Exemplo n.º 1
0
    def _unpack(self, buf):
        """Extract into a list irc messages of a tcp streams.
        @buf: tcp stream data
        """
        try:
            f = cStringIO.StringIO(buf)
            lines = f.readlines()
        except Exception:
            log.error("Failed reading tcp stream buffer")
            return False

        for element in lines:
            if not re.match("^:", element) is None:
                command = "([a-zA-Z]+|[0-9]{3})"
                params = "(\x20.+)"
                irc_server_msg = re.findall("(^:[\w+.{}!@|()]+\x20)"+command+params,element)
                if irc_server_msg:
                    self._sc["prefix"] = convert_to_printable(irc_server_msg[0][0].strip())
                    self._sc["command"] = convert_to_printable(irc_server_msg[0][1].strip())
                    self._sc["params"] = convert_to_printable(irc_server_msg[0][2].strip())
                    self._sc["type"] = "server"
                    self._messages.append(dict(self._sc))
            else:
                irc_client_msg = re.findall("([a-zA-Z]+\x20)(.+[\x0a\0x0d])",element)
                if irc_client_msg and irc_client_msg[0][0].strip() in self.__methods_client:
                    self._cc["command"] = convert_to_printable(irc_client_msg[0][0].strip())
                    self._cc["params"] = convert_to_printable(irc_client_msg[0][1].strip())
                    self._cc["type"] = "client"
                    self._messages.append(dict(self._cc))
Exemplo n.º 2
0
    def dissect(data):

        """Runs all ICMP dissectors.
        RFC 792
        @param conn: connection.
        @param data: payload data of protocol IP.
        """

        picmp = {}

        picmp["protocol_name"] = "ICMP"
        picmp["layer"] = 3
        # picmp["src"] = pip["src"]
        # picmp["dst"] = pip["dst"]
        picmp["type"] = data.type  # Type
        picmp["code"] = data.code  # Code
        picmp["checksum"] = data.sum  # Checksum

        # Extract data from dpkg.icmp.ICMP.
        try:
            picmp["data"] = convert_to_printable(data.data.data)
        except:
            picmp["data"] = ""

        return picmp
Exemplo n.º 3
0
    def dissect(irc):
        __methods_client = dict.fromkeys(("PASS", "JOIN", "USER", "OPER", "MODE", "SERVICE", "QUIT", "SQUIT",
            "PART", "TOPIC", "NAMES", "LIST", "INVITE",
            "KICK", "PRIVMSG", "NOTICE", "MOTD", "LUSERS", "VERSION", "STATS", "LINKS", "TIME", "CONNECT",
            "TRACE", "ADMIN", "INFO", "SERVLIST",
            "SQUERY", "WHO", "WHOIS", "WHOWAS", "KILL", "PING", "PONG", "ERROR", "AWAY", "REHASH", "DIE", "RESTART",
            "SUMMON", "USERS", "WALLOPS",
            "USERHOST", "NICK", "ISON"))

        _messages = []
        _sc = {}
        _cc = {}

        try:
            f = cStringIO.StringIO(irc)
            lines = f.readlines()
        except Exception:
            return False

        for element in lines:
            if not re.match("^:", element) is None:
                command = "([a-zA-Z]+|[0-9]{3})"
                params = "(\x20.+)"
                irc_server_msg = re.findall("(^:[\w+.{}!@|()]+\x20)"+command+params,element)
                if irc_server_msg:
                    _sc["prefix"] = convert_to_printable(irc_server_msg[0][0].strip())
                    _sc["command"] = convert_to_printable(irc_server_msg[0][1].strip())
                    _sc["params"] = convert_to_printable(irc_server_msg[0][2].strip())
                    _sc["type"] = "server"
                    _messages.append(dict(_sc))
            else:
                irc_client_msg = re.findall("([a-zA-Z]+\x20)(.+[\x0a\0x0d])",element)
                if irc_client_msg and irc_client_msg[0][0].strip() in __methods_client:
                    _cc["command"] = convert_to_printable(irc_client_msg[0][0].strip())
                    _cc["params"] = convert_to_printable(irc_client_msg[0][1].strip())
                    _cc["type"] = "client"
                    _messages.append(dict(_cc))

        pirc={}
        pirc["layer"] = 7
        pirc["protocol_name"] = "IRC"
        pirc["messages"] = _messages

        return pirc