Esempio n. 1
1
def main(args, pcap_file):
    CTCore.pcap_file = pcap_file[0]
    print("[A] Analyzing PCAP: " + CTCore.pcap_file)

    CTCore.b_use_short_uri = args.short_url # Display short URI paths
    CTCore.b_auto_ungzip = args.ungzip

    if(args.report is not None):
        CTCore.b_auto_ungzip = True

    parse_pcap.run(CTCore.pcap_file)

    if not CTCore.conversations:
        sys.exit("No HTTP conversations were found in PCAP file")

    print(CTCore.newLine + "[+] Traffic Activity Time: "),
    try:
        print(CTCore.activity_date_time)
    except:
        print "Couldn't retrieve time"

    print("[+] Conversations Found:" + CTCore.newLine)
    print CTCore.show_conversations()

    # If chosen just to dump files and exit
    if (args.dump is not None):
        try:
            CTCore.ungzip_all()
            CTCore.dump_all_files(args.dump[0],True)
        except Exception, ed:
            print ed
Esempio n. 2
0
def main(args, pcap_file):
    CTCore.pcap_file = pcap_file[0]
    print("[A] Analyzing PCAP: " + CTCore.pcap_file)

    CTCore.b_use_short_uri = args.short_url  # Display short URI paths
    CTCore.b_auto_ungzip = args.ungzip

    if (args.report is not None):
        CTCore.b_auto_ungzip = True

    parse_pcap.run(CTCore.pcap_file)

    if not CTCore.conversations:
        sys.exit("No HTTP conversations were found in PCAP file")

    print(CTCore.newLine + "[+] Traffic Activity Time: "),
    try:
        print(CTCore.activity_date_time)
    except:
        print "Couldn't retrieve time"

    print("[+] Conversations Found:" + CTCore.newLine)
    print CTCore.show_conversations()

    # If chosen just to dump files and exit
    if (args.dump is not None):
        try:
            CTCore.ungzip_all()
            CTCore.dump_all_files(args.dump[0], True)
        except Exception, ed:
            print ed
Esempio n. 3
0
def main(args):
    file_path = args[1]
    print("[A] Analyzing PCAP: " + args[1])

    parse_pcap.run(file_path)

    print(CTCore.newLine + "[+] Traffic Activity Time: " + CTCore.activity_date_time.strftime('%a, %x %X'))
    print("[+] Conversations Found:" + CTCore.newLine)
    CTCore.show_conversations()

    start_ws = True
    if (len(args) > 2):
        if args[2].lower() == "-s":
            start_ws = False
        else:
            CTCore.PORT = int(args[2])

    if (start_ws):
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
        except Exception,e:
            print "[E] Error starting Web Service:"
            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                print " Port " + str(CTCore.PORT) + " is already Taken."
                print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server"
                print " Proceeding without starting the web server..." + CTCore.newLine
            else:
                print " " + str(e)
Esempio n. 4
0
def main(args, pcap_file):
    if (args.update):
        CTCore.update_captipper()

    CTCore.pcap_file = pcap_file[0]
    print("[A] Analyzing PCAP: " + CTCore.pcap_file)

    start_ws = args.server_off # Boolean to start web server
    CTCore.PORT = args.port # Web server port
    CTCore.b_use_short_uri = args.short_url # Display short URI paths
    CTCore.b_auto_ungzip = args.ungzip

    if(args.report is not None):
        CTCore.b_auto_ungzip = True

    parse_pcap.run(CTCore.pcap_file)

    if not CTCore.conversations:
        sys.exit("No HTTP conversations were found in PCAP file")

    print(CTCore.newLine + "[+] Traffic Activity Time: "),
    try:
        print(CTCore.activity_date_time)
    except:
        print "Couldn't retrieve time"

    print("[+] Conversations Found:" + CTCore.newLine)
    CTCore.show_conversations()

    if (start_ws and args.dump is None and args.report is None):
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
        except Exception as e:
            CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR)

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                print " Port " + str(CTCore.PORT) + " is already taken."
                print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
                print " Proceeding without starting the web server..." + CTCore.newLine
            else:
                print " " + str(e)

    # If chosen just to dump files and exit
    if (args.dump is not None):
        try:
            CTCore.ungzip_all()
            CTCore.dump_all_files(args.dump[0],True)
        except Exception, ed:
            print ed
Esempio n. 5
0
def main(args, pcap_file):
    if not os.path.exists(args.dump[0]):
        os.makedirs(args.dump[0])
    CTCore.pcap_file = pcap_file[0]
    if(args.report is not None):
        CTCore.b_auto_ungzip = True
    parse_pcap.run(CTCore.pcap_file)
    # If chosen just to dump files and exit
    if (args.dump is not None):
        try:
            CTCore.ungzip_all()
            CTCore.dump_all_files(args.dump[0],True)
        except Exception, ed:
            print ed
Esempio n. 6
0
def main(args, pcap_file):
    if (args.update):
        CTCore.update_captipper()

    CTCore.pcap_file = pcap_file[0]
    print("[A] Analyzing PCAP: " + CTCore.pcap_file)

    start_ws = args.server_off # Boolean to start web server
    CTCore.PORT = args.port # Web server port
    CTCore.b_use_short_uri = args.short_url # Display short URI paths
    CTCore.b_auto_ungzip = args.ungzip

    if(args.report is not None):
        CTCore.b_auto_ungzip = True

    parse_pcap.run(CTCore.pcap_file)

    if not CTCore.conversations:
        sys.exit("No HTTP conversations were found in PCAP file")

    print(CTCore.newLine + "[+] Traffic Activity Time: "),
    try:
        print(CTCore.activity_date_time)
    except:
        print "Couldn't retrieve time"

    print("[+] Conversations Found:" + CTCore.newLine)
    CTCore.show_conversations()

    if (start_ws and args.dump is None and args.report is None):
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
        except Exception,e:
            CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR)

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                print " Port " + str(CTCore.PORT) + " is already taken."
                print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
                print " Proceeding without starting the web server..." + CTCore.newLine
            else:
                print " " + str(e)
Esempio n. 7
0
    def start(self, path):
        log.info("before proxy")
        config = proxy.ProxyConfig(port=8888)
        proxy_server = ProxyServer(config)
        self.m = InjectionProxy.InjectionProxy(proxy_server)
        log.info("before thread")
        thread.start_new_thread(self.m.run, ())

        self.tshark_proc = None
        self.tshark_filename = "tshark.pcap"
        log.debug("In pcap analysis package")
        log.debug("path is " + path)
        # set default options
        args = {}
        #args["server_off"] = self.options["server_off"] if self.options["server_off"] else False
        args[
            "port"] = 80  #self.options["port"] if self.options["port"] else 80
        args[
            "short_url"] = True  #self.options["short_url"] if self.options["short_url"] else True
        args[
            "ungzip"] = True  #self.options["ungzip"] if self.options["ungzip"] else True
        #args.report = self.options["report"] if self.options["report"] else

        CTCore.pcap_file = path

        log.info("[A] Analyzing PCAP: " + CTCore.pcap_file)

        #start_ws = args["server_off"] # Boolean to start web server
        CTCore.PORT = args["port"]  # Web server port
        CTCore.b_use_short_uri = args["short_url"]  # Display short URI paths
        CTCore.b_auto_ungzip = args["ungzip"]

        #if(args.report is not None):
        #    CTCore.b_auto_ungzip = True

        parse_pcap.run(CTCore.pcap_file)

        if not CTCore.conversations:
            log.info("No HTTP conversations were found in PCAP file")
            return
        log.info(CTCore.newLine + "[+] Traffic Activity Time: "),
        try:
            log.info(CTCore.activity_date_time)
        except:
            log.error("Couldn't retrieve time")

        #Update hosts file with all hosts found in pcap
        #add each ip directly accessed in pcap to loopback network card
        ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
        host_domains = CTCore.hosts.keys()
        if host_domains:
            #self.PATHS = Pcap.HOSTS_PATHS
            with open(self.hosts_path, "a+") as hosts_file:
                for host, ip in host_domains:
                    ip = ip.split(":")[0]  #remove the port from the ip address
                    netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(
                        ip)
                    proc = Popen(shlex.split(netsh_cmd),
                                 stdout=PIPE,
                                 stderr=STDOUT)
                    output, err = proc.communicate()
                    if err:
                        log.error(err)
                    host = host.split(":")[
                        0]  #remove port from host if it exists
                    host_is_ip = re.match(ip_pattern, host, re.M)
                    if not host_is_ip:
                        hosts_file.write("\n\n127.0.0.1 {0}".format(host))

        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1)  # Fixes graphic issues
            CTCore.web_server_turned_on = True

            id = 0
            request = CTCore.conversations[id].uri
            host = CTCore.conversations[id].host
            open_url = 'http://127.0.0.1:' + str(
                CTCore.PORT) + "/" + host + request

            #open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request

            #start recording tshark tcp dump from loopback NIC
            #Pcap.PATHS = Pcap.TSHARK_PATHS
            #tshark_cmd = "tshark -i 2 -w {0}".format(self.tshark_filename)
            #tshark_exec = self.get_path("TShark")
            #log.info("tshark_exec: " + tshark_exec)
            #self.tshark_proc = Popen(shlex.split(tshark_cmd), #executable=tshark_exec, stdout=PIPE, stderr=STDOUT)
            #log.info("ran tshark")
            #output,err = self.tshark_proc.communicate()
            #if err:
            #    log.error(err)

            #Pcap.PATHS = Pcap.IE_PATHS
            iexplore = self.get_path("Internet Explorer")
            log.info("iexplore: " + iexplore)
            log.info("url: " + open_url)
            return self.execute(iexplore, args="%s" % open_url)
        except Exception, e:
            log.error("Error starting Web Server: %s",
                      str(CTCore.msg_type.ERROR))

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                log.error(" Port " + str(CTCore.PORT) + " is already taken.")
                log.error(
                    " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
                )
                log.error(" Proceeding without starting the web server..." +
                          CTCore.newLine)
            else:
                log.error(str(e))
Esempio n. 8
0
    def start(self, path):
        self.tshark_proc = None
        self.tshark_filename = "tshark.pcap"
        log.debug("In pcap analysis package")
        log.debug("path is "+ path)
        # set default options
        args = {}
        #args["server_off"] = self.options["server_off"] if self.options["server_off"] else False
        args["port"] = 80 #self.options["port"] if self.options["port"] else 80
        args["short_url"] = True #self.options["short_url"] if self.options["short_url"] else True
        args["ungzip"] = True #self.options["ungzip"] if self.options["ungzip"] else True
        #args.report = self.options["report"] if self.options["report"] else 
        
        CTCore.pcap_file = path
        
        log.info("[A] Analyzing PCAP: " + CTCore.pcap_file)

        #start_ws = args["server_off"] # Boolean to start web server
        CTCore.PORT = args["port"] # Web server port
        CTCore.b_use_short_uri = args["short_url"] # Display short URI paths
        CTCore.b_auto_ungzip = args["ungzip"]
        
        #if(args.report is not None):
        #    CTCore.b_auto_ungzip = True
        
        parse_pcap.run(CTCore.pcap_file)

        if not CTCore.conversations:
            log.info("No HTTP conversations were found in PCAP file")
            return
        log.info(CTCore.newLine + "[+] Traffic Activity Time: "),
        try:
            log.info(CTCore.activity_date_time)
        except:
            log.error("Couldn't retrieve time")

        #Update hosts file with all hosts found in pcap
        #add each ip directly accessed in pcap to loopback network card
        ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
        host_domains = CTCore.hosts.keys()
        if host_domains:
            #self.PATHS = Pcap.HOSTS_PATHS
            with open(self.hosts_path, "a+") as hosts_file:
                for host, ip in host_domains:
                    ip = ip.split(":")[0] #remove the port from the ip address
                    netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(ip)
                    proc = Popen(shlex.split(netsh_cmd), stdout=PIPE, stderr=STDOUT)
                    output, err = proc.communicate()
                    if err:
                        log.error(err)
                    host = host.split(":")[0] #remove port from host if it exists
                    host_is_ip = re.match(ip_pattern, host, re.M)
                    if not host_is_ip:
                        hosts_file.write("\n\n127.0.0.1 {0}".format(host))
                
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
            
            id = 0
            request = CTCore.conversations[id].uri
            host = CTCore.conversations[id].host
            open_url = 'http://127.0.0.1:' + str(CTCore.PORT) + "/" + host + request
            
            #open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request

            #Pcap.PATHS = Pcap.IE_PATHS
            iexplore = self.get_path("Internet Explorer")
            log.info("iexplore: "+iexplore)
            log.info("url: "+open_url)
            return self.execute(iexplore, args=["%s" % open_url])
        except Exception,e:
            log.error("Error starting Web Server: %s", str(CTCore.msg_type.ERROR))

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                log.error(" Port " + str(CTCore.PORT) + " is already taken.")
                log.error(" Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server")
                log.error(" Proceeding without starting the web server..." + CTCore.newLine)
            else:
                log.error(str(e))
Esempio n. 9
0
def main(args):
    file_path = args[1]
    #print("[A] Analyzing PCAP: " + args[1])

    parse_pcap.run(file_path)