self.messages.values()):
src = message.source
dst = message.destination
endpoints1 = (src, dst)
endpoints2 = (dst, src)
if (not endpoints1 in endpointsList) and (
not endpoints2 in endpointsList):
endpointsList.append(endpoints1)
return endpointsList
def getTrueSessions(self):
"""Retrieve the true sessions embedded in the current
session. A session is here characterized by a uniq endpoints
couple.
TODO: a more precise solution would be to use flow
reconstruction (as in TCP).
>>> from netzob.all import *
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="C")
>>> session = Session([msg1, msg2, msg3])
>>> print(len(session.getTrueSessions()))
2
>>> for trueSession in session.getTrueSessions():
... print(trueSession.name)
Session: 'A' - 'B'
Session: 'A' - 'C'
:return: a list containing true sessions embedded in the current session.
:rtype: a :class:`list`
"""
trueSessions = []
for endpoints in self.getEndpointsList():
trueSessionMessages = []
src = None
dst = None
for message in list(self.messages.values()):
if message.source in endpoints and message.destination in endpoints:
trueSessionMessages.append(message)
if src is None:
src = message.source
if dst is None:
dst = message.destination
trueSession = Session(
messages=trueSessionMessages,
applicativeData=self.applicativeData,
name="Session: '" + str(src) + "' - '" + str(dst) + "'")
trueSessions.append(trueSession)
return trueSessions
def isTrueSession(self):
"""Tell if the current session is true. A session is said to
be true if the communication flow pertain to a uniq
applicative session between a couple of endpoints.
>>> from netzob.all import *
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="B")
>>> session = Session([msg1, msg2, msg3])
>>> print(session.isTrueSession())
True
:return: a boolean telling if the current session is a true one (i.e. it corresponds to a uniq applicative session between two endpoints).
:rtype: a :class:`bool`
"""
if len(self.getTrueSessions()) == 1:
return True
else:
return False
@typeCheck(list)
def abstract(self, symbolList):
"""This method abstract each message of the current session
into symbols according to a list of symbols given as
parameter.
>>> from netzob.all import *
>>> symbolSYN = Symbol([Field(ASCII("SYN"))], name="Symbol_SYN")
>>> symbolSYNACK = Symbol([Field(ASCII("SYN/ACK"))], name="Symbol_SYNACK")
>>> symbolACK = Symbol([Field(ASCII("ACK"))], name="Symbol_ACK")
>>> symbolList = [symbolSYN, symbolSYNACK, symbolACK]
>>> msg1 = RawMessage("SYN", source="A", destination="B")
>>> msg2 = RawMessage("SYN/ACK", source="B", destination="A")
>>> msg3 = RawMessage("ACK", source="A", destination="B")
>>> session = Session([msg1, msg2, msg3])
>>> if session.isTrueSession():
... for src, dst, sym in session.abstract(symbolList):
... print(str(src) + " - " + str(dst) + " : " + str(sym.name))
A - B : Symbol_SYN
B - A : Symbol_SYNACK
A - B : Symbol_ACK
:return: a list of tuples containing the following elements : (source, destination, symbol).
:rtype: a :class:`list`
"""
abstractSession = []
if not self.isTrueSession():
self._logger.warn(
"The current session cannot be abstracted as it not a true session (i.e. it may contain inner true sessions)."
)
return abstractSession
for message in list(self.messages.values()):
(symbol, structured_message) = AbstractField.abstract(message.data, symbolList)
abstractSession.append((message.source, message.destination, symbol))
return abstractSession
class PCAPImporter(object):
"""PCAP importer to read pcaps and extract messages out of them.
We recommend to use static methods such as
- PCAPImporter.readFiles(...)
- PCAPimporter.readFile(...)
refer to their documentation to have an overview of the required parameters.
>>> from netzob.all import *
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap").values()
>>> print(len(messages))
14
>>> for m in messages:
... print(repr(m.data))
b'CMDidentify#\\x07\\x00\\x00\\x00Roberto'
b'RESidentify#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
b'CMDinfo#\\x00\\x00\\x00\\x00'
b'RESinfo#\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00info'
b'CMDstats#\\x00\\x00\\x00\\x00'
b'RESstats#\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00stats'
b'CMDauthentify#\\n\\x00\\x00\\x00aStrongPwd'
b'RESauthentify#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
b'CMDencrypt#\\x06\\x00\\x00\\x00abcdef'
b"RESencrypt#\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00$ !&'$"
b"CMDdecrypt#\\x06\\x00\\x00\\x00$ !&'$"
b'RESdecrypt#\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00abcdef'
b'CMDbye#\\x00\\x00\\x00\\x00'
b'RESbye#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=2).values()
>>> print(repr(messages[0].data))
b'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00E\\x00\\x003\\xdc\\x11@\\x00@\\x11`\\xa6\\x7f\\x00\\x00\\x01\\x7f\\x00\\x00\\x01\\xe1\\xe7\\x10\\x92\\x00\\x1f\\xfe2CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=3).values()
>>> print(repr(messages[0].data))
b'E\\x00\\x003\\xdc\\x11@\\x00@\\x11`\\xa6\\x7f\\x00\\x00\\x01\\x7f\\x00\\x00\\x01\\xe1\\xe7\\x10\\x92\\x00\\x1f\\xfe2CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=4).values()
>>> print(repr(messages[0].data))
b'\\xe1\\xe7\\x10\\x92\\x00\\x1f\\xfe2CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_udp.pcap", importLayer=5).values()
>>> print(repr(messages[0].data))
b'CMDidentify#\\x07\\x00\\x00\\x00Roberto'
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_http.pcap", importLayer=5, bpfFilter="tcp").values()
>>> print(repr(messages[0].data))
b'GET / HTTP/1.1\\r\\nHost: www.free.fr\\r\\nUser-Agent: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa(bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb)ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\\r\\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\nAccept-Language: en-US,en;q=0.5\\r\\nAccept-Encoding: gzip, deflate\\r\\nConnection: keep-alive\\r\\n\\r\\n'
Parameter `mergePacketsInFlow` can be use to merge consecutive messages that share the same source and destination (mimic a TCP flow). In practice, this parameter was introduced for L5 network messages to support TCP flows but it can be use for any level of network messages.
>>> from netzob.all import *
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_http_flow.pcap", mergePacketsInFlow=False).values()
>>> print(len(messages))
4
>>> print(len(messages[1].data))
1228
>>> messages = PCAPImporter.readFile("./test/resources/pcaps/test_import_http_flow.pcap", mergePacketsInFlow=True).values()
>>> print(len(messages))
2
>>> print(len(messages[1].data))
3224
"""
INVALID_BPF_FILTER = 0
INVALID_LAYER2 = 1
INVALID_LAYER3 = 2
INVALID_LAYER4 = 3
PROTOCOL201 = 201
# Supported datalinks (by pcapy)
SUPPORTED_DATALINKS = {
pcapy.DLT_ARCNET: "DLT_ARCNET",
pcapy.DLT_FDDI: "DLT_FDDI",
pcapy.DLT_LOOP: "DLT_LOOP",
pcapy.DLT_PPP_ETHER: "DLT_PPP_ETHER",
pcapy.DLT_ATM_RFC1483: "DLT_ATM_RFC1483",
pcapy.DLT_IEEE802: "DLT_IEEE802",
pcapy.DLT_LTALK: "DLT_LTALK",
pcapy.DLT_PPP_SERIAL: "DLT_PPP_SERIAL",
pcapy.DLT_C_HDLC: "DLT_C_HDLC",
pcapy.DLT_IEEE802_11: "IEEE802_11",
pcapy.DLT_NULL: "DLT_NULL",
pcapy.DLT_RAW: "DLT_RAW",
pcapy.DLT_EN10MB: "DLT_EN10MB",
pcapy.DLT_LINUX_SLL: "LINUX_SLL",
pcapy.DLT_PPP: "DLT_PPP",
pcapy.DLT_SLIP: "DLT_SLIP",
}
def __init__(self):
pass
@typeCheck(str, str, int)
def __readMessagesFromFile(self, filePath, bpfFilter, nbPackets):
"""Internal methods to read all messages from a given PCAP file."""
if (filePath is None):
raise TypeError("filePath cannot be None")
if (nbPackets < 0):
raise ValueError(
"A positive (or null) value is required for the number of packets to read."
)
# Check file can be opened (and read)
try:
fp = open(filePath, 'r')
fp.close()
except IOError as e:
if e.errno == errno.EACCES:
raise IOError(
"Error while trying to open the file {0}, more permissions are required to read it."
).format(filePath)
else:
raise e
# Check (and configure) the bpf filter
packetReader = pcapy.open_offline(filePath)
try:
packetReader.setfilter(bpfFilter)
except:
raise ValueError(
"The provided BPF filter is not valid (it should follow the BPF format)"
)
# Check the datalink
self.datalink = packetReader.datalink()
if self.datalink not in list(PCAPImporter.SUPPORTED_DATALINKS.keys()):
self._logger.debug("Unkown datalinks")
if self.importLayer > 1 and self.datalink != pcapy.DLT_EN10MB and self.datalink != pcapy.DLT_LINUX_SLL and self.datalink != PCAPImporter.PROTOCOL201:
errorMessage = _("This pcap cannot be imported since the " +
"layer 2 is not supported ({0})").format(
str(self.datalink))
raise NetzobImportException("PCAP", errorMessage,
self.INVALID_LAYER2)
else:
packetReader.loop(nbPackets, self.__packetHandler)
def __packetHandler(self, header, payload):
"""Internal callback executed on each packet when parsing the pcap"""
(secs, usecs) = header.getts()
epoch = secs + (usecs / 1000000.0)
if self.importLayer == 1 or self.importLayer == 2:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2 of a packet: {0}".
format(e))
return
if len(l2Payload) == 0:
return
# Build the L2NetworkMessage
l2Message = L2NetworkMessage(payload, epoch, l2Proto, l2SrcAddr,
l2DstAddr)
self.messages.add(l2Message)
elif self.importLayer == 3:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload,
ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2 and layer3 of a packet: {0}".
format(e))
return
if len(l3Payload) == 0:
return
# Build the L3NetworkMessage
l3Message = L3NetworkMessage(l2Payload, epoch, l2Proto, l2SrcAddr,
l2DstAddr, l3Proto, l3SrcAddr,
l3DstAddr)
self.messages.add(l3Message)
elif self.importLayer == 4:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload,
ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
(l4Proto, l4SrcPort, l4DstPort,
l4Payload) = self.__decodeLayer4(ipProtocolNum, l3Payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2, layer3 or layer4 of a packet: {0}".
format(e))
return
if len(l4Payload) == 0:
return
# Build the L4NetworkMessage
l4Message = L4NetworkMessage(
l3Payload, epoch, l2Proto, l2SrcAddr, l2DstAddr, l3Proto,
l3SrcAddr, l3DstAddr, l4Proto, l4SrcPort, l4DstPort)
self.messages.add(l4Message)
else:
try:
(l2Proto, l2SrcAddr, l2DstAddr, l2Payload,
etherType) = self.__decodeLayer2(header, payload)
(l3Proto, l3SrcAddr, l3DstAddr, l3Payload,
ipProtocolNum) = self.__decodeLayer3(etherType, l2Payload)
(l4Proto, l4SrcPort, l4DstPort,
l4Payload) = self.__decodeLayer4(ipProtocolNum, l3Payload)
except NetzobImportException as e:
self._logger.warn(
"An error occured while decoding layer2, layer3, layer4 or layer5 of a packet: {0}".
format(e))
return
if len(l4Payload) == 0:
return
l5Message = L4NetworkMessage(
l4Payload, epoch, l2Proto, l2SrcAddr, l2DstAddr, l3Proto,
l3SrcAddr, l3DstAddr, l4Proto, l4SrcPort, l4DstPort)
self.messages.add(l5Message)
def __decodeLayer2(self, header, payload):
"""Internal method that parses the specified header and extracts
layer2 related proprieties."""
def formatMacAddress(arrayMac):
return ":".join("{0:0>2}".format(hex(b)[2:])
for b in arrayMac.tolist())
if self.datalink == pcapy.DLT_EN10MB:
l2Decoder = Decoders.EthDecoder()
l2Proto = "Ethernet"
layer2 = l2Decoder.decode(payload)
l2SrcAddr = formatMacAddress(layer2.get_ether_shost())
l2DstAddr = formatMacAddress(layer2.get_ether_dhost())
l2Payload = payload[layer2.get_header_size():]
etherType = layer2.get_ether_type()
elif self.datalink == pcapy.DLT_LINUX_SLL:
l2Decoder = Decoders.LinuxSLLDecoder()
l2Proto = "Linux SLL"
layer2 = l2Decoder.decode(payload)
l2SrcAddr = layer2.get_addr()
l2DstAddr = None
l2Payload = payload[layer2.get_header_size():]
etherType = layer2.get_ether_type()
elif self.datalink == PCAPImporter.PROTOCOL201:
l2Proto = "Protocol 201"
hdr = payload.encode('hex')[0:8]
if hdr[6:] == "01":
l2SrcAddr = "Received"
else:
l2SrcAddr = "Sent"
l2DstAddr = None
l2Payload = payload[8:]
etherType = payload[4:6]
return (l2Proto, l2SrcAddr, l2DstAddr, l2Payload, etherType)
def __decodeLayer3(self, etherType, l2Payload):
"""Internal method that parses the specified header and extracts
layer3 related proprieties."""
if etherType == Packets.IP.ethertype:
l3Proto = "IP"
l3Decoder = Decoders.IPDecoder()
layer3 = l3Decoder.decode(l2Payload)
paddingSize = len(l2Payload) - layer3.get_ip_len()
l3SrcAddr = layer3.get_ip_src()
l3DstAddr = layer3.get_ip_dst()
l3Payload = l2Payload[layer3.get_header_size():]
if paddingSize > 0 and len(l3Payload) > paddingSize:
l3Payload = l3Payload[:len(l3Payload) - paddingSize]
ipProtocolNum = layer3.get_ip_p()
return (l3Proto, l3SrcAddr, l3DstAddr, l3Payload, ipProtocolNum)
else:
warnMessage = _("Cannot import one of the provided packets since "
+ "its layer 3 is unsupported (Only IP is " +
"currently supported, packet ethernet " +
"type = {0})").format(etherType)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage,
self.INVALID_LAYER3)
def __decodeLayer4(self, ipProtocolNum, l3Payload):
"""Internal method that parses the specified header and extracts
layer4 related proprieties."""
if ipProtocolNum == Packets.UDP.protocol:
l4Proto = "UDP"
l4Decoder = Decoders.UDPDecoder()
layer4 = l4Decoder.decode(l3Payload)
l4SrcPort = layer4.get_uh_sport()
l4DstPort = layer4.get_uh_dport()
l4Payload = layer4.get_data_as_string()
return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
elif ipProtocolNum == Packets.TCP.protocol:
l4Proto = "TCP"
l4Decoder = Decoders.TCPDecoder()
layer4 = l4Decoder.decode(l3Payload)
l4SrcPort = layer4.get_th_sport()
l4DstPort = layer4.get_th_dport()
l4Payload = layer4.get_data_as_string()
return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
else:
warnMessage = _("Cannot import one of the provided packets since "
+ "its layer 4 is unsupported (Only UDP and TCP " +
"are currently supported, packet IP protocol " +
"number = {0})").format(ipProtocolNum)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage,
self.INVALID_LAYER4)
@typeCheck(list, str, int, int, bool)
def readMessages(self,
filePathList,
bpfFilter="",
importLayer=5,
nbPackets=0,
mergePacketsInFlow=False,
):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).
Finally, the number of packets to capture can be specified.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the " +
"file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("PCAP", "\n".join(errorMessageList))
# Verify the expected import layer
availableLayers = [1, 2, 3, 4, 5]
if not importLayer in availableLayers:
raise Exception(
"Only layers level {0} are available.".format(availableLayers))
self.importLayer = importLayer
# Call the method that does the import job for each PCAP file
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, bpfFilter, nbPackets)
# if requested, we merge consecutive messages that share same source and destination
if mergePacketsInFlow:
mergedMessages = SortedTypedList(AbstractMessage)
previousMessage = None
for message in self.messages.values():
if previousMessage is not None and message.source == previousMessage.source and message.destination == previousMessage.destination:
previousMessage.data += message.data
else:
mergedMessages.add(message)
previousMessage = message
self.messages = mergedMessages
return self.messages
@staticmethod
@typeCheck(list, str, int, int, bool)
def readFiles(filePathList, bpfFilter="", importLayer=5, nbPackets=0, mergePacketsInFlow=False):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload)
The number of packets to capture can be specified.
:param filePathList: a list of pcap files to read
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
importer = PCAPImporter()
return importer.readMessages(filePathList,bpfFilter, importLayer, nbPackets, mergePacketsInFlow)
@staticmethod
@typeCheck(str, str, int, int, bool)
def readFile(filePath, bpfFilter="", importLayer=5, nbPackets=0, mergePacketsInFlow=False):
"""Read all messages from the specified PCAP file. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload) and merge consecutive messages with same source and destination.
Finally, the number of packets to capture can be specified.
:param filePath: the pcap path
:type filePath: :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
importer = PCAPImporter()
return importer.readFiles([filePath], bpfFilter, importLayer,
nbPackets, mergePacketsInFlow)
@staticmethod
@typeCheck(L2NetworkMessage)
def getMessageDetails(message):
"""Decode a raw network message and print the content of each
encapsulated layer.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
"""
decoder = Decoders.EthDecoder()
return decoder.decode(
TypeConverter.convert(message.data, HexaString, Raw))
def readMessages(self,
filePathList,
bpfFilter="",
importLayer=5,
nbPackets=0,
mergePacketsInFlow=False,
):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).
Finally, the number of packets to capture can be specified.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the " +
"file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("PCAP", "\n".join(errorMessageList))
# Verify the expected import layer
availableLayers = [1, 2, 3, 4, 5]
if not importLayer in availableLayers:
raise Exception(
"Only layers level {0} are available.".format(availableLayers))
self.importLayer = importLayer
# Call the method that does the import job for each PCAP file
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, bpfFilter, nbPackets)
# if requested, we merge consecutive messages that share same source and destination
if mergePacketsInFlow:
mergedMessages = SortedTypedList(AbstractMessage)
previousMessage = None
for message in self.messages.values():
if previousMessage is not None and message.source == previousMessage.source and message.destination == previousMessage.destination:
previousMessage.data += message.data
else:
mergedMessages.add(message)
previousMessage = message
self.messages = mergedMessages
return self.messages
class AbstractField(AbstractMementoCreator):
"""Represents all the different classes which participates in fields definitions of a message format."""
__metaclass__ = abc.ABCMeta
def __init__(self, name=None, layer=False):
self.id = uuid.uuid4()
self.name = name
self.layer = layer
self.description = ""
self.__fields = TypedList(AbstractField)
self.__parent = None
self.__encodingFunctions = SortedTypedList(EncodingFunction)
self.__visualizationFunctions = TypedList(VisualizationFunction)
self.__transformationFunctions = TypedList(TransformationFunction)
self._variable = None
@typeCheck(bool, bool, bool)
def getCells(self, encoded=True, styled=True, transposed=False):
"""Returns a matrix with a different line for each messages attached to the symbol of the current element.
The matrix includes a different column for each leaf children of the current element.
In each cell, the slices of messages once aligned.
Attached :class:`EncodingFunction` can also be considered if parameter encoded is set to True.
In addition, visualizationFunctions are also applied if parameter styled is set to True.
If parameter Transposed is set to True, the matrix is built with rows for fields and columns for messages.
>>> from netzob.all import *
>>> messages = [RawMessage("hello {0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby', 'lapy'] for city in ['Paris', 'Berlin', 'New-York']]
>>> fh1 = Field(ASCII("hello "), name="hello")
>>> fh2 = Field(Alt([ASCII("netzob"), ASCII("zoby"), ASCII("lapy"), ASCII("sygus")]), name="pseudo")
>>> fheader = Field(name="header")
>>> fheader.fields = [fh1, fh2]
>>> fb1 = Field(", what's up in ", name="whatsup")
>>> fb2 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> fb3 = Field(" ?", name="end")
>>> fbody = Field(name="body")
>>> fbody.fields = [fb1, fb2, fb3]
>>> symbol = Symbol([fheader, fbody], messages=messages)
>>> print symbol
'hello ' | 'netzob' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'New-York' | ' ?'
>>> fh1.addEncodingFunction(TypeEncodingFunction(HexaString))
>>> fb2.addEncodingFunction(TypeEncodingFunction(HexaString))
>>> print symbol
'68656c6c6f20' | 'netzob' | ", what's up in " | '5061726973' | ' ?'
'68656c6c6f20' | 'netzob' | ", what's up in " | '4265726c696e' | ' ?'
'68656c6c6f20' | 'netzob' | ", what's up in " | '4e65772d596f726b' | ' ?'
'68656c6c6f20' | 'zoby' | ", what's up in " | '5061726973' | ' ?'
'68656c6c6f20' | 'zoby' | ", what's up in " | '4265726c696e' | ' ?'
'68656c6c6f20' | 'zoby' | ", what's up in " | '4e65772d596f726b' | ' ?'
'68656c6c6f20' | 'lapy' | ", what's up in " | '5061726973' | ' ?'
'68656c6c6f20' | 'lapy' | ", what's up in " | '4265726c696e' | ' ?'
'68656c6c6f20' | 'lapy' | ", what's up in " | '4e65772d596f726b' | ' ?'
>>> print fheader.getCells()
'68656c6c6f20' | 'netzob'
'68656c6c6f20' | 'netzob'
'68656c6c6f20' | 'netzob'
'68656c6c6f20' | 'zoby'
'68656c6c6f20' | 'zoby'
'68656c6c6f20' | 'zoby'
'68656c6c6f20' | 'lapy'
'68656c6c6f20' | 'lapy'
'68656c6c6f20' | 'lapy'
>>> print fh1.getCells()
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
'68656c6c6f20'
>>> print fh2.getCells()
'netzob'
'netzob'
'netzob'
'zoby'
'zoby'
'zoby'
'lapy'
'lapy'
'lapy'
>>> print fbody.getCells()
", what's up in " | '5061726973' | ' ?'
", what's up in " | '4265726c696e' | ' ?'
", what's up in " | '4e65772d596f726b' | ' ?'
", what's up in " | '5061726973' | ' ?'
", what's up in " | '4265726c696e' | ' ?'
", what's up in " | '4e65772d596f726b' | ' ?'
", what's up in " | '5061726973' | ' ?'
", what's up in " | '4265726c696e' | ' ?'
", what's up in " | '4e65772d596f726b' | ' ?'
>>> print fb1.getCells()
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
", what's up in "
>>> print fb2.getCells()
'5061726973'
'4265726c696e'
'4e65772d596f726b'
'5061726973'
'4265726c696e'
'4e65772d596f726b'
'5061726973'
'4265726c696e'
'4e65772d596f726b'
>>> print fb3.getCells()
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
' ?'
:keyword encoded: if set to True, encoding functions are applied on returned cells
:type encoded: :class:`bool`
:keyword styled: if set to True, visualization functions are applied on returned cells
:type styled: :class:`bool`
:keyword transposed: is set to True, the returned matrix is transposed (1 line for each field)
:type transposed: :class:`bool`
:return: a matrix representing the aligned messages following fields definitions.
:rtype: a :class:`netzob.Common.Utils.MatrixList.MatrixList`
:raises: :class:`netzob.Common.Models.Vocabulary.AbstractField.AlignmentException` if an error occurs while aligning messages
"""
if len(self.messages) < 1:
raise ValueError("This symbol does not contain any message.")
# Fetch all the data to align
data = [message.data for message in self.messages]
# [DEBUG] set to false for debug only. A sequential alignment is more simple to debug
useParallelAlignment = True
if useParallelAlignment:
# Execute a parallel alignment
from netzob.Common.Utils.DataAlignment.ParallelDataAlignment import ParallelDataAlignment
return ParallelDataAlignment.align(data, self, encoded=encoded)
else:
# Execute a sequential alignment
from netzob.Common.Utils.DataAlignment.DataAlignment import DataAlignment
return DataAlignment.align(data, self, encoded=encoded)
@typeCheck(bool, bool)
def getValues(self, encoded=True, styled=True):
"""Returns all the values the current element can take following messages attached to the symbol of current element.
Specific encodingFunctions can also be considered if parameter encoded is set to True.
In addition, visualizationFunctions are also applied if parameter styled is set to True.
>>> from netzob.all import *
>>> messages = [RawMessage("hello {0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby', 'lapy'] for city in ['Paris', 'Berlin', 'New-York']]
>>> f1 = Field("hello ", name="hello")
>>> f2 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
>>> f3 = Field(", what's up in ", name="whatsup")
>>> f4 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> f5 = Field(" ?", name="end")
>>> symbol = Symbol([f1, f2, f3, f4, f5], messages=messages)
>>> print symbol
'hello ' | 'netzob' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'netzob' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'zoby' | ", what's up in " | 'New-York' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Paris' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'Berlin' | ' ?'
'hello ' | 'lapy' | ", what's up in " | 'New-York' | ' ?'
>>> symbol.addEncodingFunction(TypeEncodingFunction(HexaString))
>>> print symbol
'68656c6c6f20' | '6e65747a6f62' | '2c2077686174277320757020696e20' | '5061726973' | '203f'
'68656c6c6f20' | '6e65747a6f62' | '2c2077686174277320757020696e20' | '4265726c696e' | '203f'
'68656c6c6f20' | '6e65747a6f62' | '2c2077686174277320757020696e20' | '4e65772d596f726b' | '203f'
'68656c6c6f20' | '7a6f6279' | '2c2077686174277320757020696e20' | '5061726973' | '203f'
'68656c6c6f20' | '7a6f6279' | '2c2077686174277320757020696e20' | '4265726c696e' | '203f'
'68656c6c6f20' | '7a6f6279' | '2c2077686174277320757020696e20' | '4e65772d596f726b' | '203f'
'68656c6c6f20' | '6c617079' | '2c2077686174277320757020696e20' | '5061726973' | '203f'
'68656c6c6f20' | '6c617079' | '2c2077686174277320757020696e20' | '4265726c696e' | '203f'
'68656c6c6f20' | '6c617079' | '2c2077686174277320757020696e20' | '4e65772d596f726b' | '203f'
>>> print symbol.getValues()
['68656c6c6f206e65747a6f622c2077686174277320757020696e205061726973203f', '68656c6c6f206e65747a6f622c2077686174277320757020696e204265726c696e203f', '68656c6c6f206e65747a6f622c2077686174277320757020696e204e65772d596f726b203f', '68656c6c6f207a6f62792c2077686174277320757020696e205061726973203f', '68656c6c6f207a6f62792c2077686174277320757020696e204265726c696e203f', '68656c6c6f207a6f62792c2077686174277320757020696e204e65772d596f726b203f', '68656c6c6f206c6170792c2077686174277320757020696e205061726973203f', '68656c6c6f206c6170792c2077686174277320757020696e204265726c696e203f', '68656c6c6f206c6170792c2077686174277320757020696e204e65772d596f726b203f']
>>> print f1.getValues()
['68656c6c6f20', '68656c6c6f20', '68656c6c6f20', '68656c6c6f20', '68656c6c6f20', '68656c6c6f20', '68656c6c6f20', '68656c6c6f20', '68656c6c6f20']
>>> print f2.getValues()
['6e65747a6f62', '6e65747a6f62', '6e65747a6f62', '7a6f6279', '7a6f6279', '7a6f6279', '6c617079', '6c617079', '6c617079']
>>> print f3.getValues()
['2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20', '2c2077686174277320757020696e20']
>>> print f4.getValues()
['5061726973', '4265726c696e', '4e65772d596f726b', '5061726973', '4265726c696e', '4e65772d596f726b', '5061726973', '4265726c696e', '4e65772d596f726b']
>>> print f5.getValues()
['203f', '203f', '203f', '203f', '203f', '203f', '203f', '203f', '203f']
:keyword encoded: if set to True, encoding functions are applied on returned cells
:type encoded: :class:`bool`
:keyword styled: if set to True, visualization functions are applied on returned cells
:type styled: :class:`bool`
:return: a list detailling all the values current element takes.
:rtype: a :class:`list` of :class:`str`
:raises: :class:`netzob.Common.Models.Vocabulary.AbstractField.AlignmentException` if an error occurs while aligning messages
"""
cells = self.getCells(encoded=encoded, styled=styled)
values = []
for line in cells:
values.append(''.join(line))
return values
@typeCheck(bool, bool)
def getMessageCells(self, encoded=False, styled=False):
"""Computes and returns the alignment of each message belonging to
the current field as proposed by getCells() method but indexed
per message.
>>> from netzob.all import *
>>> messages = [RawMessage("{0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby'] for city in ['Paris', 'Berlin']]
>>> f1 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
>>> f2 = Field(", what's up in ", name="whatsup")
>>> f3 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> f4 = Field(" ?", name="end")
>>> symbol = Symbol([f1, f2, f3, f4], messages=messages)
>>> print symbol
'netzob' | ", what's up in " | 'Paris' | ' ?'
'netzob' | ", what's up in " | 'Berlin' | ' ?'
'zoby' | ", what's up in " | 'Paris' | ' ?'
'zoby' | ", what's up in " | 'Berlin' | ' ?'
>>> messageCells = symbol.getMessageCells()
>>> for message in symbol.messages:
... print message.data, messageCells[message]
netzob, what's up in Paris ? ['netzob', ", what's up in ", 'Paris', ' ?']
netzob, what's up in Berlin ? ['netzob', ", what's up in ", 'Berlin', ' ?']
zoby, what's up in Paris ? ['zoby', ", what's up in ", 'Paris', ' ?']
zoby, what's up in Berlin ? ['zoby', ", what's up in ", 'Berlin', ' ?']
:keyword encoded: if set to true, values are encoded
:type encoded: :class:`bool`
:keyword styled: if set to true, values are styled
:type styled: :class:`bool`
:return: a dict indexed by messages that denotes their cells
:rtype: a :class:`dict`
"""
if encoded is None:
raise TypeError("Encoded cannot be None")
if styled is None:
raise TypeError("Styled cannot be None")
result = OrderedDict()
fieldCells = self.getCells(encoded=encoded, styled=styled)
for iMessage, message in enumerate(self.messages):
result[message] = fieldCells[iMessage]
return result
@typeCheck(bool, bool)
def getMessageValues(self, encoded=False, styled=False):
"""Computes and returns the alignment of each message belonging to
the current field as proposed by getValues() method but indexed
per message.
>>> from netzob.all import *
>>> messages = [RawMessage("{0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby'] for city in ['Paris', 'Berlin']]
>>> f1 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
>>> f2 = Field(", what's up in ", name="whatsup")
>>> f3 = Field(["Paris", "Berlin", "New-York"], name="city")
>>> f4 = Field(" ?", name="end")
>>> symbol = Symbol([f1, f2, f3, f4], messages=messages)
>>> print symbol
'netzob' | ", what's up in " | 'Paris' | ' ?'
'netzob' | ", what's up in " | 'Berlin' | ' ?'
'zoby' | ", what's up in " | 'Paris' | ' ?'
'zoby' | ", what's up in " | 'Berlin' | ' ?'
>>> messageValues = f3.getMessageValues()
>>> for message in symbol.messages:
... print message.data, messageValues[message]
netzob, what's up in Paris ? Paris
netzob, what's up in Berlin ? Berlin
zoby, what's up in Paris ? Paris
zoby, what's up in Berlin ? Berlin
:keyword encoded: if set to true, values are encoded
:type encoded: :class:`bool`
:keyword styled: if set to true, values are styled
:type styled: :class:`bool`
:return: a dict indexed by messages that denotes their values
:rtype: a :class:`dict`
"""
if encoded is None:
raise TypeError("Encoded cannot be None")
if styled is None:
raise TypeError("Styled cannot be None")
result = OrderedDict()
fieldValues = self.getValues(encoded=encoded, styled=styled)
for iMessage, message in enumerate(self.messages):
result[message] = fieldValues[iMessage]
return result
# def getMessagesWithValue(self, value):
# """Computes and returns the messages that have a specified value
# in the current field.
# >>> from netzob.all import *
# >>> messages = [RawMessage("hello {0}, what's up in {1} ?".format(pseudo, city)) for pseudo in ['netzob', 'zoby', 'lapy'] for city in ['Paris', 'Berlin', 'New-York']]
# >>> f1 = Field("hello ", name="hello")
# >>> f2 = Field(["netzob", "zoby", "lapy", "sygus"], name="pseudo")
# >>> f3 = Field(", what's up in ", name="whatsup")
# >>> f4 = Field(["Paris", "Berlin", "New-York"], name="city")
# >>> f5 = Field(" ?", name="end")
# >>> symbol = Symbol([f1, f2, f3, f4, f5], messages=messages)
# >>> print symbol.specialize()
# >>> print symbol
# hello | netzob | , what's up in | Paris | ?
# hello | netzob | , what's up in | Berlin | ?
# hello | netzob | , what's up in | New-York | ?
# hello | zoby | , what's up in | Paris | ?
# hello | zoby | , what's up in | Berlin | ?
# hello | zoby | , what's up in | New-York | ?
# hello | lapy | , what's up in | Paris | ?
# hello | lapy | , what's up in | Berlin | ?
# hello | lapy | , what's up in | New-York | ?
# >>> lapySymbol = Symbol(messages=symbol.fields[1].getMessagesWithValue("lapy"))
# >>> print lapySymbol
# hello lapy, what's up in Paris ?
# hello lapy, what's up in Berlin ?
# hello lapy, what's up in New-York ?
# >>> Format.splitStatic(lapySymbol)
# >>> lapySymbol.encodingFunctions.add(TypeEncodingFunction(HexaString))
# >>> print lapySymbol
# 68656c6c6f206c6170792c2077686174277320757020696e20 | 5061726973203f
# 68656c6c6f206c6170792c2077686174277320757020696e20 | 4265726c696e203f
# 68656c6c6f206c6170792c2077686174277320757020696e20 | 4e65772d596f726b203f
# :parameter value: a Raw value
# :type value: :class:`object`
# :return: a list of messages
# :rtype: a list of :class:`netzob.Common.Models.Vocabulary.Messages.AbstractMessage.AbstractMessage`
# """
# if value is None:
# raise TypeError("Value cannot be None")
# fieldValues = self.getValues(encoded=False, styled=False)
# result = []
# for i_message, message in enumerate(self.messages):
# if fieldValues[i_message] == value:
# result.append(message)
# return result
@abc.abstractmethod
def specialize(self, mutator=None):
"""Specialize and generate a :class:`netzob.Common.Models.Vocabulary.Messages.RawMessage` which content
follows the fields definitions attached to current element.
:keyword mutator: if set, the mutator will be used to mutate the fields definitions
:type mutator: :class:`netzob.Common.Models.Mutators.AbstractMutator`
:return: a generated content represented with an hexastring
:rtype: :class:`str`
:raises: :class:`netzob.Common.Models.Vocabulary.AbstractField.GenerationException` if an error occurs while generating a message
"""
return
@staticmethod
def abstract(data, fields):
"""Search in the fields/symbols the first one that can abstract the data.
>>> from netzob.all import *
>>> messages = ["{0}, what's up in {1} ?".format(pseudo, city) for pseudo in ['netzob', 'zoby'] for city in ['Paris', 'Berlin']]
>>> f1a = Field("netzob")
>>> f2a = Field(", what's up in ")
>>> f3a = Field(Alt(["Paris", "Berlin"]))
>>> f4a = Field(" ?")
>>> s1 = Symbol([f1a, f2a, f3a, f4a], name="Symbol-netzob")
>>> f1b = Field("zoby")
>>> f2b = Field(", what's up in ")
>>> f3b = Field(Alt(["Paris", "Berlin"]))
>>> f4b = Field(" ?")
>>> s2 = Symbol([f1b, f2b, f3b, f4b], name="Symbol-zoby")
>>> for m in messages:
... abstractedSymbol = AbstractField.abstract(m, [s1, s2])
... print abstractedSymbol.name
Symbol-netzob
Symbol-netzob
Symbol-zoby
Symbol-zoby
:parameter data: the data that should be abstracted in symbol
:type data: :class:`str`
:parameter fields: a list of fields/symbols targeted during the abstraction process
:type fields: :class:`list` of :class:`netzob.Common.Models.Vocabulary.AbstractField`
:return: a field/symbol
:rtype: :class:`netzob.Common.Models.Vocabulary.AbstractField`
:raises: :class:`netzob.Common.Models.Vocabulary.AbstractField.AbstractionException` if an error occurs while abstracting the data
"""
from netzob.Common.Utils.DataAlignment.DataAlignment import DataAlignment
for field in fields:
try:
DataAlignment.align([data], field, encoded=False)
return field
except:
pass
logging.error("Impossible to abstract the message in one of the specified symbols, we create an unknown symbol for it.")
from netzob.Common.Models.Vocabulary.UnknownSymbol import UnknownSymbol
from netzob.Common.Models.Vocabulary.Messages.RawMessage import RawMessage
return UnknownSymbol(RawMessage(data))
def getSymbol(self):
"""Computes the symbol to which this field is attached.
To retrieve it, this method recursively call the parent of the current object until the root is found.
If the last root is not a :class:`netzob.Common.Models.Vocabulary.Symbol`, it raises an Exception.
:returns: the symbol if available
:type: :class:`netzob.Common.Models.Vocabulary.Symbol`
:raises: :class:`netzob.Common.Models.Vocabulary.AbstractField.NoSymbolException`
"""
from netzob.Common.Models.Vocabulary.Symbol import Symbol
if isinstance(self, Symbol):
return self
elif self.hasParent():
return self.parent.getSymbol()
else:
raise NoSymbolException("Impossible to retrieve the symbol attached to this element")
def _getLeafFields(self, depth=None, currentDepth=0):
"""Extract the leaf fields to consider regarding the specified depth
>>> from netzob.all import *
>>> field = Field("hello", name="F0")
>>> print [f.name for f in field._getLeafFields()]
['F0']
>>> field = Field(name="L0")
>>> headerField = Field(name="L0_header")
>>> payloadField = Field(name="L0_payload")
>>> footerField = Field(name="L0_footer")
>>> fieldL1 = Field(name="L1")
>>> fieldL1_header = Field(name="L1_header")
>>> fieldL1_payload = Field(name="L1_payload")
>>> fieldL1.fields = [fieldL1_header, fieldL1_payload]
>>> payloadField.fields = [fieldL1]
>>> field.fields = [headerField, payloadField, footerField]
>>> print [f.name for f in field._getLeafFields(depth=None)]
['L0_header', 'L1_header', 'L1_payload', 'L0_footer']
>>> print [f.name for f in field._getLeafFields(depth=0)]
['L0']
>>> print [f.name for f in field._getLeafFields(depth=1)]
['L0_header', 'L0_payload', 'L0_footer']
>>> print [f.name for f in field._getLeafFields(depth=2)]
['L0_header', 'L1', 'L0_footer']
:return: the list of leaf fields
:rtype: :class:`list` of :class:`netzob.Common.Models.Vocabulary.AbstractField.AbstractField`.
"""
if currentDepth is None:
currentDepth = 0
if len(self.fields) == 0:
return [self]
if currentDepth == depth:
return [self]
leafFields = []
for fields in self.fields:
if fields is not None:
leafFields.extend(fields._getLeafFields(depth, currentDepth + 1))
return leafFields
def hasParent(self):
"""Computes if the current element has a parent.
:returns: True if current element has a parent.
:rtype: :class:`bool`
"""
return self.__parent is not None
def clearFields(self):
"""Remove all the children attached to the current element"""
while(len(self.__fields) > 0):
self.__fields.pop()
def clearEncodingFunctions(self):
"""Remove all the encoding functions attached to the current element"""
self.__encodingFunctions.clear()
for child in self.fields:
child.clearEncodingFunctions()
def clearVisualizationFunctions(self):
"""Remove all the visualization functions attached to the current element"""
while(len(self.__visualizationFunctions) > 0):
self.__visualizationFunctions.pop()
def clearTransformationFunctions(self):
"""Remove all the transformation functions attached to the current element"""
while(len(self.__transformationFunctions) > 0):
self.__transformationFunctions.pop()
# Standard methods
def __str__(self):
return str(self.getCells(encoded=True))
@typeCheck(int)
def _str_debug(self, deepness=0):
"""Returns a string which denotes
the current field definition using a tree display"""
tab = ["|-- " for x in xrange(deepness)]
tab.append(str(self.name))
lines = [''.join(tab)]
from netzob.Common.Models.Vocabulary.Field import Field
if isinstance(self, Field):
lines.append(self.domain._str_debug(deepness + 1))
for f in self.fields:
lines.append(f._str_debug(deepness + 1))
return '\n'.join(lines)
# PROPERTIES
@property
def id(self):
"""Unique identifier of the field.
This value must be a unique UUID instance (generated with uuid.uuid4()).
:type: :class:`uuid.UUID`
:raises: :class:`TypeError`, :class:`ValueError`
"""
return self.__id
@id.setter
@typeCheck(uuid.UUID)
def id(self, id):
if id is None:
raise ValueError("id is Mandatory.")
self.__id = id
@property
def name(self):
"""Public name (may not be unique), default value is None
:type: :class:`str`
:raises: :class:`TypeError`
"""
return self.__name
@name.setter
@typeCheck(str)
def name(self, name):
self.__name = name
@property
def layer(self):
"""Flag describing if element is a layer.
:type: :class:`bool`
:raises: :class:`TypeError`
"""
return self.__layer
@layer.setter
@typeCheck(bool)
def layer(self, layer):
if layer is None:
layer = False
self.__layer = layer
@property
def description(self):
"""User description of the field. Default value is ''.
:type: :class:`str`
:raises: :class:`TypeError`
"""
return self.__description
@description.setter
@typeCheck(str)
def description(self, description):
self.__description = description
@property
def encodingFunctions(self):
"""Sorted typed list of encoding function to attach on field.
.. note:: list implemented as a :class:`netzob.Common.Utils.TypedList.TypedList`
:type: a list of :class:`netzob.Common.Models.Vocabulary.Functions.EncodingFunction`
:raises: :class:`TypeError`
.. warning:: Setting this value with a list copies its members and not the list itself.
"""
return self.__encodingFunctions
@encodingFunctions.setter
def encodingFunctions(self, encodingFunctions):
self.clearEncodingFunctions()
for encodingFunction in encodingFunctions:
self.addEncodingFunction(encodingFunction)
def addEncodingFunction(self, encodingFunction):
self.encodingFunctions.add(encodingFunction)
for child in self.fields:
child.addEncodingFunction(encodingFunction)
@property
def visualizationFunctions(self):
"""Sorted list of visualization function to attach on field.
:type: a list of :class:`netzob.Common.Models.Vocabulary.Functions.VisualizationFunction`
:raises: :class:`TypeError`
.. warning:: Setting this value with a list copies its members and not the list itself.
"""
return self.__visualizationFunctions
@visualizationFunctions.setter
def visualizationFunctions(self, visualizationFunctions):
self.clearVisualizationFunctions()
self.visualizationFunctions.extend(visualizationFunctions)
@property
def transformationFunctions(self):
"""Sorted list of transformation function to attach on field.
:type: a list of :class:`netzob.Common.Models.Vocabulary.Functions.TransformationFunction`
:raises: :class:`TypeError`
.. warning:: Setting this value with a list copies its members and not the list itself.
"""
return self.__transformationFunctions
@transformationFunctions.setter
def transformationFunctions(self, transformationFunctions):
self.clearTransformationFunctions()
self.transformationFunctions.extend(transformationFunctions)
@property
def fields(self):
"""Sorted list of field fields."""
return self.__fields
@fields.setter
def fields(self, fields):
from netzob.Common.Models.Vocabulary.Field import Field
# First it checks the specified children are abstractfiled
if fields is not None:
for c in fields:
if not isinstance(c, Field):
raise TypeError("Cannot edit the fields because at least one specified element is not an AbstractField its a {0}.".format(type(c)))
self.clearFields()
if fields is not None:
for c in fields:
c.parent = self
self.__fields.append(c)
@property
def parent(self):
"""The parent of this current element.
If current element has no parent, its value is **None**.
:type: a :class:`netzob.Common.Models.Vocabulary.AbstractField.AbstractField`
:raises: :class:`TypeError`
"""
return self.__parent
@parent.setter
def parent(self, parent):
if not isinstance(parent, AbstractField):
raise TypeError("Specified parent must be an AbstractField and not an {0}".format(type(parent)))
self.__parent = parent
def storeInMemento(self):
pass
def restoreFromMemento(self, memento):
pass
class FileImporter(object):
"""An Importer than can extracts messages out of files.
We recommend to use static methods such as
- FileImporter.readFiles(...)
- Fileimporter.readFile(...)
refer to their documentation to have an overview of the required parameters.
>>> from netzob.all import *
>>> messages = FileImporter.readFile("./test/resources/files/test_import_text_message.txt").values()
>>> print(len(messages))
13
>>> for m in messages:
... print(repr(m.data))
b'The life that I have'
b'Is all that I have'
b'And the life that I have'
b'Is yours.'
b'The love that I have'
b'Of the life that I have'
b'Is yours and yours and yours.'
b'A sleep I shall have'
b'A rest I shall have'
b'Yet death will be but a pause.'
b'For the peace of my years'
b'In the long green grass'
b'Will be yours and yours and yours.'
>>> from netzob.all import *
>>> file1 = "./test/resources/files/test_import_raw_message1.dat"
>>> file2 = "./test/resources/files/test_import_raw_message2.dat"
>>> messages = FileImporter.readFiles([file1, file2], delimitor=b"\\x00\\x00").values()
>>> print(len(messages))
802
>>> print(messages[10].data)
b'\\xbdq75\\x18'
>>> print(messages[797].data)
b'\\xfcJ\\xd1\\xbf\\xff\\xd90\\x98m\\xeb'
>>> print(messages[797].file_path)
./test/resources/files/test_import_raw_message2.dat
>>> print(messages[707].file_message_number)
353
"""
def __init__(self):
pass
@typeCheck(list, bytes)
def readMessages(self, filePathList, delimitor=b"\n"):
"""Read all the messages found in the specified filePathList and given a delimitor.
:param filePathList: paths of the file to parse
:type filePathList: a list of :class:`str`
:param delimitor: the delimitor used to find messages in the same file
:type delimitor: :class:`str`
:return: a sorted list of messages
:rtype: a :class:`netzob.Common.Utils.SortedTypedList.SortedTypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the " +
"file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("File", "\n".join(errorMessageList))
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, delimitor)
return self.messages
@typeCheck(str, bytes)
def __readMessagesFromFile(self, filePath, delimitor=b'\n'):
if filePath is None or len(str(filePath).strip()) == 0:
raise TypeError("Filepath cannot be None or empty")
if delimitor is None or len(str(delimitor)) == 0:
raise TypeError("Delimitor cannot be None or empty")
file_content = None
with open(filePath, 'rb') as fd:
file_content = fd.read()
if file_content is None:
raise Exception("No content found in '{}'".format(filePath))
for i_data, data in enumerate(file_content.split(delimitor)):
if len(data) > 0:
self.messages.add(FileMessage(data, file_path = filePath, file_message_number = i_data))
@staticmethod
@typeCheck(list, bytes)
def readFiles(filePathList, delimitor=b'\n'):
"""Read all messages from a list of files. A delimitor must be specified to delimit messages.
:param filePathList: a list of files to read
:type filePathList: a list of :class:`str`
:param delimitor: the delimitor.
:type delimitor: :class:`str`
:return: a list of captured messages
:rtype: a :class:`netzob.Common.Utils.SortedTypedList.SortedTypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
importer = FileImporter()
return importer.readMessages(filePathList, delimitor = delimitor)
@staticmethod
@typeCheck(str, bytes)
def readFile(filePath, delimitor=b'\n'):
"""Read all messages from the specified file.
Messages are found based on the specified delimitor.
:param filePath: the pcap path
:type filePath: :class:`str`
:param delimitor: the delimitor used to find messages in the specified file
:type delimitor: :class:`str`
:return: a list of captured messages
:rtype: a :class:`netzob.Common.Utils.SortedTypedList.SortedTypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
importer = FileImporter()
return importer.readFiles([filePath], delimitor = delimitor)
