def parse_flow(IP):
styleID = ''.join(choice(string.ascii_lowercase + string.digits) for x in range(randint(8, 12)))
ssize = len(styleID)
p = sub.Popen(['tcpflow', '-T %T--%A-%B', '-cJB', '-r', (os.getenv('PROCDOTPLUGIN_WindumpFilePcap'))], stdout=sub.PIPE, stderr=sub.PIPE)
stdout, stderr = p.communicate()
stdout = stdout.replace('\r\n', '\n')
if IP not in stdout:
e = str("No tcp flows found for ")+IP
open(out, 'ab').write(e)
else:
if os.getenv('PROCDOTPLUGIN_PluginEngineVersion') is not None:
open(out,'ab').write('{{{style-id:default;color:blue;style-id:'+styleID+';color:red}}}')
m = re.findall ( '\x1b\[0;31m(.*?)\x1b\[0m|\x1b\[0;34m(.*?)\x1b\[0m', stdout, re.DOTALL)
m = iter(m)
for b, r in m:
if b == '':
if IP in r:
r = r[56:]
r = re.sub( '[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]','.', r)
if os.stat(out).st_size <= 53 + ssize:
if os.getenv('PROCDOTPLUGIN_PluginEngineVersion') is not None:
open(out,'ab').write('<'+styleID+'>'+r+'</'+styleID+'>')
else:
open(out,'ab').write(r)
else:
if os.getenv('PROCDOTPLUGIN_PluginEngineVersion') is not None:
open(out,'ab').write('\n\n'+'<'+styleID+'>'+r+'</'+styleID+'>')
else:
open(out,'ab').write('\n\n'+r)
else:
if IP in b:
b = b[56:]
match = re.match( '^HTTP.*', b)
try:
if match:
length = 1
num = 0
while length != num:
d = zlib.decompressobj(16+zlib.MAX_WBITS)
output = StringIO.StringIO(b)
status_line = output.readline()
msg = HTTPMessage(output, 0)
isLength = msg.get('Content-Length')
isGZipped = msg.get('content-encoding', '').find('gzip') >= 0
isChunked = msg.get('Transfer-Encoding', '').find('chunked') >= 0
if isGZipped and isChunked:
offset = msg.fp.readline()
body = msg.fp.read()
num = int(offset, 16)
encdata = ''
newdata = ''
encdata =body[:num]
length = len(encdata)
if length != num:
c = next(m)
d, e = c
b = b + d[56:]
else:
newdata = d.decompress(encdata)
header = str(msg)
open(out,'ab').write(status_line)
open(out,'ab').write(header)
open(out,'ab').write('\n')
open(out,'ab').write(newdata)
elif isGZipped:
length = int(isLength)
body = msg.fp.read()
num = len(body)
if length != num:
c = next(m)
d, e = c
if IP in d:
b = b + d[56:]
else:
data = d.decompress(body)
header = str(msg)
open(out,'ab').write(status_line)
open(out,'ab').write(header)
open(out,'ab').write('\n')
open(out,'ab').write(data)
else:
length = 1
num = 1
body = msg.fp.read()
body = re.sub( '[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]','.', body)
header = str(msg)
open(out,'ab').write(status_line)
open(out,'ab').write(header)
open(out,'ab').write('\n')
open(out,'ab').write(body)
else:
b = re.sub( '[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]','.', b)
open(out,'ab').write(b)
except:
open(out,'ab').write('DECOMPRESSION ERROR')
open(out,'ab').write('\n\n')
b = re.sub( '[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]','.', b)
open(out,'ab').write(b)
def parse_flow(IP):
p = sub.Popen(['tcpflow', '-T %T--%A-%B', '-cJB', '-r', (os.getenv('PROCDOTPLUGIN_WindumpFilePcap'))], stdout=sub.PIPE, stderr=sub.PIPE)
stdout, stderr = p.communicate()
stdout = stdout.replace('\r\n', '\n')
if IP not in stdout:
e = str("No tcp flows found for ")+IP
open(out, 'ab').write(e)
else:
m = re.findall ( '\x1b\[0;3[1|4]m(.*?)\x1b\[0m', stdout, re.DOTALL)
m = iter(m)
for line in m:
if IP in line:
line = line[56:]
match = re.match( '^HTTP.*', line)
try:
if match:
length = 1
num = 0
while length != num:
d = zlib.decompressobj(16+zlib.MAX_WBITS)
output = StringIO.StringIO(line)
status_line = output.readline()
msg = HTTPMessage(output, 0)
isGZipped = msg.get('content-encoding', '').find('gzip') >= 0
isChunked = msg.get('Transfer-Encoding', '').find('chunked') >= 0
if isGZipped and isChunked:
offset = msg.fp.readline()
body = msg.fp.read()
num = int(offset, 16)
encdata = ''
newdata = ''
encdata =body[:num]
length = len(encdata)
if length != num:
line = line + next(m)[56:]
else:
newdata = d.decompress(encdata)
header = str(msg)
open(out,'ab').write(status_line)
open(out,'ab').write(header)
open(out,'ab').write('\n')
open(out,'ab').write(newdata)
elif isGZipped:
length = 1
num = 1
body = msg.fp.read()
data = d.decompress(body)
header = str(msg)
open(out,'ab').write(status_line)
open(out,'ab').write(header)
open(out,'ab').write('\n')
open(out,'ab').write(data)
else:
break
else:
line = re.sub( '[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]','.', line)
open(out,'ab').write(line)
except:
open(out,'ab').write('DECOMPRESSION ERROR')
open(out,'ab').write('\n\n')
open(out,'ab').write(line)
def parse_flow(IP):
p = sub.Popen([
'tcpflow', '-T %T--%A-%B', '-cJB', '-r',
(os.getenv('PROCDOTPLUGIN_WindumpFilePcap'))
],
stdout=sub.PIPE,
stderr=sub.PIPE)
stdout, stderr = p.communicate()
stdout = stdout.replace('\r\n', '\n')
if IP not in stdout:
e = str("No tcp flows found for ") + IP
open(out, 'ab').write(e)
else:
m = re.findall('\x1b\[0;3[1|4]m(.*?)\x1b\[0m', stdout, re.DOTALL)
m = iter(m)
for line in m:
if IP in line:
line = line[56:]
match = re.match('^HTTP.*', line)
try:
if match:
length = 1
num = 0
while length != num:
d = zlib.decompressobj(16 + zlib.MAX_WBITS)
output = StringIO.StringIO(line)
status_line = output.readline()
msg = HTTPMessage(output, 0)
isGZipped = msg.get('content-encoding',
'').find('gzip') >= 0
isChunked = msg.get('Transfer-Encoding',
'').find('chunked') >= 0
if isGZipped and isChunked:
offset = msg.fp.readline()
body = msg.fp.read()
num = int(offset, 16)
encdata = ''
newdata = ''
encdata = body[:num]
length = len(encdata)
if length != num:
line = line + next(m)[56:]
else:
newdata = d.decompress(encdata)
header = str(msg)
open(out, 'ab').write(status_line)
open(out, 'ab').write(header)
open(out, 'ab').write('\n')
open(out, 'ab').write(newdata)
elif isGZipped:
length = 1
num = 1
body = msg.fp.read()
data = d.decompress(body)
header = str(msg)
open(out, 'ab').write(status_line)
open(out, 'ab').write(header)
open(out, 'ab').write('\n')
open(out, 'ab').write(data)
else:
length = 1
num = 1
body = msg.fp.read()
body = re.sub(
'[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]',
'.', body)
header = str(msg)
open(out, 'ab').write(status_line)
open(out, 'ab').write(header)
open(out, 'ab').write('\n')
open(out, 'ab').write(body)
else:
line = re.sub(
'[^!\"#\$%&\'\(\)\*\+,-\./0-9:;<=>\?@A-Z\[\]\^_`a-z\{\|\}\\\~\t\n\r ]',
'.', line)
open(out, 'ab').write(line)
except:
open(out, 'ab').write('DECOMPRESSION ERROR')
open(out, 'ab').write('\n\n')
open(out, 'ab').write(line)
