def pcapstream(request, task_id, conntuple): src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) if enabledconf["mongodb"]: conndata = results_db.analysis.find_one({ "info.id": int(task_id) }, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1 }, sort=[("_id", pymongo.DESCENDING)]) if enabledconf["elasticsearchdb"]: conndata = es.search( index="cuckoo-*", doc_type="analysis", q="info.id : \"%s\"" % task_id )["hits"]["hits"][0]["_source"] if not conndata: return render_to_response("standalone_error.html", {"error": "The specified analysis does not exist"}, context_instance=RequestContext(request)) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter(lambda i: (i["sport"],i["dport"],i["src"],i["dst"]) == (sport,dport,src,dst), connlist) stream = conns[0] offset = stream["offset"] except: return render_to_response("standalone_error.html", {"error": "Could not find the requested stream"}, context_instance=RequestContext(request)) try: if enabledconf["mongodb"]: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) # gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING setattr(fobj, "fileno", lambda: -1) if enabledconf["elasticsearchdb"]: # This will check if we have a sorted PCAP test_pcap = conndata["network"]["sorted_pcap_sha256"] # if we do, build out the path to it pcap_path = os.path.join(CUCKOO_ROOT, "storage", "analyses", task_id, "dump_sorted.pcap") fobj = open(pcap_path, "r") except Exception as e: print str(e) return render_to_response("standalone_error.html", {"error": "The required sorted PCAP does not exist"}, context_instance=RequestContext(request)) packets = list(network.packets_for_stream(fobj, offset)) if enabledconf["elasticsearchdb"]: fobj.close() return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple): """Get packets from the task PCAP related to a certain connection. This is possible because we sort the PCAP during processing and remember offsets for each stream. """ src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) conndata = results_db.analysis.find_one( { "info.id": int(task_id), }, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1, }, sort=[("_id", pymongo.DESCENDING)]) if not conndata: return render_to_response( "standalone_error.html", {"error": "The specified analysis does not exist"}, context_instance=RequestContext(request)) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter(lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) == (sport, dport, src, dst), connlist) stream = conns[0] offset = stream["offset"] except: return render_to_response( "standalone_error.html", {"error": "Could not find the requested stream"}, context_instance=RequestContext(request)) try: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) # Gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING. setattr(fobj, "fileno", lambda: -1) except: return render_to_response( "standalone_error.html", {"error": "The required sorted PCAP does not exist"}, context_instance=RequestContext(request)) packets = list(network.packets_for_stream(fobj, offset)) # TODO: starting from django 1.7 we should use JsonResponse. return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple): """Get packets from the task PCAP related to a certain connection. This is possible because we sort the PCAP during processing and remember offsets for each stream. """ src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) conndata = results_db.analysis.find_one({ "info.id": int(task_id), }, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1, }, sort=[("_id", pymongo.DESCENDING)]) if not conndata: return render_to_response( "standalone_error.html", {"error": "The specified analysis does not exist"}, context_instance=RequestContext(request)) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter( lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) == (sport, dport, src, dst), connlist) stream = conns[0] offset = stream["offset"] except: return render_to_response( "standalone_error.html", {"error": "Could not find the requested stream"}, context_instance=RequestContext(request)) try: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) # Gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING. setattr(fobj, "fileno", lambda: -1) except: return render_to_response( "standalone_error.html", {"error": "The required sorted PCAP does not exist"}, context_instance=RequestContext(request)) packets = list(network.packets_for_stream(fobj, offset)) # TODO: starting from django 1.7 we should use JsonResponse. return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple): """Get packets from the task PCAP related to a certain connection. This is possible because we sort the PCAP during processing and remember offsets for each stream. """ src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) conndata = results_db.analysis.find_one( { "info.id": int(task_id), }, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1, }, sort=[("_id", pymongo.DESCENDING)]) if not conndata: return render(request, "standalone_error.html", { "error": "The specified analysis does not exist", }) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter(lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) == (sport, dport, src, dst), connlist) stream = conns[0] offset = stream["offset"] except: return render(request, "standalone_error.html", { "error": "Could not find the requested stream", }) try: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) setattr(fobj, "fileno", lambda: -1) except: return render(request, "standalone_error.html", { "error": "The required sorted PCAP does not exist", }) packets = list(network.packets_for_stream(fobj, offset)) return JsonResponse(packets, safe=False)
def pcapstream(request, task_id, conntuple): """Get packets from the task PCAP related to a certain connection. This is possible because we sort the PCAP during processing and remember offsets for each stream. """ src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) conndata = results_db.analysis.find_one({ "info.id": int(task_id), }, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1, }, sort=[("_id", pymongo.DESCENDING)]) if not conndata: return render(request, "standalone_error.html", { "error": "The specified analysis does not exist", }) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter( lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) == (sport, dport, src, dst), connlist) stream = conns[0] offset = stream["offset"] except: return render(request, "standalone_error.html", { "error": "Could not find the requested stream", }) try: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) setattr(fobj, "fileno", lambda: -1) except: return render(request, "standalone_error.html", { "error": "The required sorted PCAP does not exist", }) packets = list(network.packets_for_stream(fobj, offset)) return JsonResponse(packets, safe=False)
def pcapstream(request, task_id, conntuple): src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) conndata = results_db.analysis.find_one({"info.id": int(task_id)}, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1 }, sort=[("_id", pymongo.DESCENDING)]) if not conndata: return render_to_response( "standalone_error.html", {"error": "The specified analysis does not exist"}, context_instance=RequestContext(request)) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter( lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) == (sport, dport, src, dst), connlist) stream = conns[0] offset = stream["offset"] except: return render_to_response( "standalone_error.html", {"error": "Could not find the requested stream"}, context_instance=RequestContext(request)) try: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) # gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING setattr(fobj, "fileno", lambda: -1) except: return render_to_response( "standalone_error.html", {"error": "The required sorted PCAP does not exist"}, context_instance=RequestContext(request)) packets = list(network.packets_for_stream(fobj, offset)) return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple): src, sport, dst, dport, proto = conntuple.split(",") sport, dport = int(sport), int(dport) conndata = results_db.analysis.find_one({ "info.id": int(task_id) }, { "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1 }, sort=[("_id", pymongo.DESCENDING)]) if not conndata: return render_to_response("standalone_error.html", {"error": "The specified analysis does not exist"}, context_instance=RequestContext(request)) try: if proto == "udp": connlist = conndata["network"]["udp"] else: connlist = conndata["network"]["tcp"] conns = filter(lambda i: (i["sport"],i["dport"],i["src"],i["dst"]) == (sport,dport,src,dst), connlist) stream = conns[0] offset = stream["offset"] except: return render_to_response("standalone_error.html", {"error": "Could not find the requested stream"}, context_instance=RequestContext(request)) try: fobj = fs.get(conndata["network"]["sorted_pcap_id"]) # gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING setattr(fobj, "fileno", lambda: -1) except: return render_to_response("standalone_error.html", {"error": "The required sorted PCAP does not exist"}, context_instance=RequestContext(request)) packets = list(network.packets_for_stream(fobj, offset)) return HttpResponse(json.dumps(packets), content_type="application/json")