예제 #1
0
	def handleIncomingData(self, data, lower=None):
		"""
		Called on incoming data
		
		@param data: tcp data received
		@type data: string
		
		@param lower: template tcp data received
		@type lower: templatemessage
		"""
		if lower is not None:
			layer_app = lower.get('SSH')
			app_data = layer_app.get('data')
			self.buf += app_data
		try:
			self.privateAppendFile(destname="ssh_dump", data=data)
			decoded_msgs, left = self.codec.decode(data=self.buf, delimiter = self.delimiter)
			self.buf = left
			for d in decoded_msgs:
				summary = d.replace("\r","")
				new_tpl = self.encapsule(ip_event=AdapterIP.received(), ssh_event=templates.data_received(data=summary))
				new_tpl.addRaw(summary)
				self.logRecvEvent( shortEvt = "ssh", tplEvt = new_tpl ) 

		except Exception as e:
			self.error('Error while waiting on incoming data: %s' % str(e))
			self.info("buffer = " + self.buf)
    def onInactivityTimeout(self):
        """
		"""
        tpl = TestTemplatesLib.TemplateMessage()
        tpl.addLayer(layer=AdapterIP.ip(more=AdapterIP.received()))
        tpl.addLayer(layer=templates.udp(more=templates.received()))
        self.onInactivity(lower=tpl)
	def onStartListeningFailed(self, e):
		"""
		"""
		self.debug( e )
		# log event
		tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.listening_failed() )
		self.logRecvEvent( shortEvt = "listening failed", tplEvt = tpl )
	def onStopListening(self):
		"""
		"""
		self.debug( 'on stop listening called' )	
		
		# log event
		tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.stopped() )
		self.logRecvEvent( shortEvt = "stopped", tplEvt = tpl )
예제 #5
0
	def onIncomingData(self, data=None, noMoreData=False):
		"""
		On incoming data
		"""
		try:
			if noMoreData:
				lower = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.data_received() )
				self.handleNoMoreData(lower=lower)
			else:
				lower = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.data_received(data=data) )
				
				# log event 	
				if self.logEventReceived:	
					lower.addRaw(raw=data)		
					self.logRecvEvent( shortEvt = 'data', tplEvt = lower )	
					
				# handle data
				self.handleIncomingData( data, lower=lower )
		except Exception as e:
			self.error( "on incoming ssh data: %s" % e )
	def onStartListening(self):
		"""
		"""
		self.debug( 'on start listening called' )
		
		if self.cfg['agent-support']:
			self.islistening = True
			
		# log event
		tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.listening() )
		self.logRecvEvent( shortEvt = "listening", tplEvt = tpl )
	def onSocketError(self, e):
		"""
		"""
		self.error( "generic error: %s" % str(e) )
		
		# log event
		tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.generic_error() )
		self.logRecvEvent( shortEvt = "error", tplEvt = tpl )
		
		# clean the socket
		self.cleanSocket()
예제 #8
0
	def encapsule(self, ip_event, ssh_event):
		"""
		encapsule template
		"""
		# prepare layers
		# ip 
		src = self.sourceIp
		dst = self.cfg['dst-ip']
		srcP = self.sourcePort
		dstP = self.cfg['dst-port']
		if ip_event == AdapterIP.received():
			src = self.cfg['dst-ip']
			dst = self.sourceIp
			srcP = self.cfg['dst-port']
			dstP = self.sourcePort
		layer_ip = AdapterIP.ip( source=src, destination=dst, version=self.cfg['sock-family'], more=ip_event ) 
		
		# tcp
		if ip_event == AdapterIP.received():
			moreTcp = AdapterTCP.received()
		else:
			moreTcp = AdapterTCP.sent()
		layer_tcp = AdapterTCP.tcp(source=srcP, destination=dstP, more=moreTcp)
		
		# ssh 
		layer_ssh = templates.ssh()
		layer_ssh.addMore(more=ssh_event)
		
		# prepare template
		if self.cfg['agent-support']:
			layer_agent= TestTemplatesLib.TemplateLayer('AGENT')
			layer_agent.addKey(name='name', data=self.cfg['agent']['name'] )
			layer_agent.addKey(name='type', data=self.cfg['agent']['type'] )
		
		tpl = TestTemplatesLib.TemplateMessage()
		if self.cfg['agent-support']:
			tpl.addLayer(layer=layer_agent)
		tpl.addLayer(layer=layer_ip)
		tpl.addLayer(layer=layer_tcp)
		tpl.addLayer(layer=layer_ssh)
		return tpl
예제 #9
0
	def onDisconnectionByPeer(self, e):
		"""
		On disconnection by peer
		"""
		self.debug("disconnected by the server: %s" % str(e) )
		
		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.disconnected_by_server() )
			self.logRecvEvent( shortEvt = "disconnected by peer", tplEvt = tpl )
			
		self.cleanSocket()
예제 #10
0
	def onSocketError(self, e):
		"""
		On socket error
		"""
		self.error( "socket error: %s" % str(e) )
		
		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.generic_error() )
			self.logRecvEvent( shortEvt = "error", tplEvt = tpl )
		
		self.cleanSocket()
예제 #11
0
	def onConnectionFailed(self, errno, errstr):
		"""
		On connection failed
		"""
		self.debug( "connection failed" )
		
		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connection_failed(errno=str(errno), errstr=errstr) )
			self.logRecvEvent( shortEvt = "connection failed", tplEvt = tpl )
		
		self.cleanSocket()
예제 #12
0
	def onConnection(self):
		"""
		On connection
		"""
		self.debug( "connected" )

		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connected() )
			self.logRecvEvent( shortEvt = "connected", tplEvt = tpl )

		# start ssh negotation
		self.negotiation()
예제 #13
0
	def onConnectionTimeout(self, e):
		"""
		On connection timeout
		"""
		self.__setSource()
		self.debug( "connection timeout: %s" % str(e) )
		
		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connection_timeout() )
			self.logRecvEvent( shortEvt = "connection timeout", tplEvt = tpl )
		
		self.cleanSocket()
예제 #14
0
	def onConnectionRefused(self):
		"""
		On connection refused
		"""
		self.__setSource()	
		self.debug( "connection refused" )
		
		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.connection_refused() )
			self.logRecvEvent( shortEvt = "connection refused", tplEvt = tpl )
		
		self.cleanSocket()
	def onIncomingData(self, data=None, fromAddr=None):
		"""
		"""
		try:
			ip, port = fromAddr
			# separator feature is disabled
			if data is not None: 
				# log event
				data_size = len(data)
				if self.logEventReceived:
					tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received(data=data, data_length=str(data_size)), src_ip=ip, src_port=port )
				else:
					tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received(data_length=str(data_size)), src_ip=ip, src_port=port )
				if self.logEventReceived:
					tpl.addRaw(raw=data)
					self.logRecvEvent( shortEvt = "data", tplEvt = tpl )
				
				# handle data
				self.handleIncomingData( data, lower=tpl )
			# separator feature is enabled, split the buffer by the separator
			else: 
				datas = self.buf[fromAddr].split(self.cfg['sep-in'])
				for data in datas[:-1]:
					pdu = data+self.cfg['sep-in']
					# log event
					pdu_size = len(data)
					if self.logEventReceived:
						tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received( data=pdu, data_length=str(pdu_size) ), src_ip=ip, src_port=port )
					else:
						tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received( data_length=str(pdu_size) ), src_ip=ip, src_port=port )
					if self.logEventReceived:
						tpl.addRaw(raw=pdu)
						self.logRecvEvent( shortEvt = "data reassembled", tplEvt = tpl )
					# handle data
					self.handleIncomingData( pdu, lower=tpl)
				self.buf[fromAddr] = datas[-1]
		except Exception as e:
			self.error( str(e) )
예제 #16
0
	def onDisconnection(self):
		"""
		On disconnection
		"""
		self.channelOpened = False
		self.connected = False
		self.debug( "disconnected" )

		# log event
		if self.logEventReceived:
			tpl = self.encapsule( ip_event=AdapterIP.received(), ssh_event=templates.disconnected() )
			self.logRecvEvent( shortEvt = "disconnected", tplEvt = tpl )

		self.unsetRunning()
		self.sshChannel = None
예제 #17
0
    def onClientIncomingData(self, clientAddress, data=None):
        """
		"""

        try:
            ip, port = clientAddress
            id = self.clients[clientAddress]['id']
            # separator feature is disabled
            if data is not None:
                # log event
                data_size = len(data)
                if self.logEventReceived:
                    tpl = self.encapsule(ip_event=AdapterIP.received(),
                                         udp_event=templates.received(
                                             data=data,
                                             data_length=str(data_size),
                                             id=id),
                                         src_ip=ip,
                                         src_port=port)
                else:
                    tpl = self.encapsule(ip_event=AdapterIP.received(),
                                         udp_event=templates.received(
                                             data_length=str(data_size),
                                             id=id),
                                         src_ip=ip,
                                         src_port=port)
                if self.logEventReceived:
                    tpl.addRaw(raw=data)
                    self.logRecvEvent(shortEvt="client #%s data" %
                                      self.clients[clientAddress]['id'],
                                      tplEvt=tpl)

                # handle data
                self.handleIncomingData(clientAddress=clientAddress,
                                        data=data,
                                        lower=tpl)
            # separator feature is enabled, split the buffer by the separator
            else:
                datas = self.clients[clientAddress]['buffer'].split(
                    self.cfg['sep-in'])
                for data in datas[:-1]:
                    pdu = data + self.cfg['sep-in']
                    # log event
                    pdu_size = len(data)
                    if self.logEventReceived:
                        tpl = self.encapsule(ip_event=AdapterIP.received(),
                                             udp_event=templates.received(
                                                 data=pdu,
                                                 data_length=str(pdu_size),
                                                 id=id),
                                             src_ip=ip,
                                             src_port=port)
                    else:
                        tpl = self.encapsule(ip_event=AdapterIP.received(),
                                             udp_event=templates.received(
                                                 data_length=str(pdu_size),
                                                 id=id),
                                             src_ip=ip,
                                             src_port=port)
                    if self.logEventReceived:
                        tpl.addRaw(raw=pdu)
                        self.logRecvEvent(
                            shortEvt="client #%s data reassembled" % id,
                            tplEvt=tpl)
                    # handle data
                    self.handleIncomingData(clientAddress=clientAddress,
                                            data=pdu,
                                            lower=tpl)
                self.clients[clientAddress]['buffer'] = datas[-1]
        except Exception as e:
            self.error(str(e))
	def onInactivityTimeout(self):
		"""
		"""
		tpl = self.encapsule( ip_event=AdapterIP.received(), udp_event=templates.received(), 
						src_ip=self.cfg['dst-ip'], src_port=self.cfg['dst-port'] )
		self.onInactivity(lower=tpl)
    def onReceiving(self, data, fromAddr, toAddr, lower):
        """
		Function to overwrite
		Called on incoming data

		@param data: data received
		@type data: string
		
		@param lower: template data received
		@type lower: templatemessage
		"""
        # extract transport info
        self.lastActivity = time.time()
        srcIp, srcPort = fromAddr
        dstIp, dstPort = toAddr

        # the separator feature is disabled, to nothing
        if self.cfg['sep-disabled']:
            try:
                self.handleIncomingData(data=data, lower=lower)
            except Exception as e:
                self.error(
                    "on handle incoming udp data, upper layer problem: %s" %
                    str(e))
        else:
            # bufferize data
            if self.buf.has_key(fromAddr):
                self.buf[fromAddr] = ''.join([self.buf[fromAddr], data])
            else:
                self.buf[fromAddr] = data

            # split data with the separator
            datas = self.buf[fromAddr].split(self.cfg['sep-in'])
            for d in datas[:-1]:
                udp_data = d + self.cfg['sep-in']
                udp_data_size = len(udp_data)

                # construct high template and log it
                tpl = TestTemplatesLib.TemplateMessage()
                tpl.addLayer(
                    layer=AdapterIP.ip(source=srcIp,
                                       destination=dstIp,
                                       more=AdapterIP.received(),
                                       version=self.cfg['ip-version']))
                if self.logEventReceived:
                    udp_layer = templates.udp(
                        source=srcPort,
                        destination=dstPort,
                        more=templates.received(
                            data=udp_data, data_length=str(udp_data_size)))
                else:
                    udp_layer = templates.udp(
                        source=srcPort,
                        destination=dstPort,
                        more=templates.received(
                            data_length=str(udp_data_size)))
                tpl.addLayer(layer=udp_layer)

                if self.logEventReceived:
                    tpl.addRaw(raw=udp_data)
                    self.logRecvEvent(shortEvt='data reassembled', tplEvt=tpl)

                # handle data
                self.handleIncomingData(udp_data, lower=tpl)
            self.buf[fromAddr] = datas[-1]