def do_server(self, line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_server()
else:
s_cmd = l[0]
if s_cmd.lower() == "on":
if CTCore.web_server_turned_on:
print " Web Server already on: http://" + CTCore.HOST + ":" +\
str(CTCore.PORT)
else:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
elif s_cmd.lower() == "off":
if CTCore.web_server_turned_on:
CTCore.web_server.shutdown()
else:
print " Web Server already off"
else:
self.help_server()
except Exception, e:
print str(e)
def do_server(self,line):
try:
l = line.split(" ")
if (l[0] == ""):
self.help_server()
else:
s_cmd = l[0]
if s_cmd.lower() == "on":
if CTCore.web_server_turned_on:
print " Web Server already on: http://" + CTCore.HOST + ":" + CTCore.PORT
else:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
elif s_cmd.lower() == "off":
if CTCore.web_server_turned_on:
CTCore.web_server.shutdown()
else:
print " Web Server already off"
else:
self.help_server()
except Exception,e:
print str(e)
def do_open(self, line):
try:
l = line.split(" ")
if l[0] == "":
self.help_open()
else:
bOpen = False
if not CTCore.web_server_turned_on:
print newLine + " Web server is turned off, open anyway? (Y/n):",
ans = raw_input()
if ans.lower() == "y" or ans == "":
bOpen = True
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
else:
bOpen = True
if bOpen:
id = int(l[0])
request = CTCore.conversations[id].uri
host = CTCore.conversations[id].host
server_addr = CTCore.HOST
if server_addr == "0.0.0.0":
server_addr = "127.0.0.1"
open_url = 'http://' + server_addr + ":" + str(
CTCore.PORT) + "/" + host + request
print(" Opening {} in default browser".format(open_url))
import webbrowser
webbrowser.open(open_url)
except Exception, e:
print str(e)
def main(args):
file_path = args[1]
print("[A] Analyzing PCAP: " + args[1])
parse_pcap.run(file_path)
print(CTCore.newLine + "[+] Traffic Activity Time: " + CTCore.activity_date_time.strftime('%a, %x %X'))
print("[+] Conversations Found:" + CTCore.newLine)
CTCore.show_conversations()
start_ws = True
if (len(args) > 2):
if args[2].lower() == "-s":
start_ws = False
else:
CTCore.PORT = int(args[2])
if (start_ws):
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
except Exception,e:
print "[E] Error starting Web Service:"
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already Taken."
print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
def main(args, pcap_file):
if (args.update):
CTCore.update_captipper()
CTCore.pcap_file = pcap_file[0]
print("[A] Analyzing PCAP: " + CTCore.pcap_file)
start_ws = args.server_off # Boolean to start web server
CTCore.PORT = args.port # Web server port
CTCore.b_use_short_uri = args.short_url # Display short URI paths
CTCore.b_auto_ungzip = args.ungzip
if(args.report is not None):
CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
if not CTCore.conversations:
sys.exit("No HTTP conversations were found in PCAP file")
print(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
print(CTCore.activity_date_time)
except:
print "Couldn't retrieve time"
print("[+] Conversations Found:" + CTCore.newLine)
CTCore.show_conversations()
if (start_ws and args.dump is None and args.report is None):
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
except Exception as e:
CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR)
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already taken."
print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
# If chosen just to dump files and exit
if (args.dump is not None):
try:
CTCore.ungzip_all()
CTCore.dump_all_files(args.dump[0],True)
except Exception, ed:
print ed
def main(args, pcap_file):
if (args.update):
CTCore.update_captipper()
CTCore.pcap_file = pcap_file[0]
print("[A] Analyzing PCAP: " + CTCore.pcap_file)
start_ws = args.server_off # Boolean to start web server
CTCore.PORT = args.port # Web server port
CTCore.b_use_short_uri = args.short_url # Display short URI paths
CTCore.b_auto_ungzip = args.ungzip
if(args.report is not None):
CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
if not CTCore.conversations:
sys.exit("No HTTP conversations were found in PCAP file")
print(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
print(CTCore.activity_date_time)
except:
print "Couldn't retrieve time"
print("[+] Conversations Found:" + CTCore.newLine)
CTCore.show_conversations()
if (start_ws and args.dump is None and args.report is None):
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
except Exception,e:
CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR)
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
print " Port " + str(CTCore.PORT) + " is already taken."
print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
print " Proceeding without starting the web server..." + CTCore.newLine
else:
print " " + str(e)
def start(self, path):
log.info("before proxy")
config = proxy.ProxyConfig(port=8888)
proxy_server = ProxyServer(config)
self.m = InjectionProxy.InjectionProxy(proxy_server)
log.info("before thread")
thread.start_new_thread(self.m.run, ())
self.tshark_proc = None
self.tshark_filename = "tshark.pcap"
log.debug("In pcap analysis package")
log.debug("path is " + path)
# set default options
args = {}
#args["server_off"] = self.options["server_off"] if self.options["server_off"] else False
args[
"port"] = 80 #self.options["port"] if self.options["port"] else 80
args[
"short_url"] = True #self.options["short_url"] if self.options["short_url"] else True
args[
"ungzip"] = True #self.options["ungzip"] if self.options["ungzip"] else True
#args.report = self.options["report"] if self.options["report"] else
CTCore.pcap_file = path
log.info("[A] Analyzing PCAP: " + CTCore.pcap_file)
#start_ws = args["server_off"] # Boolean to start web server
CTCore.PORT = args["port"] # Web server port
CTCore.b_use_short_uri = args["short_url"] # Display short URI paths
CTCore.b_auto_ungzip = args["ungzip"]
#if(args.report is not None):
# CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
if not CTCore.conversations:
log.info("No HTTP conversations were found in PCAP file")
return
log.info(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
log.info(CTCore.activity_date_time)
except:
log.error("Couldn't retrieve time")
#Update hosts file with all hosts found in pcap
#add each ip directly accessed in pcap to loopback network card
ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
host_domains = CTCore.hosts.keys()
if host_domains:
#self.PATHS = Pcap.HOSTS_PATHS
with open(self.hosts_path, "a+") as hosts_file:
for host, ip in host_domains:
ip = ip.split(":")[0] #remove the port from the ip address
netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(
ip)
proc = Popen(shlex.split(netsh_cmd),
stdout=PIPE,
stderr=STDOUT)
output, err = proc.communicate()
if err:
log.error(err)
host = host.split(":")[
0] #remove port from host if it exists
host_is_ip = re.match(ip_pattern, host, re.M)
if not host_is_ip:
hosts_file.write("\n\n127.0.0.1 {0}".format(host))
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
id = 0
request = CTCore.conversations[id].uri
host = CTCore.conversations[id].host
open_url = 'http://127.0.0.1:' + str(
CTCore.PORT) + "/" + host + request
#open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request
#start recording tshark tcp dump from loopback NIC
#Pcap.PATHS = Pcap.TSHARK_PATHS
#tshark_cmd = "tshark -i 2 -w {0}".format(self.tshark_filename)
#tshark_exec = self.get_path("TShark")
#log.info("tshark_exec: " + tshark_exec)
#self.tshark_proc = Popen(shlex.split(tshark_cmd), #executable=tshark_exec, stdout=PIPE, stderr=STDOUT)
#log.info("ran tshark")
#output,err = self.tshark_proc.communicate()
#if err:
# log.error(err)
#Pcap.PATHS = Pcap.IE_PATHS
iexplore = self.get_path("Internet Explorer")
log.info("iexplore: " + iexplore)
log.info("url: " + open_url)
return self.execute(iexplore, args="%s" % open_url)
except Exception, e:
log.error("Error starting Web Server: %s",
str(CTCore.msg_type.ERROR))
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
log.error(" Port " + str(CTCore.PORT) + " is already taken.")
log.error(
" Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
)
log.error(" Proceeding without starting the web server..." +
CTCore.newLine)
else:
log.error(str(e))
def start(self, path):
self.tshark_proc = None
self.tshark_filename = "tshark.pcap"
log.debug("In pcap analysis package")
log.debug("path is "+ path)
# set default options
args = {}
#args["server_off"] = self.options["server_off"] if self.options["server_off"] else False
args["port"] = 80 #self.options["port"] if self.options["port"] else 80
args["short_url"] = True #self.options["short_url"] if self.options["short_url"] else True
args["ungzip"] = True #self.options["ungzip"] if self.options["ungzip"] else True
#args.report = self.options["report"] if self.options["report"] else
CTCore.pcap_file = path
log.info("[A] Analyzing PCAP: " + CTCore.pcap_file)
#start_ws = args["server_off"] # Boolean to start web server
CTCore.PORT = args["port"] # Web server port
CTCore.b_use_short_uri = args["short_url"] # Display short URI paths
CTCore.b_auto_ungzip = args["ungzip"]
#if(args.report is not None):
# CTCore.b_auto_ungzip = True
parse_pcap.run(CTCore.pcap_file)
if not CTCore.conversations:
log.info("No HTTP conversations were found in PCAP file")
return
log.info(CTCore.newLine + "[+] Traffic Activity Time: "),
try:
log.info(CTCore.activity_date_time)
except:
log.error("Couldn't retrieve time")
#Update hosts file with all hosts found in pcap
#add each ip directly accessed in pcap to loopback network card
ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
host_domains = CTCore.hosts.keys()
if host_domains:
#self.PATHS = Pcap.HOSTS_PATHS
with open(self.hosts_path, "a+") as hosts_file:
for host, ip in host_domains:
ip = ip.split(":")[0] #remove the port from the ip address
netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(ip)
proc = Popen(shlex.split(netsh_cmd), stdout=PIPE, stderr=STDOUT)
output, err = proc.communicate()
if err:
log.error(err)
host = host.split(":")[0] #remove port from host if it exists
host_is_ip = re.match(ip_pattern, host, re.M)
if not host_is_ip:
hosts_file.write("\n\n127.0.0.1 {0}".format(host))
try:
CTCore.web_server = server()
CTCore.web_server.start()
time.sleep(0.1) # Fixes graphic issues
CTCore.web_server_turned_on = True
id = 0
request = CTCore.conversations[id].uri
host = CTCore.conversations[id].host
open_url = 'http://127.0.0.1:' + str(CTCore.PORT) + "/" + host + request
#open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request
#Pcap.PATHS = Pcap.IE_PATHS
iexplore = self.get_path("Internet Explorer")
log.info("iexplore: "+iexplore)
log.info("url: "+open_url)
return self.execute(iexplore, args=["%s" % open_url])
except Exception,e:
log.error("Error starting Web Server: %s", str(CTCore.msg_type.ERROR))
if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
log.error(" Port " + str(CTCore.PORT) + " is already taken.")
log.error(" Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server")
log.error(" Proceeding without starting the web server..." + CTCore.newLine)
else:
log.error(str(e))