def subfile(self, filePath): # hachoir-subfile is a tool based on hachoir-parser to find subfiles in any binary stream. # Website: http://bitbucket.org/haypo/hachoir/wiki/hachoir-subfile # bypass sys.stdout, sys.stderr oldStdOut = sys.stdout oldStdErr = sys.stderr outputStdErr = StringIO.StringIO() outputStdOut = StringIO.StringIO() sys.stdout = outputStdOut sys.stderr = outputStdErr stream = FileInputStream(unicodeFilename(filePath), real_filename=filePath) # Search for subfiles subfile = SearchSubfile(stream, 0, None) subfile.loadParsers(categories=None, parser_ids=None) subfile.main() # sys.stdout, sys.stderr reset sys.stdout = oldStdOut sys.stderr = oldStdErr # parse stdout, stderr from SearchSubfile return self.parse(outputStdOut.getvalue(), outputStdErr.getvalue())
def save_response_binaries(self, path, hash_value): try: flow = Flow.objects.get(hash_value=hash_value) flow_details = flow.details for detail in flow_details: # create the orig file ex: contents_192.168.1.5:42825-62.212.84.227:80_resp.dat source_str = ":".join([detail.src_ip, str(detail.sport)]) destination_str = ":".join([detail.dst_ip, str(detail.dport)]) flow_str = "-".join([source_str, destination_str]) resp_file = "_".join(["contents", flow_str,"resp.dat"]) file_path = "/".join([path, resp_file]) file_path = str(file_path) try: stream = FileInputStream(unicodeFilename(file_path), real_filename=file_path) except NullStreamError: continue subfile = SearchSubfile(stream, 0, None) subfile.loadParsers() root = "/".join([path, "html-files"]) if not os.path.exists(root): os.makedirs(root) output = "/".join([root, flow_str]) output = str(output) if not os.path.exists(output): os.mkdir(output) subfile.setOutput(output) ok = subfile.main() # save the files info at the db also return True except Exception, ex: return False