def start(self, tag, attrib):
if self.parse_context: self.parse_context.log("<%s>" % tag, attrib)
if tag == "pdml":
self.destination.metadata.update(attrib)
return
if tag == "packet":
self.next_packet = ByteBuffer()
self.cur_proto = None
self.parse_context = structinfo.BytebufferAnnotatingParseContext(
None, self.next_packet)
self.parse_context.push(None, None, id="root")
self.parse_context.push(attrib, list(), id="packet")
return
if tag == "proto":
self.cur_proto = attrib["name"]
#self.next_packet.setBytes(int(attrib['pos']), int(attrib["size"]), {"section":}, None)
#print(attrib)
if "showname" in attrib: attrib["section"] = attrib["showname"]
if self.cur_proto == "geninfo": # ignore all geninfo fields, they contain mostly bullshit
return
if self.cur_proto == "frame": # put frame metadata in the metadata dict
if tag == "field":
self.next_packet.metadata[attrib["name"]] = attrib["show"]
return
if 'pos' in attrib and "size" in attrib:
pos = int(attrib['pos'])
size = int(attrib['size'])
self.parse_context.buf_offset = pos
self.parse_context.id = attrib["name"].split(".")[-1]
#del attrib['pos']
#del attrib['size']
v = list()
if "value" in attrib and len(attrib["value"]) == size * 2:
#try:
self.next_packet.setBytes(pos,
binascii.unhexlify(attrib["value"]))
self.parse_context.push(attrib, v)
self.parse_context.buf_offset += size
v.append(self.parse_context.pack_value(attrib["value"]))
#except:
# pass
else:
self.parse_context.push(attrib, v)
else:
if "name" in attrib:
self.parse_context.id = attrib["name"].split(".")[-1]
else:
self.parse_context.id = ""
v = list()
self.parse_context.push(attrib, v)
def highlightSelectionAsLength(editor, qp, bbuf: ByteBuffer, sel):
(start, end) = sel
end = end + 1
if end - start > 8: return
val = bbuf.getInt(start, end, endianness=">", signed=False)
if val > 0 and end + val < len(bbuf):
highlightMatch(editor, qp, (end, end + val), "", QColor("#555555"))
return
val = bbuf.getInt(start, end, endianness="<", signed=False)
if val > 0 and end + val < len(bbuf):
highlightMatch(editor, qp, (end, end + val), "", QColor("#555555"))
return
def setBytes(self, buf: bytes):
#abuf = ByteBuffer();
#abuf.setBytes(0, buf, undefined, undefined);
abuf = ByteBuffer(buf)
self.buffers = [abuf]
self.firstLine = 0
self.redraw()
def on_select_bytes(self, buffer: ByteBuffer, range: Range):
parse_context = structinfo.AnnotatingParseContext(
self.fiTreeWidget.formatInfoContainer,
buffer.getBytes(range.start, range.length()))
try:
fi_tree = parse_context.parse()
except structinfo.parse_exception as ex:
QMessageBox.warning(self, "Parse error", str(ex))
traceback.print_exc()
fi_tree = ex.partial_result
self.fiTreeWidget.updateTree(fi_tree)
def startFetch(self):
with open(self.params['fileName'], "rb") as f:
pcapfile = PcapFile.read_from_buffer(
structinfo.LoggingParseContext(f.read()))
plist = ByteBufferList()
plist.metadata.update(pcapfile['file_header'])
for packet in pcapfile['packets']:
plist.add(
ByteBuffer(packet['payload'], metadata=packet['header']))
self.on_finished.emit()
return plist
def onReadyReadStdout(self):
self.ctx.feed_bytes(self.process.readAllStandardOutput())
try:
if self.packetFI == None:
self.tryParseHeader()
while True:
packet = self.packetFI.read_from_buffer(self.ctx)
self.plist.add(
ByteBuffer(packet['payload'], metadata=packet['header']))
except structinfo.incomplete:
return
except structinfo.invalid as ex:
self.on_log.emit("Invalid packet format - killing pcap")
self.on_log.emit(str(ex))
self.cancelFetch()
def pack_value(self, value):
if self.on_new_subflow_category is not None:
try:
desc = self.stack[-1][0]
if 'reassemble_into' in desc.params:
category, meta, subflow_key = self.build_subflow_key(
desc.params['reassemble_into'])
print("reassemble:", category, subflow_key, value)
new = False
if category not in self.subflow_categories:
self.subflow_categories[category] = ByteBufferList()
new = True
databytes = self.top_buf()
if 'segment_meta' in desc.params:
datameta = {
k: v.evaluate(self)
for k, v in desc.params['segment_meta']
}
else:
datameta = {}
self.subflow_categories[category].reassemble(
subflow_key, meta, databytes, datameta)
if new:
self.on_new_subflow_category(category=category,
parse_context=self)
if 'store_into' in desc.params:
category, meta, subflow_key = self.build_subflow_key(
desc.params['store_into'])
print("store:", category, subflow_key, value)
new = False
if category not in self.subflow_categories:
self.subflow_categories[category] = ByteBufferList()
new = True
self.subflow_categories[category].add(
ByteBuffer(buf=self.top_buf(), metadata=meta))
if new:
self.on_new_subflow_category(category=category,
parse_context=self)
except Exception as ex:
raise parse_exception(
self,
"while adding bytes to reassembly buffer: " + str(ex))
return value
def startFetch(self):
bbuf = ByteBuffer(
metadata={
'fileName': self.params['fileName'],
'fileTimestamp': os.path.getmtime(self.params['fileName'])
})
with open(self.params['fileName'], "rb") as f:
bbuf.setContent(f.read())
if self.params["formatInfo"] != "":
from pre_workbench import structinfo
bbuf.fi_container = structinfo.FormatInfoContainer(
load_from_file=self.params["formatInfo"])
parse_context = structinfo.BytebufferAnnotatingParseContext(
bbuf.fi_container, bbuf)
#parse_context.on_new_subflow_category = self.newSubflowCategory
bbuf.fi_tree = parse_context.parse()
self.on_finished.emit()
return bbuf
class PdmlToPacketListParser:
def __init__(self,
destPacketList,
parse_context_type=structinfo.ParseContext):
#self.interface = interface
self.destination = destPacketList
self.cur_proto = None
self.parse_context_type = parse_context_type
self.parse_context = None
self.parser = XMLParser(target=self)
def feed(self, data):
self.parser.feed(data)
def start(self, tag, attrib):
if self.parse_context: self.parse_context.log("<%s>" % tag, attrib)
if tag == "pdml":
self.destination.metadata.update(attrib)
return
if tag == "packet":
self.next_packet = ByteBuffer()
self.cur_proto = None
self.parse_context = structinfo.BytebufferAnnotatingParseContext(
None, self.next_packet)
self.parse_context.push(None, None, id="root")
self.parse_context.push(attrib, list(), id="packet")
return
if tag == "proto":
self.cur_proto = attrib["name"]
#self.next_packet.setBytes(int(attrib['pos']), int(attrib["size"]), {"section":}, None)
#print(attrib)
if "showname" in attrib: attrib["section"] = attrib["showname"]
if self.cur_proto == "geninfo": # ignore all geninfo fields, they contain mostly bullshit
return
if self.cur_proto == "frame": # put frame metadata in the metadata dict
if tag == "field":
self.next_packet.metadata[attrib["name"]] = attrib["show"]
return
if 'pos' in attrib and "size" in attrib:
pos = int(attrib['pos'])
size = int(attrib['size'])
self.parse_context.buf_offset = pos
self.parse_context.id = attrib["name"].split(".")[-1]
#del attrib['pos']
#del attrib['size']
v = list()
if "value" in attrib and len(attrib["value"]) == size * 2:
#try:
self.next_packet.setBytes(pos,
binascii.unhexlify(attrib["value"]))
self.parse_context.push(attrib, v)
self.parse_context.buf_offset += size
v.append(self.parse_context.pack_value(attrib["value"]))
#except:
# pass
else:
self.parse_context.push(attrib, v)
else:
if "name" in attrib:
self.parse_context.id = attrib["name"].split(".")[-1]
else:
self.parse_context.id = ""
v = list()
self.parse_context.push(attrib, v)
#self.next_packet.setBytes(pos, size, attrib, None)
def end(self, tag):
self.parse_context.log("</%s>" % tag, self.cur_proto)
if tag == "pdml":
self.parse_context.log("done")
elif tag == "packet":
self.next_packet.fi_tree = self.parse_context.pack_value(
self.parse_context.pop())
assert (self.parse_context.pop() == None)
self.destination.add(self.next_packet)
self.next_packet = None
elif self.cur_proto == "geninfo" or self.cur_proto == "frame":
pass
else:
val = self.parse_context.top_value()
if len(val) == 1:
packed_val = val[0]
else:
packed_val = self.parse_context.pack_value(val)
self.parse_context.pop()
self.parse_context.top_value().append(packed_val)
def data(self, data):
pass # We do not need to do anything with data.
def close(self):
#return self.stack[0][1]
pass