Exemplo n.º 1
0
def cybox_object_http(obj):
    http_session = HTTPSession()
    hh = HTTPRequestResponse()
    hc = HTTPClientRequest()
    if obj.client_request.message_body:
        hm = HTTPMessage()
        hm.lenght = len(obj.client_request.message_body)
        hm.message_body = String(obj.client_request.message_body)
        hc.http_message_body = hm
    rh = HTTPRequestHeader()
    if obj.client_request.raw_header:
        rh.raw_header = String(obj.client_request.raw_header)
    hhf = HTTPRequestHeaderFields()
    hhf.user_agent = String(obj.client_request.user_agent)
    host_field = HostField()
    host_field.domain_name = URI(value=obj.client_request.domain_name)
    port = Port()
    port.port_value = PositiveInteger(obj.client_request.port.port)
    host_field.port = port
    hhf.host = host_field
    rh.parsed_header = hhf
    hc.http_request_header = rh

    hl = HTTPRequestLine()
    hl.http_method = String(obj.client_request.request_method)
    hl.version = String(obj.client_request.request_version)
    hl.value = String(obj.client_request.request_uri)
    hc.http_request_line = hl
    hh.http_client_request = hc
    http_session.http_request_response = [hh]
    return http_session
Exemplo n.º 2
0
def cybox_object_http(obj):
    http_session = HTTPSession()
    hh = HTTPRequestResponse()
    hc = HTTPClientRequest()
    if obj.client_request.message_body:
        hm = HTTPMessage()
        hm.lenght = len(obj.client_request.message_body)
        hm.message_body = String(obj.client_request.message_body)
        hc.http_message_body = hm
    rh = HTTPRequestHeader()
    if obj.client_request.raw_header:
        rh.raw_header = String(obj.client_request.raw_header)
    hhf = HTTPRequestHeaderFields()
    hhf.user_agent = String(obj.client_request.user_agent)
    host_field = HostField()
    host_field.domain_name = URI(value=obj.client_request.domain_name)
    port = Port()
    port.port_value = PositiveInteger(obj.client_request.port.port)
    host_field.port = port
    hhf.host = host_field
    rh.parsed_header = hhf
    hc.http_request_header = rh

    hl = HTTPRequestLine()
    hl.http_method = String(obj.client_request.request_method)
    hl.version = String(obj.client_request.request_version)
    hl.value = String(obj.client_request.request_uri)
    hc.http_request_line = hl
    hh.http_client_request = hc
    http_session.http_request_response = [hh]
    return http_session
Exemplo n.º 3
0
def add_host(host_info):
    uri_port = host_info.split(":")
    hf = HostField()
    if len(uri_port) > 1:
        port = Port()
        port.port_value = uri_port[1]
        hf.port = port
    hf.domain_name = URI(uri_port[0], URI.TYPE_DOMAIN)
    return hf
Exemplo n.º 4
0
 def __create_cybox_host_object(self, domain, port, whitelist):
     if not domain:
         return None
     domain = domain.rsplit(':', 1)[0]
     if not port:
         port = 80
     hobj = HostField()
     hobj.domain_name = self.__create_cybox_domain_object(domain, whitelist)
     if not hobj.domain_name:
         return None
     hobj.port = self.__create_cybox_port_object(port)
     return hobj
Exemplo n.º 5
0
def http_conversations(httpconv):
    a = MalwareAction()
    ao = AssociatedObject()
    a.name = "Connect to URL"
    a.type_ = "Connect"
    
    ao.properties = NetworkConnection()
    ao.properties.layer4_protocol = httpconv["protocol"]
    
    
    header = HTTPResponseHeader()
    headerfiled = HTTPResponseHeaderFields()
    response = HTTPServerResponse()
    if httpconv["response_headers"].has_key("Transfer-Encoding"):
        headerfiled.transfer_encoding = httpconv["response_headers"]["Transfer-Encoding"]
    headerfiled.content_type = httpconv["response_headers"]["Content-Type"]
    headerfiled.server = httpconv["response_headers"]["Server"]
    headerfiled.connection = httpconv["response_headers"]["Connection"]
    #headerfiled.date = DateTime(httpconv["response_headers"]["Date"])
    t = datetime.strptime(httpconv["response_headers"]["Date"],'%a, %d %b %Y %H:%M:%S %Z').replace(tzinfo=pytz.utc)
    #print t
    headerfiled.date = DateTime(t)
    headerfiled.content_type = httpconv["response_headers"]["type"]
    header.parsed_header = headerfiled
    if httpconv.has_key("download_content"):
        body = HTTPMessage()
        body.message_body = str(httpconv["download_content"]).encode('string-escape')
        response.http_message_body = body
    
    line = HTTPStatusLine()
    tmp = httpconv["response_headers"]["Status-Line"].split()
    line.version = tmp[0]
    line.status_code = PositiveInteger(tmp[1])
    line.reason_phrase = tmp[2]
    response.http_status_line = line
    response.http_response_header = header
    
    
    client = HTTPClientRequest()
    line = HTTPRequestLine()
    tmp = httpconv["url"].split()
    line.http_method = tmp[0]
    line.value = tmp[1]
    line.version = tmp[2]    
    client.http_request_line = line
    cheader = HTTPRequestHeader()
    cheaderfiled = HTTPRequestHeaderFields()
    host = HostField()
    host.domain_name = URI(httpconv["dst_host"])
    val = Port()
    val.port_value = PositiveInteger(httpconv["dst_port"])
    host.port = val
    cheaderfiled.host = host
    cheader.parsed_header = cheaderfiled
    client.http_request_header = cheader
    
    httpsession = HTTPSession()
    requestresponse = HTTPRequestResponse()
    requestresponse.http_client_request = client
    requestresponse.http_server_response = response
    httpsession.http_request_response = [requestresponse]
    layer7 = Layer7Connections()
    layer7.http_session = httpsession
    ao.properties.layer7_connections = layer7
    #print ao.properties.to_dict()
    
    a.associated_objects = AssociatedObjects()
    a.associated_objects.append(ao)
    return a