예제 #1
0
 def do_server(self, line):
     try:
         l = line.split(" ")
         if (l[0] == ""):
             self.help_server()
         else:
             s_cmd = l[0]
             if s_cmd.lower() == "on":
                 if CTCore.web_server_turned_on:
                     print "     Web Server already on: http://" + CTCore.HOST + ":" +\
                         str(CTCore.PORT)
                 else:
                     CTCore.web_server = server()
                     CTCore.web_server.start()
                     time.sleep(0.1)  # Fixes graphic issues
                     CTCore.web_server_turned_on = True
             elif s_cmd.lower() == "off":
                 if CTCore.web_server_turned_on:
                     CTCore.web_server.shutdown()
                 else:
                     print "     Web Server already off"
             else:
                 self.help_server()
     except Exception, e:
         print str(e)
예제 #2
0
   def do_server(self,line):
       try:
           l = line.split(" ")
           if (l[0] == ""):
               self.help_server()
           else:
               s_cmd = l[0]
               if s_cmd.lower() == "on":
                   if CTCore.web_server_turned_on:
                       print "     Web Server already on: http://" + CTCore.HOST + ":" + CTCore.PORT
                   else:
                       CTCore.web_server = server()
                       CTCore.web_server.start()
 
                       time.sleep(0.1) # Fixes graphic issues
                       CTCore.web_server_turned_on = True
               elif s_cmd.lower() == "off":
                   if CTCore.web_server_turned_on:
                       CTCore.web_server.shutdown()
                   else:
                       print "     Web Server already off"
               else:
                   self.help_server()
       except Exception,e:
           print str(e)
예제 #3
0
    def do_open(self, line):
        try:
            l = line.split(" ")
            if l[0] == "":
                self.help_open()
            else:
                bOpen = False
                if not CTCore.web_server_turned_on:
                    print newLine + " Web server is turned off, open anyway? (Y/n):",
                    ans = raw_input()
                    if ans.lower() == "y" or ans == "":
                        bOpen = True
                        CTCore.web_server = server()
                        CTCore.web_server.start()
                        time.sleep(0.1)  # Fixes graphic issues
                        CTCore.web_server_turned_on = True
                else:
                    bOpen = True

                if bOpen:
                    id = int(l[0])
                    request = CTCore.conversations[id].uri
                    host = CTCore.conversations[id].host
                    server_addr = CTCore.HOST
                    if server_addr == "0.0.0.0":
                        server_addr = "127.0.0.1"

                    open_url = 'http://' + server_addr + ":" + str(
                        CTCore.PORT) + "/" + host + request
                    print("  Opening {} in default browser".format(open_url))
                    import webbrowser
                    webbrowser.open(open_url)
        except Exception, e:
            print str(e)
예제 #4
0
def main(args):
    file_path = args[1]
    print("[A] Analyzing PCAP: " + args[1])

    parse_pcap.run(file_path)

    print(CTCore.newLine + "[+] Traffic Activity Time: " + CTCore.activity_date_time.strftime('%a, %x %X'))
    print("[+] Conversations Found:" + CTCore.newLine)
    CTCore.show_conversations()

    start_ws = True
    if (len(args) > 2):
        if args[2].lower() == "-s":
            start_ws = False
        else:
            CTCore.PORT = int(args[2])

    if (start_ws):
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
        except Exception,e:
            print "[E] Error starting Web Service:"
            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                print " Port " + str(CTCore.PORT) + " is already Taken."
                print " Change the port using 'CapTipper.py <pcap_file> [port=80]' or use '-s' to disable web server"
                print " Proceeding without starting the web server..." + CTCore.newLine
            else:
                print " " + str(e)
예제 #5
0
def main(args, pcap_file):
    if (args.update):
        CTCore.update_captipper()

    CTCore.pcap_file = pcap_file[0]
    print("[A] Analyzing PCAP: " + CTCore.pcap_file)

    start_ws = args.server_off # Boolean to start web server
    CTCore.PORT = args.port # Web server port
    CTCore.b_use_short_uri = args.short_url # Display short URI paths
    CTCore.b_auto_ungzip = args.ungzip

    if(args.report is not None):
        CTCore.b_auto_ungzip = True

    parse_pcap.run(CTCore.pcap_file)

    if not CTCore.conversations:
        sys.exit("No HTTP conversations were found in PCAP file")

    print(CTCore.newLine + "[+] Traffic Activity Time: "),
    try:
        print(CTCore.activity_date_time)
    except:
        print "Couldn't retrieve time"

    print("[+] Conversations Found:" + CTCore.newLine)
    CTCore.show_conversations()

    if (start_ws and args.dump is None and args.report is None):
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
        except Exception as e:
            CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR)

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                print " Port " + str(CTCore.PORT) + " is already taken."
                print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
                print " Proceeding without starting the web server..." + CTCore.newLine
            else:
                print " " + str(e)

    # If chosen just to dump files and exit
    if (args.dump is not None):
        try:
            CTCore.ungzip_all()
            CTCore.dump_all_files(args.dump[0],True)
        except Exception, ed:
            print ed
예제 #6
0
def main(args, pcap_file):
    if (args.update):
        CTCore.update_captipper()

    CTCore.pcap_file = pcap_file[0]
    print("[A] Analyzing PCAP: " + CTCore.pcap_file)

    start_ws = args.server_off # Boolean to start web server
    CTCore.PORT = args.port # Web server port
    CTCore.b_use_short_uri = args.short_url # Display short URI paths
    CTCore.b_auto_ungzip = args.ungzip

    if(args.report is not None):
        CTCore.b_auto_ungzip = True

    parse_pcap.run(CTCore.pcap_file)

    if not CTCore.conversations:
        sys.exit("No HTTP conversations were found in PCAP file")

    print(CTCore.newLine + "[+] Traffic Activity Time: "),
    try:
        print(CTCore.activity_date_time)
    except:
        print "Couldn't retrieve time"

    print("[+] Conversations Found:" + CTCore.newLine)
    CTCore.show_conversations()

    if (start_ws and args.dump is None and args.report is None):
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
        except Exception,e:
            CTCore.alert_message("Error starting Web Server:", CTCore.msg_type.ERROR)

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                print " Port " + str(CTCore.PORT) + " is already taken."
                print " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
                print " Proceeding without starting the web server..." + CTCore.newLine
            else:
                print " " + str(e)
예제 #7
0
    def start(self, path):
        log.info("before proxy")
        config = proxy.ProxyConfig(port=8888)
        proxy_server = ProxyServer(config)
        self.m = InjectionProxy.InjectionProxy(proxy_server)
        log.info("before thread")
        thread.start_new_thread(self.m.run, ())

        self.tshark_proc = None
        self.tshark_filename = "tshark.pcap"
        log.debug("In pcap analysis package")
        log.debug("path is " + path)
        # set default options
        args = {}
        #args["server_off"] = self.options["server_off"] if self.options["server_off"] else False
        args[
            "port"] = 80  #self.options["port"] if self.options["port"] else 80
        args[
            "short_url"] = True  #self.options["short_url"] if self.options["short_url"] else True
        args[
            "ungzip"] = True  #self.options["ungzip"] if self.options["ungzip"] else True
        #args.report = self.options["report"] if self.options["report"] else

        CTCore.pcap_file = path

        log.info("[A] Analyzing PCAP: " + CTCore.pcap_file)

        #start_ws = args["server_off"] # Boolean to start web server
        CTCore.PORT = args["port"]  # Web server port
        CTCore.b_use_short_uri = args["short_url"]  # Display short URI paths
        CTCore.b_auto_ungzip = args["ungzip"]

        #if(args.report is not None):
        #    CTCore.b_auto_ungzip = True

        parse_pcap.run(CTCore.pcap_file)

        if not CTCore.conversations:
            log.info("No HTTP conversations were found in PCAP file")
            return
        log.info(CTCore.newLine + "[+] Traffic Activity Time: "),
        try:
            log.info(CTCore.activity_date_time)
        except:
            log.error("Couldn't retrieve time")

        #Update hosts file with all hosts found in pcap
        #add each ip directly accessed in pcap to loopback network card
        ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
        host_domains = CTCore.hosts.keys()
        if host_domains:
            #self.PATHS = Pcap.HOSTS_PATHS
            with open(self.hosts_path, "a+") as hosts_file:
                for host, ip in host_domains:
                    ip = ip.split(":")[0]  #remove the port from the ip address
                    netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(
                        ip)
                    proc = Popen(shlex.split(netsh_cmd),
                                 stdout=PIPE,
                                 stderr=STDOUT)
                    output, err = proc.communicate()
                    if err:
                        log.error(err)
                    host = host.split(":")[
                        0]  #remove port from host if it exists
                    host_is_ip = re.match(ip_pattern, host, re.M)
                    if not host_is_ip:
                        hosts_file.write("\n\n127.0.0.1 {0}".format(host))

        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1)  # Fixes graphic issues
            CTCore.web_server_turned_on = True

            id = 0
            request = CTCore.conversations[id].uri
            host = CTCore.conversations[id].host
            open_url = 'http://127.0.0.1:' + str(
                CTCore.PORT) + "/" + host + request

            #open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request

            #start recording tshark tcp dump from loopback NIC
            #Pcap.PATHS = Pcap.TSHARK_PATHS
            #tshark_cmd = "tshark -i 2 -w {0}".format(self.tshark_filename)
            #tshark_exec = self.get_path("TShark")
            #log.info("tshark_exec: " + tshark_exec)
            #self.tshark_proc = Popen(shlex.split(tshark_cmd), #executable=tshark_exec, stdout=PIPE, stderr=STDOUT)
            #log.info("ran tshark")
            #output,err = self.tshark_proc.communicate()
            #if err:
            #    log.error(err)

            #Pcap.PATHS = Pcap.IE_PATHS
            iexplore = self.get_path("Internet Explorer")
            log.info("iexplore: " + iexplore)
            log.info("url: " + open_url)
            return self.execute(iexplore, args="%s" % open_url)
        except Exception, e:
            log.error("Error starting Web Server: %s",
                      str(CTCore.msg_type.ERROR))

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                log.error(" Port " + str(CTCore.PORT) + " is already taken.")
                log.error(
                    " Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server"
                )
                log.error(" Proceeding without starting the web server..." +
                          CTCore.newLine)
            else:
                log.error(str(e))
예제 #8
0
    def start(self, path):
        self.tshark_proc = None
        self.tshark_filename = "tshark.pcap"
        log.debug("In pcap analysis package")
        log.debug("path is "+ path)
        # set default options
        args = {}
        #args["server_off"] = self.options["server_off"] if self.options["server_off"] else False
        args["port"] = 80 #self.options["port"] if self.options["port"] else 80
        args["short_url"] = True #self.options["short_url"] if self.options["short_url"] else True
        args["ungzip"] = True #self.options["ungzip"] if self.options["ungzip"] else True
        #args.report = self.options["report"] if self.options["report"] else 
        
        CTCore.pcap_file = path
        
        log.info("[A] Analyzing PCAP: " + CTCore.pcap_file)

        #start_ws = args["server_off"] # Boolean to start web server
        CTCore.PORT = args["port"] # Web server port
        CTCore.b_use_short_uri = args["short_url"] # Display short URI paths
        CTCore.b_auto_ungzip = args["ungzip"]
        
        #if(args.report is not None):
        #    CTCore.b_auto_ungzip = True
        
        parse_pcap.run(CTCore.pcap_file)

        if not CTCore.conversations:
            log.info("No HTTP conversations were found in PCAP file")
            return
        log.info(CTCore.newLine + "[+] Traffic Activity Time: "),
        try:
            log.info(CTCore.activity_date_time)
        except:
            log.error("Couldn't retrieve time")

        #Update hosts file with all hosts found in pcap
        #add each ip directly accessed in pcap to loopback network card
        ip_pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
        host_domains = CTCore.hosts.keys()
        if host_domains:
            #self.PATHS = Pcap.HOSTS_PATHS
            with open(self.hosts_path, "a+") as hosts_file:
                for host, ip in host_domains:
                    ip = ip.split(":")[0] #remove the port from the ip address
                    netsh_cmd = "netsh interface ip add address \"Local Area Connection 2\" {0} 255.255.255.255".format(ip)
                    proc = Popen(shlex.split(netsh_cmd), stdout=PIPE, stderr=STDOUT)
                    output, err = proc.communicate()
                    if err:
                        log.error(err)
                    host = host.split(":")[0] #remove port from host if it exists
                    host_is_ip = re.match(ip_pattern, host, re.M)
                    if not host_is_ip:
                        hosts_file.write("\n\n127.0.0.1 {0}".format(host))
                
        try:
            CTCore.web_server = server()
            CTCore.web_server.start()
            time.sleep(0.1) # Fixes graphic issues
            CTCore.web_server_turned_on = True
            
            id = 0
            request = CTCore.conversations[id].uri
            host = CTCore.conversations[id].host
            open_url = 'http://127.0.0.1:' + str(CTCore.PORT) + "/" + host + request
            
            #open_url = 'http://' + CTCore.HOST + ":" + str(CTCore.PORT) + request

            #Pcap.PATHS = Pcap.IE_PATHS
            iexplore = self.get_path("Internet Explorer")
            log.info("iexplore: "+iexplore)
            log.info("url: "+open_url)
            return self.execute(iexplore, args=["%s" % open_url])
        except Exception,e:
            log.error("Error starting Web Server: %s", str(CTCore.msg_type.ERROR))

            if str(e).find("Errno 1004") > 0 or str(e).find("Errno 98") > 0:
                log.error(" Port " + str(CTCore.PORT) + " is already taken.")
                log.error(" Change the port using 'CapTipper.py <pcap_file> -p <port=80>' or use '-s' to disable web server")
                log.error(" Proceeding without starting the web server..." + CTCore.newLine)
            else:
                log.error(str(e))