Exemplo n.º 1
0
	def build(self):
		#Simple HTTP string based checks
		httpCheck = ["POST","GET","User-Agent","Host","Cookie"]
		
		#if self.flow and self.flow.established: # to be investigated
		if self.flow or self.proto == "tcp" or self.proto == "http" or self.proto == "ftp" :
			self.build_handshake()
			
		oldc = None
		itered = []
		# output the data and metadata about a loaded rule
		#for pm in self.contents:
		  #print pm
		
		if self.dsize:
		  self.dsize_flag = True
		  #checking to see if dsize is present in the rule
		  
		
		for c in self.contents:
			#
			if not oldc:
				c.ini = 0
				c.end = len(c.payload)
			else:
				if c.distance == 0:
					c.ini = oldc.end
				else:
					c.ini = oldc.end + 1
				#c.ini = oldc.end + 1
				#c.end = c.ini + len(c.content)
				c.end = c.ini + len(c.payload)
			
			
			if c.offset and not oldc:
				c.ini = c.ini + c.offset
				c.end = c.end + c.offset
			if c.offset and oldc:
				# Here we should check for conflicts
				if c.ini < c.offset:
					c.ini = c.offset
					#c.end = c.ini + len(c.content)
					c.end = c.ini + len(c.payload)
			
			
			if c.distance and oldc:
				if oldc.end + c.distance > c.ini:
					c.ini = oldc.end + c.distance
					#c.end = oldc.end + c.distance + len(c.content)
					c.end = oldc.end + c.distance + len(c.payload)
			
			
			
			# Checks
			if c.depth and c.end > c.depth:
				print "Error here depth!" 
			# Checks
			if c.within and c.end > oldc.end + c.within:
				print "Error here within!" 
				
			oldc = c
			itered.append(c)
			#print "-> Ini: " + str(c.ini) + " End: " + str(c.end)
			
		
		#added dsize keyword >>
		if self.dsize_flag:
		  if len(self.dsize_list) == 1:
		    c.end = int(self.dsize_list[0])
		    
		  if len(self.dsize_list) == 3 and  self.dsize_list[1] == "<>": #checking for dsize specifics - dsize:100<>200
		    c.end = random.randint((int(self.dsize_list[0])+1),(int(self.dsize_list[2])-1)) 
		    
		  if self.dsize_list[0] == "<": #checking for dsize specifics - dsize:<200
		    c.end = (int(self.dsize_list[1])-1)
		    
		  if self.dsize_list[0] == ">": #checking for dsize specifics - dsize:>200
		    c.end = c.end + int(self.dsize_list[1]) + random.randint(0,int(self.dsize_list[1]))
		    if self.dsize_list[1] == "0": #check if it is not  - dsize:>0 , for example
		      c.end = c.end + random.randint(64,1024)
		  
		#added dsize keyword <<
		
		# buffer size
		max = 0
		for c in itered:
			if c.end > max:
				max = c.end
		# perform padding with ' 's (blank spaces)
		padding = ""
		for i in range(0,max):
			padding = padding + " "
		self.payload = create_string_buffer(max)
		struct.pack_into(str(max) + "s", self.payload, 0, padding)
		
		# write payloads
		for c in itered:
			fmt = str(c.end - c.ini) + "s"
			struct.pack_into(fmt, self.payload, c.ini, c.payload)
			
		self.itered = itered
		#
		#ADDED - FOR HTTP SUPPORT
		h = None
		if self.sport == "80" or self.dport == "80" or self.proto == "http":
			for check in httpCheck:
				if self.payload.raw.lower().find(check.lower()) != -1:
					h = HTTP()
					h.check(self.payload.raw)
					h.build()
					break
			if self.uricontents:
				if not h: h = HTTP()
				uri = ""
				for u in self.uricontents:
					uri = "%s%s" % (uri, str(u.uricontent))
				h.uri = uri
				h.build()
		if h:
			if self.payload.raw:
				h.payload = h.payload + self.payload.raw
			self.build_packet(h.payload)
			return h.payload
		else:
			self.build_packet(self.payload.raw)
			return self.payload
Exemplo n.º 2
0
	def build(self):
		#Simple HTTP string based checks
		httpCheck = ["POST","GET","User-Agent","Host","Cookie"]

		if self.flow and self.flow.established:
			self.build_handshake()

		oldc = None
		itered = []

		for c in self.contents:
			if not oldc:
				c.ini = 0

				c.end = len(c.payload)
			else:
				if c.distance == 0:
					c.ini = oldc.end
				else:
					c.ini = oldc.end + 1
				#c.ini = oldc.end + 1
				#c.end = c.ini + len(c.content)
				c.end = c.ini + len(c.payload)


			if c.offset and not oldc:
				c.ini = c.ini + c.offset
				c.end = c.end + c.offset

			if c.offset and oldc:
				# Here we should check for conflicts
				if c.ini < c.offset:
					c.ini = c.offset
					#c.end = c.ini + len(c.content)
					c.end = c.ini + len(c.payload)

			if c.distance and oldc:
				if oldc.end + c.distance > c.ini:
					c.ini = oldc.end + c.distance
					#c.end = oldc.end + c.distance + len(c.content)
					c.end = oldc.end + c.distance + len(c.payload)

			# Checks
			if c.depth and c.end > c.depth:
				print "Error here depth!" 

			# Checks
			if c.within and c.end > oldc.end + c.within:
				print "Error here within!" 
				
			oldc = c
			itered.append(c)
			#print "-> Ini: " + str(c.ini) + " End: " + str(c.end)

		# buffer size
		max = 0
		for c in itered:
			if c.end > max:
				max = c.end

		# perform padding with ' 's (blank spaces)
		padding = ""
		for i in range(0,max):
			padding = padding + " "
		self.payload = create_string_buffer(max)
		struct.pack_into(str(max) + "s", self.payload, 0, padding)

		# write payloads
		for c in itered:
			fmt = str(c.end - c.ini) + "s"
			struct.pack_into(fmt, self.payload, c.ini, c.payload)

		self.itered = itered

		#ADDED - FOR HTTP SUPPORT
		h = None
		if self.sport == "80" or self.dport == "80":
			for check in httpCheck:
				if self.payload.raw.lower().find(check.lower()) != -1:
					h = HTTP()
					h.check(self.payload.raw)
					h.build()
					break
			if self.uricontents:
				if not h: h = HTTP()
				uri = ""
				for u in self.uricontents:
					uri = "%s%s" % (uri, str(u.uricontent))
				h.uri = uri
				h.build()
		if h:
			if self.payload.raw:
				h.payload = h.payload + self.payload.raw
			self.build_packet(h.payload)
			return h.payload
		else:
			self.build_packet(self.payload.raw)
			return self.payload
Exemplo n.º 3
0
    def build(self):
        #Simple HTTP string based checks
        httpCheck = ["POST", "GET", "User-Agent", "Host", "Cookie"]

        #if self.flow and self.flow.established: # to be investigated
        if self.flow or self.proto == "tcp" or self.proto == "http" or self.proto == "ftp":
            self.build_handshake()

        oldc = None
        itered = []
        # output the data and metadata about a loaded rule
        #for pm in self.contents:
        #print pm

        if self.dsize:
            self.dsize_flag = True
            #checking to see if dsize is present in the rule

        for c in self.contents:
            #
            if not oldc:
                c.ini = 0
                c.end = len(c.payload)
            else:
                if c.distance == 0:
                    c.ini = oldc.end
                else:
                    c.ini = oldc.end + 1
                #c.ini = oldc.end + 1
                #c.end = c.ini + len(c.content)
                c.end = c.ini + len(c.payload)

            if c.offset and not oldc:
                c.ini = c.ini + c.offset
                c.end = c.end + c.offset
            if c.offset and oldc:
                # Here we should check for conflicts
                if c.ini < c.offset:
                    c.ini = c.offset
                    #c.end = c.ini + len(c.content)
                    c.end = c.ini + len(c.payload)

            if c.distance and oldc:
                if oldc.end + c.distance > c.ini:
                    c.ini = oldc.end + c.distance
                    #c.end = oldc.end + c.distance + len(c.content)
                    c.end = oldc.end + c.distance + len(c.payload)

            # Checks
            if c.depth and c.end > c.depth:
                print "Error here depth!"
            # Checks
            if c.within and c.end > oldc.end + c.within:
                print "Error here within!"

            oldc = c
            itered.append(c)
            #print "-> Ini: " + str(c.ini) + " End: " + str(c.end)

        #added dsize keyword >>
        if self.dsize_flag:
            if len(self.dsize_list) == 1:
                c.end = int(self.dsize_list[0])

            if len(self.dsize_list) == 3 and self.dsize_list[
                    1] == "<>":  #checking for dsize specifics - dsize:100<>200
                c.end = random.randint((int(self.dsize_list[0]) + 1),
                                       (int(self.dsize_list[2]) - 1))

            if self.dsize_list[
                    0] == "<":  #checking for dsize specifics - dsize:<200
                c.end = (int(self.dsize_list[1]) - 1)

            if self.dsize_list[
                    0] == ">":  #checking for dsize specifics - dsize:>200
                c.end = c.end + int(self.dsize_list[1]) + random.randint(
                    0, int(self.dsize_list[1]))
                if self.dsize_list[
                        1] == "0":  #check if it is not  - dsize:>0 , for example
                    c.end = c.end + random.randint(64, 1024)

        #added dsize keyword <<

        # buffer size
        max = 0
        for c in itered:
            if c.end > max:
                max = c.end
        # perform padding with ' 's (blank spaces)
        padding = ""
        for i in range(0, max):
            padding = padding + " "
        self.payload = create_string_buffer(max)
        struct.pack_into(str(max) + "s", self.payload, 0, padding)

        # write payloads
        for c in itered:
            fmt = str(c.end - c.ini) + "s"
            struct.pack_into(fmt, self.payload, c.ini, c.payload)

        self.itered = itered
        #
        #ADDED - FOR HTTP SUPPORT
        h = None
        if self.sport == "80" or self.dport == "80" or self.proto == "http":
            for check in httpCheck:
                if self.payload.raw.lower().find(check.lower()) != -1:
                    h = HTTP()
                    h.check(self.payload.raw)
                    h.build()
                    break
            if self.uricontents:
                if not h: h = HTTP()
                uri = ""
                for u in self.uricontents:
                    uri = "%s%s" % (uri, str(u.uricontent))
                h.uri = uri
                h.build()
        if h:
            if self.payload.raw:
                h.payload = h.payload + self.payload.raw
            self.build_packet(h.payload)
            return h.payload
        else:
            self.build_packet(self.payload.raw)
            return self.payload