def search_keyword(self, l, r, payload, packet_id): if l + 1 == r: return l, 1 if l < r: mid = (l + r) / 2 payload_left_modified = randomize(payload, l, mid) self.sock.send(payload_left_modified) hash_value_left = hash_int(payload_modified) payload_right_modified = randomize(payload, mid + 1, r) self.sock.send(payload_right_modified) hash_value_right = hash_int(payload_right_modified) #Divide into 2 sepearate branches if self.server_checker(packet_id, hash_value_left) == False: #Never go through middle box,means payload left contains keyword lkeyword_start, lkeyword_len_ = self.search_keyword( l, mid, payload, packet_id) else: lkeyword_start, lkeyword_len = [l], [0] if self.search_keyword(packet_id, hash_value_right) == False: #Means payload right contains keyword rkeyword_start, rkeyword_len = self.search_keyword( mid + 1, r, payload, packet_id) else: rkeyword_start, rkeyword_len = [mid + 1], [0] #Merge 2 seperate branches keyword_start = [] keyword_end = [] for i in range(len(lkeyword_start)): if lkeyword_len[i] != 0: keyword_start.append(lkeyword_start[i]) keyword_end.append(lkeyword_len[i] + lkeyword_start[i]) for i in range(len(rkeyword_start)): if rkeyword_len[i] != 0: keyword_start.append(rkeyword_start[i]) keyword_end.append(rkeyword_len[i] + rkeyword_start[i]) i = 0 while True: if i >= len(keyword_start): break if (i + 1) < len(keyword_start ) and keyword_end[i] == keyword_start[i + 1]: tmp = keyword_end[i + 1] keyword_start.remove(keyword_start[i + 1]) keyword_end.remove(tmp) keyword_end[i] = tmp else: i = i + 1 for i in range(0, len(keyword_start)): keyword_end[i] = keyword_end[i] - keyword_start[i] return keyword_start, keyword_end
def send_thread(self): while True: if self.current_packet_id + 1 in self.server_packets_id: payload = self.stream['payload'][self.current_packet_id+1-1] self.sock.send(payload) self.current_packet_id +=1 print('send {packet_id:%d,hash:%d}'%(self.current_packet_id,hash_int(payload))) time.sleep(0.02)
def __init__(self, pcapname, pcap_client_ip): #pcap_client_ip 是抓取的原始pcap里面,主动向外发起请求的ip 地址,这个一般就是客户端IP #重放的数据流 self.stream = python_lib.extractStream(pcapname, pcap_client_ip) self.client_packets_id = set() #客户端需要发送的数据包的id号 self.server_packets_id = set() #服务端需要发送的数据的id号 self.server_payload_hash_to_id = {} self.client_payload_hash_to_id = {} self.payload_hash_to_id = {} for each in self.stream['c2s']: hash_value = hash_int(each['payload']) self.client_payload_hash_to_id[hash_value] = each['id'] self.payload_hash_to_id[hash_value] = each['id'] self.client_packets_id.add(each['id']) for each in self.stream['s2c']: hash_value = hash_int(each['payload']) self.server_payload_hash_to_id[hash_value] = each['id'] self.payload_hash_to_id[hash_value] = each['id'] self.server_packets_id.add(each['id'])
def recv_thread(self): while True: data = self.sock.recv(4096) if data: hash_value = hash_int(data) packet_id = self.payload_hash_to_id.get(hash_value,-1) print('recv {id:%d,hash:%d}'%(packet_id,hash_value)) if packet_id > 0: self.current_packet_id = packet_id self.recv_db.insert({'packet_id':packet_id,'hash_value':hash_value}) else: self.sock.close() break
def recv_thread(self): index = 0 while True: data = self.sock.recv(len(self.stream['s2c'][index]['payload'])) if data: #收到了重放的响应数据包 hash_value = hash_int(data) packet_id = self.server_payload_hash_to_id.get(hash_value, 0) if packet_id > 0: self.recv_set.add(packet_id) print('recv: {id:%d,hash:%d}' % (packet_id, hash_value)) index += 1 else: self.sock.close() break
def replay(self, replay_port=None): if replay_port == None: port = self.replay_server_start_port self.sock = SOCKET(proto=self.stream['c2s'][0]['proto'], role='client', ip=self.replay_server_ip, port=port) self.current_bidirection_packet_id = 1 #目前双向通信的 packet id self.current_single_curse_packet_id = 0 self.thread = Thread(target=self.recv_thread) self.thread.start() while self.current_single_curse_packet_id < len(self.stream['c2s']): payload = copy.deepcopy(self.stream['c2s'][ self.current_single_curse_packet_id]['payload']) self.sock.send(payload) #检查是否服务端是否收到数据包 hash_value = hash_int(payload) packet_id = self.payload_hash_to_id.get(hash_value, 0) if self.server_checker(packet_id, hash_value) == True: #原始数据包就可以直接通过,那么处理下一个client端的数据包 while (packet_id + 1) in self.server_packets_id and ( packet_id + 1) not in self.recv_set: time.sleep(0.05) print('wait for next packet from server...') else: #原始数据包被拦截 keyword_start, keyword_len = self.search_keyword( 0, len(payload), payload, packet_id) for i in range(len(keyword_start)): keyword = { "start": keyword_start[i], "len": keyword_len[i], "packet_id": packet_id, "content": payload[keyword_start:(keyword_start + keyword_len)] } self.keyword.add(keyword) self.keyword_db.insert(keyword) self.current_single_curse_packet_id += 1 self.thread.join() self.sock.close()