class DNSSOARR(DNSRR): name = "DNS SOA Resource Record" show_indent = 0 fields_desc = [ DNSStrField("rrname", ""), ShortEnumField("type", 1, dnstypes), ShortEnumField("rclass", 1, dnsclasses), IntField("ttl", 0), ShortField("rdlen", 0), StrField("mname", ""), StrField("rname", ""), IntField("serial", 0), IntField("refresh", 0), IntField("retry", 0), IntField("expire", 0), IntField("minimum", 0) ]
class CustomTLV(Packet): """ Custom TLV protocol layer for scapy """ fields_desc = [ ShortField("type", 0), ShortField("length", 4), StrField("value", "") ]
class HTTPresponse(Packet): name = "HTTP Response" fields_desc = [ StrField("StatusLine", None, fmt="H"), StrField("AcceptRanges", None, fmt="H"), StrField("Age", None, fmt="H"), StrField("ETag", None, fmt="H"), StrField("Location", None, fmt="H"), StrField("ProxyAuthenticate", None, fmt="H"), StrField("RetryAfter", None, fmt="H"), StrField("Server", None, fmt="H"), StrField("Vary", None, fmt="H"), StrField("WWWAuthenticate", None, fmt="H") ] def do_dissect(self, s): fields_rfc = [ "Status-Line", "Accept-Ranges", "Age", "ETag", "Location", "Proxy-Authenticate", "Retry-After", "Server", "Vary", "WWW-Authenticate" ] a = s.split("\r\n") obj = self.fields_desc[:] obj.reverse() fields_rfc.reverse() while obj: f = obj.pop() g = fields_rfc.pop() for x in a: if (g == "Status-Line"): prog = re.compile( "^HTTP/((0\.9)|(1\.0)|(1\.1))\ [0-9]{3}.*") else: prog = re.compile(g + ":", re.IGNORECASE) result = prog.search(x) if result: self.setfieldval(f.name, x + '\r\n') a.remove(x) return '\r\n' + "".join(a)
class SigfoxUplinkPCAP(Packet): name = "SigfoxPacket " fields_desc = [StrField("Frame", "")]
class OpenFlowBody_v1_3(Packet): """ OpenFlow Packet v1.3 """ name = 'OpenFlowBody_v1_3' fields_desc = [ # Header ByteEnumField('Type', None, ofp_v1_3_message_type), ShortField('Length', None), IntField('ID', None), # Error message body ConditionalField(ShortField('ErrorType', None), lambda pkt: pkt.Type == 1), ConditionalField(ShortField('ErrorCode', None), lambda pkt: pkt.Type == 1), # Echo Request / Echo Reply message body ConditionalField(StrField('Data', None), lambda pkt: pkt.Type in [1, 2, 3]), # Vendor message body #ConditionalField(IntField('VendorID', None), lambda pkt: pkt.Type == 4), # type ???? # Experimenter ConditionalField(XIntField('ExperimenterID', None), lambda pkt: pkt.Type == 4), ConditionalField(IntField('ExperimenterType', None), lambda pkt: pkt.Type == 4), # Features Reply message body ConditionalField(XLongField('DatapathID', None), lambda pkt: pkt.Type == 6), ConditionalField(IntField('MaxBuffers', None), lambda pkt: pkt.Type == 6), ConditionalField(ByteField('MaxTables', None), lambda pkt: pkt.Type == 6), ConditionalField(ByteField('AuxiliaryID', None), lambda pkt: pkt.Type == 6), ConditionalField(XByteField('FeaturesReplyPad', None), lambda pkt: pkt.Type == 6), ConditionalField(XIntField('Capabilities', None), lambda pkt: pkt.Type == 6), ConditionalField(IntField('FeaturesReplyReserved', None), lambda pkt: pkt.Type == 6), # Set Config message body ConditionalField(XShortField('SwitchConfigurationFlags', None), lambda pkt: pkt.Type == 9), ConditionalField(ShortField('MissSendLength', None), lambda pkt: pkt.Type == 9), # Packet Input Notification message body ConditionalField( IntField('PacketInputNotificationPacketBufferID', None), lambda pkt: pkt.Type == 10), ConditionalField(ShortField('EthernetFrameLength', None), lambda pkt: pkt.Type == 10), ConditionalField(ByteField('PacketInputNotificationReason', None), lambda pkt: pkt.Type == 10), ConditionalField(ByteField('PacketInputNotificationTableID', None), lambda pkt: pkt.Type == 10), ConditionalField(XLongField('PacketInputNotificationCookie', None), lambda pkt: pkt.Type == 10), # Flow Removed Notification message body ConditionalField(XLongField('FlowRemovedNotificationCookie', None), lambda pkt: pkt.Type == 11), ConditionalField(ShortField('FlowRemovedNotificationPriority', None), lambda pkt: pkt.Type == 11), ConditionalField(ByteField('FlowRemovedNotificationReason', None), lambda pkt: pkt.Type == 11), ConditionalField(ByteField('FlowRemovedNotificationTableID', None), lambda pkt: pkt.Type == 11), ConditionalField(IntField('Duration_sec', None), lambda pkt: pkt.Type == 11), ConditionalField(IntField('Duration_nsec', None), lambda pkt: pkt.Type == 11), ConditionalField( ShortField('FlowRemovedNotificationIdleTimeout', None), lambda pkt: pkt.Type == 11), ConditionalField(ShortField('HardTimeout', None), lambda pkt: pkt.Type == 11), ConditionalField(LongField('NumberOfPacketsTransferred', None), lambda pkt: pkt.Type == 11), ConditionalField(LongField('NumberOfOctetsTransferred', None), lambda pkt: pkt.Type == 11), # Port Status Notification message body ConditionalField(ByteField('PortStatusNotificationReason', None), lambda pkt: pkt.Type == 12), ConditionalField(XByteField('PortStatusNotificationPad', None), lambda pkt: pkt.Type == 12), ConditionalField( _PacketField('PortStatusNotification<PortDescriptors>', None, PortDescriptorField_v1_3, 39), lambda pkt: pkt.Type == 12), # Packet Output message body ConditionalField(IntField('PacketOutputPacketBufferID', None), lambda pkt: pkt.Type == 13), ConditionalField(IntField('PacketOutputIngress<PortNumber>', None), lambda pkt: pkt.Type == 13), ConditionalField(ShortField('LengthOfActionDescriptors', None), lambda pkt: pkt.Type == 13), ConditionalField(XByteField('PacketOutputPad', None), lambda pkt: pkt.Type == 13), ConditionalField( _PacketField('PacketOutput<ActionDescriptors>', None, ActionDescriptorField_v1_3, 5), lambda pkt: pkt.Type == 13), # Flow Modification message body ConditionalField(LongField('FlowModificationCookie', None), lambda pkt: pkt.Type == 14), ConditionalField(XLongField('FlowModificationCookieMask', None), lambda pkt: pkt.Type == 14), ConditionalField(ByteField('FlowModificationTableID', None), lambda pkt: pkt.Type == 14), ConditionalField(ByteField('FlowModificationCommand', None), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('FlowModificationIdleTimeout', None), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('FlowModificationHardTimeout', None), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('FlowModificationPriority', None), lambda pkt: pkt.Type == 14), ConditionalField(IntField('FlowModificationPacketBufferID', None), lambda pkt: pkt.Type == 14), ConditionalField(IntField('FlowModificationOutputPort', None), lambda pkt: pkt.Type == 14), ConditionalField(IntField('FlowModificationOutputGroup', None), lambda pkt: pkt.Type == 14), ConditionalField(XShortField('FlowModificationFlags', None), lambda pkt: pkt.Type == 14), ConditionalField(XByteField('FlowModificationPad', None), lambda pkt: pkt.Type == 14), # Group Modification message body ConditionalField(ShortField('GroupModificationCommand', None), lambda pkt: pkt.Type == 15), ConditionalField(ByteField('GroupModificationType', None), lambda pkt: pkt.Type == 15), ConditionalField(ByteField('GroupModificationPad', None), lambda pkt: pkt.Type == 15), ConditionalField(IntField('GroupModificationGroupID', None), lambda pkt: pkt.Type == 15), ConditionalField( _PacketField('GroupModificationBucket', None, OpenFlowBucket_v1_3, 18), lambda pkt: pkt.Type == 15), # Port Modification message body ConditionalField(ShortField('PortModification<PortNumber>', None), lambda pkt: pkt.Type == 16), ConditionalField(XByteField('PortModificationPad', None), lambda pkt: pkt.Type == 16), ConditionalField(MACField('PortModificationEthernetAddress', None), lambda pkt: pkt.Type == 16), ConditionalField(XByteField('PortModificationPad2', None), lambda pkt: pkt.Type == 16), ConditionalField(XIntField('<PortConfigurationFlags>', None), lambda pkt: pkt.Type == 16), ConditionalField(XIntField('<PortConfigurationFlags>Mask', None), lambda pkt: pkt.Type == 16), ConditionalField(XIntField('<PortConfigurationFlags>Advertise', None), lambda pkt: pkt.Type == 16), ConditionalField(XByteField('PortModificationPad3', None), lambda pkt: pkt.Type == 16), # Table Modification message body ConditionalField(ByteField('TableModificationTableID', None), lambda pkt: pkt.Type == 17), ConditionalField(XByteField('TableModificationPad', None), lambda pkt: pkt.Type == 17), ConditionalField(XIntField('TableModificationConfiguration', None), lambda pkt: pkt.Type == 17), # Multipart Request / Multipart Reply message body ConditionalField(ShortField('MultipartType', None), lambda pkt: pkt.Type in [18, 19]), ConditionalField(XShortField('MultipartFlags', None), lambda pkt: pkt.Type in [18, 19]), ConditionalField(XByteField('MultipartPad', None), lambda pkt: pkt.Type in [18, 19]), ConditionalField(ByteField('MultipartBody', None), lambda pkt: pkt.Type in [18, 19]), # Barrier Reply message body ConditionalField(IntField('BarrierReplyID', None), lambda pkt: pkt.Type == 21), # Queue Get Config Request / Queue Get Config Reply message body ConditionalField(IntField('QueueGetConfigRequestPort', None), lambda pkt: pkt.Type in [22, 23]), ConditionalField(ByteField('QueueGetConfigRequestPad', None), lambda pkt: pkt.Type in [22, 23]), ConditionalField( _PacketField('OpenFlowPacketQueue', None, OpenFlowPacketQueue_v1_3, 16), lambda pkt: pkt.Type == 23), # Role Request / Role Reply message body ConditionalField(IntField('RoleRequestRole', None), lambda pkt: pkt.Type in [24, 25]), ConditionalField(ByteField('RoleRequestPad', None), lambda pkt: pkt.Type in [24, 25]), ConditionalField(LongField('RoleRequestGenerationID', None), lambda pkt: pkt.Type in [24, 25]), # Get Async Reply / Set Async messages body ConditionalField(XIntField('GetAsyncReplyPacketInMask', None), lambda pkt: pkt.Type in [27, 28]), ConditionalField(XIntField('GetAsyncReplyPortStatusMask', None), lambda pkt: pkt.Type in [27, 28]), ConditionalField(XIntField('GetAsyncReplyFlowRemovedMask', None), lambda pkt: pkt.Type in [27, 28]), # Meter Modification message body ConditionalField(ShortField('MeterModificationCommand', None), lambda pkt: pkt.Type == 29), ConditionalField(XShortField('MeterModificationFlags', None), lambda pkt: pkt.Type == 29), ConditionalField(IntField('MeterModificationMeterID', None), lambda pkt: pkt.Type == 29), ConditionalField( _PacketField('MeterModificationMeterBand', None, OpenFlowMeterBand_v1_3, 12), lambda pkt: pkt.Type == 29), StrField('Payload', None), ]
def __init__(self, name, default, cls, length=None): StrField.__init__(self, name, default) self.cls = cls if length is not None: self.length_from = lambda pkt, length=length: length
class OpenFlowBody_v1_0(Packet): """ OpenFlow Packet v1.0 """ name = 'OpenFlowBody_v1_0' fields_desc = [ # Header ByteEnumField('Type', None, ofp_v1_0_message_type), ShortField('Length', None), IntField('ID', None), # Error message body ConditionalField(ShortField('ErrorType', None), lambda pkt: pkt.Type == 1), ConditionalField(ShortField('ErrorCode', None), lambda pkt: pkt.Type == 1), # Echo Request / Echo Reply message body ConditionalField(StrField('Data', None), lambda pkt: pkt.Type in [2, 3]), # Vendor message body ConditionalField(IntField('VendorID', None), lambda pkt: pkt.Type == 4), # Features Reply message body ConditionalField(XLongField('DatapathID', None), lambda pkt: pkt.Type == 6), ConditionalField(IntField('AvailableNumberOfPacketsCanBeHeld', None), lambda pkt: pkt.Type == 6), ConditionalField(ByteField('NumberOfFlowTabs', None), lambda pkt: pkt.Type == 6), ConditionalField(X3BytesField('FeaturesReplyReserved', None), lambda pkt: pkt.Type == 6), ConditionalField(XIntField('<SwitchCapabilityFlags>', None), lambda pkt: pkt.Type == 6), ConditionalField(XIntField('ActionCapabilityFlags', None), lambda pkt: pkt.Type == 6), ConditionalField( _PacketField('FeaturesReply<PortDescriptors>', None, PortDescriptorField_v1_0, 48), lambda pkt: pkt.Type == 6), # Get Config Reply / Set Config message body ConditionalField(XShortField('SwitchConfigurationFlags', None), lambda pkt: pkt.Type in [8, 9]), ConditionalField(ShortField('MissSendLength', None), lambda pkt: pkt.Type in [8, 9]), # Packet Input Notification message body ConditionalField( IntField('PacketInputNotificationPacketBufferID', None), lambda pkt: pkt.Type == 10), ConditionalField(ShortField('EthernetFrameLength', None), lambda pkt: pkt.Type == 10), ConditionalField( ShortField('PacketInputNotificationIngresss<PortNumber>', None), lambda pkt: pkt.Type == 10), ConditionalField(ByteField('PacketInputNotificationReason', None), lambda pkt: pkt.Type == 10), ConditionalField(XByteField('PacketInputNotificationReserved', None), lambda pkt: pkt.Type == 10), ConditionalField( StrLenField('EthenretFrame', None, length_from=lambda pkt: pkt.EthernetFrameLength), lambda pkt: pkt.Type == 10), # Flow Removed Notification message body ConditionalField( _PacketField('FlowRemovedNotification<FlowMatchDescriptor>', None, FlowMatchDescriptorField_v1_0, 40), lambda pkt: pkt.Type == 11), ConditionalField(ShortField('FlowRemovedNotificationPriority', None), lambda pkt: pkt.Type == 11), ConditionalField(ByteField('FlowRemovedNotificationReason', None), lambda pkt: pkt.Type == 11), ConditionalField(XByteField('FlowRemovedNotificationReserved', None), lambda pkt: pkt.Type == 11), ConditionalField(IntField('LifetimeDuration', None), lambda pkt: pkt.Type == 11), ConditionalField( ShortField('FlowRemovedNotificationSoftLifetime', None), lambda pkt: pkt.Type == 11), ConditionalField( StrFixedLenField('FlowRemovedNotification_Reserved', None, 48), lambda pkt: pkt.Type == 11), ConditionalField(LongField('NumberOfPacketsTransferred', None), lambda pkt: pkt.Type == 11), ConditionalField(LongField('NumberOfOctetsTransferred', None), lambda pkt: pkt.Type == 11), # Port Status Notification message body ConditionalField(ByteField('PortStatusNotificationReason', None), lambda pkt: pkt.Type == 12), ConditionalField( StrFixedLenField('PortStatusNotificationReserved', None, 64), lambda pkt: pkt.Type == 12), ConditionalField( _PacketField('PortStatusNotification<PortDescriptors>', None, PortDescriptorField_v1_0, 48), lambda pkt: pkt.Type == 12), # Packet Output message body ConditionalField(IntField('PacketOutputPacketBufferID', None), lambda pkt: pkt.Type == 13), ConditionalField(ShortField('PacketOutputIngress<PortNumber>', None), lambda pkt: pkt.Type == 13), ConditionalField(ShortField('LengthOfActionDescriptors', None), lambda pkt: pkt.Type == 13), ConditionalField( _PacketField('PacketOutput<ActionDescriptors>', None, ActionDescriptorField_v1_0), ## ???? bytes ## lambda pkt: pkt.Type == 13), ConditionalField(StrField('<PacketData>', None), lambda pkt: pkt.Type == 13), # Flow Modification message body ConditionalField( _PacketField('FlowModification<FlowMatchDescriptor>', None, FlowMatchDescriptorField_v1_0, 40), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('Command', None), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('FlowModificationSoftLifetime', None), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('HardLifetime', None), lambda pkt: pkt.Type == 14), ConditionalField(ShortField('FlowModificationPriority', None), lambda pkt: pkt.Type == 14), ConditionalField(IntField('FlowModificationPacketBufferID', None), lambda pkt: pkt.Type == 14), ConditionalField( ShortField('FlowModificationEgress<PortNumber>', None), lambda pkt: pkt.Type == 14), ConditionalField(XShortField('FlowModificationCU', None), lambda pkt: pkt.Type == 14), ConditionalField(XIntField('FlowModificationReserved', None), lambda pkt: pkt.Type == 14), ConditionalField( _PacketField('FlowModification<ActionDescriptors>', None, ActionDescriptorField_v1_0), ## ???? bytes lambda pkt: pkt.Type == 14), # Port Modification message body ConditionalField(ShortField('PortModification<PortNumber>', None), lambda pkt: pkt.Type == 15), ConditionalField(MACField('Ethernet Address', None), lambda pkt: pkt.Type == 15), ConditionalField(XIntField('<PortConfigurationFlags>', None), lambda pkt: pkt.Type == 15), ConditionalField(XIntField('<PortConfigurationFlags>Mask', None), lambda pkt: pkt.Type == 15), ConditionalField(XIntField('<PortFeatureFlags>', None), lambda pkt: pkt.Type == 15), # Stats Request message body ConditionalField( _PacketField('StatsRequest', None, StatsRequestBody_v1_0, 48), lambda pkt: pkt.Type == 16), # Stats Reply message body ConditionalField( _PacketField('StatsReply', None, StatsReplyBody_v1_0), ## ???? bytes lambda pkt: pkt.Type == 17), StrField('Payload', None), ]
def __init__(self, name, default, cls, length=None): StrField.__init__(self, name, default) self.cls = cls if length is not None: self.length_from = lambda pkt,length=length: length
def __init__(self, funcname): StrField.__init__(self, funcname, "")
class HumanIRC(Packet): name = 'HumanIRC' fields_desc = [ StrField('action', ''), ]
class PAYLOAD(Packet): name = "PAYLOAD" fields_desc = [StrField("message", "idle")]
class HTTPRequest(Packet): name = "HTTP Request" http_methods = "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)" fields_desc = [ StrField("Method", None, fmt="H"), StrField("Host", None, fmt="H"), StrField("User-Agent", None, fmt="H"), StrField("Accept", None, fmt="H"), StrField("Accept-Language", None, fmt="H"), StrField("Accept-Encoding", None, fmt="H"), StrField("Accept-Charset", None, fmt="H"), StrField("Referer", None, fmt="H"), StrField("Authorization", None, fmt="H"), StrField("Expect", None, fmt="H"), StrField("From", None, fmt="H"), StrField("If-Match", None, fmt="H"), StrField("If-Modified-Since", None, fmt="H"), StrField("If-None-Match", None, fmt="H"), StrField("If-Range", None, fmt="H"), StrField("If-Unmodified-Since", None, fmt="H"), StrField("Max-Forwards", None, fmt="H"), StrField("Proxy-Authorization", None, fmt="H"), StrField("Range", None, fmt="H"), StrField("TE", None, fmt="H"), StrField("Cache-Control", None, fmt="H"), StrField("Connection", None, fmt="H"), StrField("Date", None, fmt="H"), StrField("Pragma", None, fmt="H"), StrField("Trailer", None, fmt="H"), StrField("Transfer-Encoding", None, fmt="H"), StrField("Upgrade", None, fmt="H"), StrField("Via", None, fmt="H"), StrField("Warning", None, fmt="H"), StrField("Keep-Alive", None, fmt="H"), StrField("Allow", None, fmt="H"), StrField("Content-Encoding", None, fmt="H"), StrField("Content-Language", None, fmt="H"), StrField("Content-Length", None, fmt="H"), StrField("Content-Location", None, fmt="H"), StrField("Content-MD5", None, fmt="H"), StrField("Content-Range", None, fmt="H"), StrField("Content-Type", None, fmt="H"), StrField("Expires", None, fmt="H"), StrField("Last-Modified", None, fmt="H"), StrField("Cookie", None, fmt="H"), StrField("Additional-Headers", None, fmt="H") ] def do_dissect(self, s): ''' From the HTTP packet string, populate the scapy object ''' first_line, body = _dissect_headers(self, s) self.setfieldval('Method', first_line) return body def self_build(self, field_pos_list=None): ''' Generate the HTTP packet string (the oppposite of do_dissect) ''' return _self_build(self, field_pos_list)
class HTTPResponse(Packet): name = "HTTP Response" fields_desc = [ StrField("Status-Line", None, fmt="H"), StrField("Accept-Ranges", None, fmt="H"), StrField("Age", None, fmt="H"), StrField("E-Tag", None, fmt="H"), StrField("Location", None, fmt="H"), StrField("Proxy-Authenticate", None, fmt="H"), StrField("Retry-After", None, fmt="H"), StrField("Server", None, fmt="H"), StrField("Vary", None, fmt="H"), StrField("WWW-Authenticate", None, fmt="H"), StrField("Cache-Control", None, fmt="H"), StrField("Connection", None, fmt="H"), StrField("Date", None, fmt="H"), StrField("Pragma", None, fmt="H"), StrField("Trailer", None, fmt="H"), StrField("Transfer-Encoding", None, fmt="H"), StrField("Upgrade", None, fmt="H"), StrField("Via", None, fmt="H"), StrField("Warning", None, fmt="H"), StrField("Keep-Alive", None, fmt="H"), StrField("Allow", None, fmt="H"), StrField("Content-Encoding", None, fmt="H"), StrField("Content-Language", None, fmt="H"), StrField("Content-Length", None, fmt="H"), StrField("Content-Location", None, fmt="H"), StrField("Content-MD5", None, fmt="H"), StrField("Content-Range", None, fmt="H"), StrField("Content-Type", None, fmt="H"), StrField("Expires", None, fmt="H"), StrField("Last-Modified", None, fmt="H"), StrField("Additional-Headers", None, fmt="H") ] def do_dissect(self, s): ''' From the HTTP packet string, populate the scapy object ''' first_line, body = _dissect_headers(self, s) self.setfieldval('Status-Line', first_line) return body def self_build(self, field_pos_list=None): ''' From the HTTP packet string, populate the scapy object ''' return _self_build(self, field_pos_list)
class HTTPrequest(Packet): name = "HTTP Request" http_methods = "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)" fields_desc = [ StrField("Method", None, fmt="H"), StrField("Host", None, fmt="H"), StrField("UserAgent", None, fmt="H"), StrField("Accept", None, fmt="H"), StrField("AcceptLanguage", None, fmt="H"), StrField("AcceptEncoding", None, fmt="H"), StrField("AcceptCharset", None, fmt="H"), StrField("Referer", None, fmt="H"), StrField("Authorization", None, fmt="H"), StrField("Expect", None, fmt="H"), StrField("From", None, fmt="H"), StrField("IfMatch", None, fmt="H"), StrField("IfModifiedSince", None, fmt="H"), StrField("IfNoneMatch", None, fmt="H"), StrField("IfRange", None, fmt="H"), StrField("IfUnmodifiedSince", None, fmt="H"), StrField("MaxForwards", None, fmt="H"), StrField("ProxyAuthorization", None, fmt="H"), StrField("Range", None, fmt="H"), StrField("TE", None, fmt="H") ] def do_dissect(self, s): fields_rfc = [ "Method", "Host", "User-Agent", "Accept", "Accept-Language", "Accept-Encoding", "Accept-Charset", "Referer", "Authorization", "Expect", "From", "If-Match", "If-Modified-Since", "If-None-Match", "If-Range", "If-Unmodified-Since", "Max-Forwards", "Proxy-Authorization", "Range", "TE" ] a = s.split("\r\n") obj = self.fields_desc[:] obj.reverse() fields_rfc.reverse() while obj: f = obj.pop() g = fields_rfc.pop() for x in a: if (g == "Method"): prog = re.compile(self.http_methods) else: prog = re.compile(g + ":", re.IGNORECASE) result = prog.search(x) if result: self.setfieldval(f.name, x + '\r\n') a.remove(x) return '\r\n' + "".join(a)
class HTTP(Packet): name = "HTTP" fields_desc = [ StrField("CacheControl", None, fmt="H"), StrField("Connection", None, fmt="H"), StrField("Date", None, fmt="H"), StrField("Pragma", None, fmt="H"), StrField("Trailer", None, fmt="H"), StrField("TransferEncoding", None, fmt="H"), StrField("Upgrade", None, fmt="H"), StrField("Via", None, fmt="H"), StrField("Warning", None, fmt="H"), StrField("KeepAlive", None, fmt="H"), StrField("Allow", None, fmt="H"), StrField("ContentEncoding", None, fmt="H"), StrField("ContentLanguage", None, fmt="H"), StrField("ContentLength", None, fmt="H"), StrField("ContentLocation", None, fmt="H"), StrField("ContentMD5", None, fmt="H"), StrField("ContentRange", None, fmt="H"), StrField("ContentType", None, fmt="H"), StrField("Expires", None, fmt="H"), StrField("LastModified", None, fmt="H") ] def do_dissect(self, s): fields_rfc = [ "Cache-Control", "Connection", "Date", "Pragma", "Trailer", "Transfer-Encoding", "Upgrade", "Via", "Warning", "Keep-Alive", "Allow", "Content-Encoding", "Content-Language", "Content-Length", "Content-Location", "Content-MD5", "Content-Range", "Content-Type", "Expires", "Last-Modified" ] a = s.split("\r\n") obj = self.fields_desc[:] obj.reverse() fields_rfc.reverse() while obj: f = obj.pop() g = fields_rfc.pop() for x in a: prog = re.compile(g + ":", re.IGNORECASE) result = prog.search(x) if result: self.setfieldval(f.name, x + '\r\n') a.remove(x) return "\r\n".join(a) def guess_payload_class(self, payload): prog = re.compile("^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)") result = prog.search(payload) if result: return HTTPrequest else: prog = re.compile("^HTTP/((0\.9)|(1\.0)|(1\.1))\ [0-9]{3}.*") result = prog.search(payload) if result: return HTTPresponse return Packet.guess_payload_class(self, payload)