def main(args, pcap_file): CTCore.pcap_file = pcap_file[0] print("[A] Analyzing PCAP: " + CTCore.pcap_file) CTCore.b_use_short_uri = args.short_url # Display short URI paths CTCore.b_auto_ungzip = args.ungzip if(args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: sys.exit("No HTTP conversations were found in PCAP file") print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) print CTCore.show_conversations() # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0],True) except Exception, ed: print ed
def main(args, pcap_file): CTCore.pcap_file = pcap_file[0] print("[A] Analyzing PCAP: " + CTCore.pcap_file) CTCore.b_use_short_uri = args.short_url # Display short URI paths CTCore.b_auto_ungzip = args.ungzip if (args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: sys.exit("No HTTP conversations were found in PCAP file") print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) print CTCore.show_conversations() # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0], True) except Exception, ed: print ed
def main(args): file_path = args[1] print("[A] Analyzing PCAP: " + args[1]) parse_pcap.run(file_path) print(CTCore.newLine + "[+] Traffic Activity Time: " + CTCore.activity_date_time.strftime('%a, %x %X')) print("[+] Conversations Found:" + CTCore.newLine) CTCore.show_conversations() start_ws = True if (len(args) > 2): if args[2].lower() == "-s": start_ws = False else: CTCore.PORT = int(args[2]) if (start_ws): try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True except Exception,e: print "[E] Error starting Web Service:" if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already Taken." print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e)
def main(args, pcap_file): if (args.update): CTCore.update_captipper() CTCore.pcap_file = pcap_file[0] print("[A] Analyzing PCAP: " + CTCore.pcap_file) start_ws = args.server_off # Boolean to start web server CTCore.PORT = args.port # Web server port CTCore.b_use_short_uri = args.short_url # Display short URI paths CTCore.b_auto_ungzip = args.ungzip if(args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: sys.exit("No HTTP conversations were found in PCAP file") print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) CTCore.show_conversations() if (start_ws and args.dump is None and args.report is None): try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True except Exception as e: CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR) if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already taken." print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e) # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0],True) except Exception, ed: print ed
def main(args, pcap_file): if not os.path.exists(args.dump[0]): os.makedirs(args.dump[0]) CTCore.pcap_file = pcap_file[0] if(args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) # If chosen just to dump files and exit if (args.dump is not None): try: CTCore.ungzip_all() CTCore.dump_all_files(args.dump[0],True) except Exception, ed: print ed
def main(args, pcap_file): if (args.update): CTCore.update_captipper() CTCore.pcap_file = pcap_file[0] print("[A] Analyzing PCAP: " + CTCore.pcap_file) start_ws = args.server_off # Boolean to start web server CTCore.PORT = args.port # Web server port CTCore.b_use_short_uri = args.short_url # Display short URI paths CTCore.b_auto_ungzip = args.ungzip if(args.report is not None): CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: sys.exit("No HTTP conversations were found in PCAP file") print(CTCore.newLine + "[+] Traffic Activity Time: "), try: print(CTCore.activity_date_time) except: print "Couldn't retrieve time" print("[+] Conversations Found:" + CTCore.newLine) CTCore.show_conversations() if (start_ws and args.dump is None and args.report is None): try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True except Exception,e: CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR) if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: print " Port " + str(CTCore.PORT) + " is already taken." print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server" print " Proceeding without starting the web server..." + CTCore.newLine else: print " " + str(e)
def start(self, path): log.info("before proxy") config = proxy.ProxyConfig(port=8888) proxy_server = ProxyServer(config) self.m = InjectionProxy.InjectionProxy(proxy_server) log.info("before thread") thread.start_new_thread(self.m.run, ()) self.tshark_proc = None self.tshark_filename = "tshark.pcap" log.debug("In pcap analysis package") log.debug("path is " + path) # set default options args = {} #args["server_off"] = self.options["server_off"] if self.options["server_off"] else False args[ "port"] = 80 #self.options["port"] if self.options["port"] else 80 args[ "short_url"] = True #self.options["short_url"] if self.options["short_url"] else True args[ "ungzip"] = True #self.options["ungzip"] if self.options["ungzip"] else True #args.report = self.options["report"] if self.options["report"] else CTCore.pcap_file = path log.info("[A] Analyzing PCAP: " + CTCore.pcap_file) #start_ws = args["server_off"] # Boolean to start web server CTCore.PORT = args["port"] # Web server port CTCore.b_use_short_uri = args["short_url"] # Display short URI paths CTCore.b_auto_ungzip = args["ungzip"] #if(args.report is not None): # CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: log.info("No HTTP conversations were found in PCAP file") return log.info(CTCore.newLine + "[+] Traffic Activity Time: "), try: log.info(CTCore.activity_date_time) except: log.error("Couldn't retrieve time") #Update hosts file with all hosts found in pcap #add each ip directly accessed in pcap to loopback network card ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" host_domains = CTCore.hosts.keys() if host_domains: #self.PATHS = Pcap.HOSTS_PATHS with open(self.hosts_path, "a+") as hosts_file: for host, ip in host_domains: ip = ip.split(":")[0] #remove the port from the ip address netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format( ip) proc = Popen(shlex.split(netsh_cmd), stdout=PIPE, stderr=STDOUT) output, err = proc.communicate() if err: log.error(err) host = host.split(":")[ 0] #remove port from host if it exists host_is_ip = re.match(ip_pattern, host, re.M) if not host_is_ip: hosts_file.write("\n\n127.0.0.1 {0}".format(host)) try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True id = 0 request = CTCore.conversations[id].uri host = CTCore.conversations[id].host open_url = 'http://127.0.0.1:' + str( CTCore.PORT) + "/" + host + request #open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request #start recording tshark tcp dump from loopback NIC #Pcap.PATHS = Pcap.TSHARK_PATHS #tshark_cmd = "tshark -i 2 -w {0}".format(self.tshark_filename) #tshark_exec = self.get_path("TShark") #log.info("tshark_exec: " + tshark_exec) #self.tshark_proc = Popen(shlex.split(tshark_cmd), #executable=tshark_exec, stdout=PIPE, stderr=STDOUT) #log.info("ran tshark") #output,err = self.tshark_proc.communicate() #if err: # log.error(err) #Pcap.PATHS = Pcap.IE_PATHS iexplore = self.get_path("Internet Explorer") log.info("iexplore: " + iexplore) log.info("url: " + open_url) return self.execute(iexplore, args="%s" % open_url) except Exception, e: log.error("Error starting Web Server: %s", str(CTCore.msg_type.ERROR)) if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: log.error(" Port " + str(CTCore.PORT) + " is already taken.") log.error( " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server" ) log.error(" Proceeding without starting the web server..." + CTCore.newLine) else: log.error(str(e))
def start(self, path): self.tshark_proc = None self.tshark_filename = "tshark.pcap" log.debug("In pcap analysis package") log.debug("path is "+ path) # set default options args = {} #args["server_off"] = self.options["server_off"] if self.options["server_off"] else False args["port"] = 80 #self.options["port"] if self.options["port"] else 80 args["short_url"] = True #self.options["short_url"] if self.options["short_url"] else True args["ungzip"] = True #self.options["ungzip"] if self.options["ungzip"] else True #args.report = self.options["report"] if self.options["report"] else CTCore.pcap_file = path log.info("[A] Analyzing PCAP: " + CTCore.pcap_file) #start_ws = args["server_off"] # Boolean to start web server CTCore.PORT = args["port"] # Web server port CTCore.b_use_short_uri = args["short_url"] # Display short URI paths CTCore.b_auto_ungzip = args["ungzip"] #if(args.report is not None): # CTCore.b_auto_ungzip = True parse_pcap.run(CTCore.pcap_file) if not CTCore.conversations: log.info("No HTTP conversations were found in PCAP file") return log.info(CTCore.newLine + "[+] Traffic Activity Time: "), try: log.info(CTCore.activity_date_time) except: log.error("Couldn't retrieve time") #Update hosts file with all hosts found in pcap #add each ip directly accessed in pcap to loopback network card ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" host_domains = CTCore.hosts.keys() if host_domains: #self.PATHS = Pcap.HOSTS_PATHS with open(self.hosts_path, "a+") as hosts_file: for host, ip in host_domains: ip = ip.split(":")[0] #remove the port from the ip address netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(ip) proc = Popen(shlex.split(netsh_cmd), stdout=PIPE, stderr=STDOUT) output, err = proc.communicate() if err: log.error(err) host = host.split(":")[0] #remove port from host if it exists host_is_ip = re.match(ip_pattern, host, re.M) if not host_is_ip: hosts_file.write("\n\n127.0.0.1 {0}".format(host)) try: CTCore.web_server = server() CTCore.web_server.start() time.sleep(0.1) # Fixes graphic issues CTCore.web_server_turned_on = True id = 0 request = CTCore.conversations[id].uri host = CTCore.conversations[id].host open_url = 'http://127.0.0.1:' + str(CTCore.PORT) + "/" + host + request #open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request #Pcap.PATHS = Pcap.IE_PATHS iexplore = self.get_path("Internet Explorer") log.info("iexplore: "+iexplore) log.info("url: "+open_url) return self.execute(iexplore, args=["%s" % open_url]) except Exception,e: log.error("Error starting Web Server: %s", str(CTCore.msg_type.ERROR)) if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0: log.error(" Port " + str(CTCore.PORT) + " is already taken.") log.error(" Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server") log.error(" Proceeding without starting the web server..." + CTCore.newLine) else: log.error(str(e))
def main(args): file_path = args[1] #print("[A] Analyzing PCAP: " + args[1]) parse_pcap.run(file_path)