def filterPackets(self, pkt): if not pkt.haslayer(http.HTTPRequest): return try: if pkt.haslayer(TCP) and pkt.haslayer(Raw) and pkt.haslayer(IP): self.dport = pkt[TCP].dport self.sport = pkt[TCP].sport self.src_ip_port = str(pkt[IP].src) + ":" + str(self.sport) self.dst_ip_port = str(pkt[IP].dst) + ":" + str(self.dport) http_layer = pkt.getlayer(http.HTTPRequest) ip_layer = pkt.getlayer(IP) if str(http_layer.fields["Method"], "utf-8") == "POST": self.getCredentials_POST( pkt.getlayer(Raw).load, http_layer.fields["Host"], http_layer.fields["Headers"], self.dst_ip_port, self.src_ip_port, { "IP": ip_layer.fields, "Headers": http_layer.fields }, ) data = { "urlsCap": { "IP": ip_layer.fields, "Headers": http_layer.fields } } with decoded(data) as data_decoded: self.output.emit(data_decoded) except: pass
def getCredentials_POST(self, payload, url, header, dport, sport, pkt): user_regex = ("([Ee]mail|%5B[Ee]mail%5D|[Uu]ser|[Uu]sername|" "[Nn]ame|[Ll]ogin|[Ll]og|[Ll]ogin[Ii][Dd])=([^&|;]*)") pw_regex = ("([Pp]assword|[Pp]ass|[Pp]asswd|[Pp]wd|[Pp][Ss][Ww]|" "[Pp]asswrd|[Pp]assw|%5B[Pp]assword%5D)=([^&|;]*)") username = re.findall(user_regex, str(payload, "utf-8")) password = re.findall(pw_regex, str(payload, "utf-8")) if not username == [] and not password == []: data = { "POSTCreds": { "Url": str(url), "Destination": "{}/{}".format(sport, dport), "Packets": pkt, "Data": { "User": username[0][1], "Pass": password[0][1], "Payload": payload, }, } } with decoded(data) as data_decoded: self.output.emit(data_decoded)
def test_decoded_data(self): global result data = { "IP": { "version": 4, "src": "10.0.0.21".encode(), "dst": "216.58.202.227".encode(), "ihl": 5, "tos": 0, }, "Headers": { "Connection": "Keep-Alive".encode(), "Method": "GET".encode(), "Path": "/generate_204".encode(), "Http-Version": "HTTP/1.1".encode(), }, } # decode byte array to str ascii with decoded(data) as data_decoded: self.data_decoded = data_decoded self.assertEqual(result, self.data_decoded)