Exemplo n.º 1
0
def loads(fin, fout):
    print(f'Extracting file {fin} & dumping to {fout}')
    extractor = jspcap.Extractor(fin=fin, store=False, verbose=True, auto=False, nofile=True)
    for packet in extractor:
        tcp = packet[jspcap.TCP]
        dumps(fout, tcp.raw or b'')
    #     if jspcap.HTTP in packet:
    #         http = packet[jspcap.HTTP]
    #         if http.body and 'text' in http.header['Content-Type']:
    #             dumps(fout, http.raw.body)
    print()
Exemplo n.º 2
0
def read(path):
    # file = sniff(offline=path)
    file = jspcap.Extractor(fin=path, nofile=True, auto=False, store=False)
    payload = b''
    for packet in file:
        # try:
        #     payload += packet[TCP].load
        # except:
        #     pass
        if jspcap.HTTP in packet:
            payload += packet[jspcap.HTTP].raw.body
    return payload
Exemplo n.º 3
0
 def SingleFolderOperator(self, path, outpath):
     files = [x for x in os.listdir(path)]
     alreadyfiles = [x for x in os.listdir(outpath)]
     print(files)
     for file in files:
         if file + "-Single-1" in alreadyfiles or file + "-Single-0" in alreadyfiles:
             print(file + "already exists")
             continue
         print("open " + file)
         already = []
         # packets = sniff(offline=path + file)
         packets = jspcap.Extractor(fin=path + file, nofile=False).frame
         payload = b''
         for packet in packets:
             # try:
             #     payload += packet[TCP].load
             # except:
             #     pass
             if jspcap.HTTP in packet:
                 payload += packet[jspcap.HTTP].raw.body
         label = 0
         for packet in packets:
             # try:
             #     src = "http://" + packet[IP].src
             #     dst = "http://" + packet[IP].dst
             # except:
             #     continue
             if jspcap.IP in packet:
                 src = 'http://' + packet[jspcap.IP].src
                 dst = 'http://' + packet[jspcap.IP].dst
             if src not in already:
                 fail = 1
                 while fail:
                     fail = 0
                     try:
                         src_label = self.scanner.label(src)
                     except:
                         print("连接失败,等待60秒重连")
                         fail = 1
                         time.sleep(60)
                 if src_label:
                     print("IP address " + src + " is malicious")
                     label = 1
                     already.append(src)
                 else:
                     already.append(src)
                 if dst not in already:
                     fail = 1
                     while fail:
                         fail = 0
                         try:
                             dst_label = self.scanner.label(dst)
                         except:
                             print("连接失败,等待60秒重连")
                             fail = 1
                             time.sleep(60)
                     if dst_label:
                         print("IP address " + dst + " is malicious")
                         label = 1
                         already.append(dst)
                     else:
                         already.append(dst)
         print(label, file)
         write(payload, outpath + file + "-Single-" + str(label))