def print_errors(self, message):
if message.errors:
ansi.echo("red")
for error in message.errors:
print error
ansi.echo()
def run(self):
print "http collector started, pid=%s" % self.pid
while True:
artifact = self.pipe.recv()
#print artifact
#continue
request = response = None
try:
if artifact.kind == 'request':
request = dpkt.http.Request(artifact.data)
request.time_begin = artifact.begin
request.time_finish = artifact.finish
elif artifact.kind == 'response':
response = dpkt.http.Response(artifact.data)
response.time_begin = artifact.begin
response.time_finish = artifact.finish
except dpkt.UnpackError, e:
ansi.echo("red ERROR: dpkt.UnpackError (problem decoding http %s): %s" % (artifact.kind, e))
continue
# container object to bundle ip peer information, request- and response objects
conversation = HttpConversation(artifact.addr, request, response)
if config.collector.conversation.correlate:
self.correlate_conversation(conversation)
else:
self.process_conversation(conversation)
def format_duration(self, with_ansi = False):
try:
duration_str = (str(self.c.duration) + 'ms').rjust(6)
if with_ansi:
return ansi.get('yellow') + duration_str + ansi.get('none')
else:
return duration_str
except Exception as ex:
ansi.echo("red WARNING: Could not compute duration of conversation, error was '%s'" % ex)
return ''
def print_request(self):
request = self.c.request
response = self.c.response
self.print_request_line()
self.print_message_header(request)
self.print_message_steps(request)
# pretty print raw post data
if request.postdata_list:
ansi.echo("underline POST payload (pretty):")
ansi.echo()
print '\n'.join(request.postdata_list)
# pretty print decoded post data
if request.postdata_decoded:
ansi.echo("underline POST payload (decoded):")
ansi.echo()
pprint.pprint(request.postdata_decoded)
else:
print request.body
self.print_errors(request)
def correlate_conversation(self, half):
#print (half.seqno, half.addr, half.request, half.response) #; return
if half.request:
self.conversations[half.addr] = half
elif half.response:
full = self.conversations.get(half.addr)
if full:
full.response = half.response
if abs(full.seqno - half.seqno) > 1:
full.response.correlated = True
del self.conversations[half.addr]
self.process_conversation(full)
else:
ansi.echo("red WARNING: Correlator received the following response without having an associated request")
self.process_conversation(half)
def print_section_header(self, request = False, response = False, more = ''):
label = "UNKNOWN"
direction = '-'
((source_ip, source_port), (target_ip, target_port)) = self.c.addr
if request:
label = "REQUEST: "
direction = '->'
elif response:
label = "RESPONSE:"
direction = '<-'
conversation_header = '%s %s:%s %s %s:%s' % (label, source_ip, source_port, direction, target_ip, target_port)
ansi.echo("blue bold underline")
print conversation_header,
ansi.echo('none')
if more:
ansi.echo('yellow ' + more)
else:
print
def print_startup_header():
ansi.echo("@@ bold")
ansi.echo("red")
print "sanchez v%s" % ".".join(str(n) for n in __VERSION__)
ansi.echo("none config: ", end = '')
ansi.echo("green %s" % CONFIG_FILE)
ansi.echo("none interface: ", end = '')
ansi.echo("green %s" % config.interface_name)
ansi.echo("none bpf filter: ", end = '')
ansi.echo("green %s" % config.bpf_filter)
ansi.echo("none plugins: ", end = '')
ansi.echo("green", end = '')
print ", ".join([plugin.__name__ for plugin in HttpResponseDecoder.plugins])
ansi.echo()
print
def print_message_steps(self, message):
if message.steps:
ansi.echo('yellow [' + ', '.join(message.steps) + ']')
ansi.echo('none')
def print_message_header(self, message):
ansi.echo()
if config.http.view.headers.pretty:
print message.pack_hdr_pretty()
else:
print message.pack_hdr()
def print_response(self):
request = self.c.request
response = self.c.response
if int(response.status) < 400:
ansi.echo("green")
else:
ansi.echo("red")
print self.c.response_line
self.print_message_header(response)
self.print_message_steps(response)
# TODO: better dispatching by response content type
if response.json_decoded:
ansi.echo("underline JSON (pretty):")
ansi.echo()
if response.json_decoded:
#from pprint import pprint
#pprint(decoded)
import json
#pretty = json.dumps(decoded, sort_keys=False)
#pretty = json.dumps(response.json_decoded, sort_keys=True, indent=4)
pretty = json.dumps(response.json_decoded, sort_keys=False, indent=4) # TODO: make "sort_keys" configurable
print pretty
#ansi.echo("@50;40")
else:
#print dir(response)
f = HttpHeaderFilterStep(self.c, config.http.view.display.body.header.reject)
if f.apply():
ansi.echo('yellow <hidden data>')
ansi.echo('none')
else:
print response.body
self.print_errors(response)
