def load_selected_plugins(self):
"""
Load the selected plugins specified in config file
"""
# Load the plugins in order (specified in conf file)
for plugin in self.plugins.plugins:
if not plugin or plugin == "":
continue
loaded, errmsg = self.load_plugin_from_path(plugin)
if not loaded:
log.warning(errmsg)
# Check out the global variable PM_PLUGINS if we are in
# development enviroment.
if PM_DEVELOPMENT:
plugins = os.getenv('PM_PLUGINS', '')
if not plugins:
return
for plugin in plugins.split(os.pathsep):
self.load_from_directory(plugin)
def __init__(self):
self.fname = os.path.join(PM_HOME, 'pm-prefs.xml')
try:
opts = self.load_options()
self.options.update(self.load_options())
except Exception, err:
log.warning('Error reading pm-prefs.xml. Loading default options')
def load_configurations(self):
log.debug('Loading configurations from audits-conf.xml')
try:
handler = ConfigurationsLoader()
parser = make_parser()
parser.setContentHandler(handler)
parser.parse(os.path.join(PM_HOME, 'audits-conf.xml'))
self._configurations.update(handler.opt_dict)
except Exception, err:
log.warning('Error while loading audits-conf.xml. ' \
'Using default options')
def load_configurations(self):
log.debug('Loading configurations from audits-conf.xml')
try:
handler = ConfigurationsLoader()
parser = make_parser()
parser.setContentHandler(handler)
parser.parse(os.path.join(PM_HOME, 'audits-conf.xml'))
self._configurations.update(handler.opt_dict)
except Exception, err:
log.warning('Error while loading audits-conf.xml. ' \
'Using default options')
def add_plugin_to_cache(self, pkg):
"""
Exports the needs/provides/conflicts to the global dicts
"""
for attr in ('conflicts', 'provides', 'needs'):
for dep in getattr(pkg, attr, []):
try:
name, op, ver = Version.extract_version(dep)
d = getattr(self, "who_%s" % attr)
d[name] = (op, ver, pkg)
except Exception, err:
log.warning(err)
log.warning("Ignoring %s entry" % dep)
def uninstall_plugin(self, reader):
"""
Low level uninstall procedure
@param reader a PluginReader
@return True if ok or False
"""
try:
os.remove(reader.get_path())
self.recache()
return True
except Exception, err:
log.warning("Error in uninstall_plugin(): %s" % err)
return False
def characters(self, content):
if self.in_field and self.field_id and self.current_protocol:
self.field_value = content
value = b64decode(self.field_value)
try:
# TODO: Not so secure. Here we could have some kind of backdoor
value = eval(value)
except:
pass
field = get_proto_field(self.current_protocol, self.field_id)
if field:
set_field_value(self.current_protocol, field, value)
else:
log.warning("Field %s is not present in %s protocol. Probably "
"you are loading a sequence created with a newer "
"scapy version" %
(self.field_id, type(self.current_protocol)))
def characters(self, content):
if self.in_field and self.field_id and self.current_protocol:
self.field_value = content
value = b64decode(self.field_value)
try:
# TODO: Not so secure. Here we could have some kind of backdoor
value = eval(value)
except:
pass
field = get_proto_field(self.current_protocol, self.field_id)
if field:
set_field_value(self.current_protocol, field, value)
else:
log.warning("Field %s is not present in %s protocol. Probably "
"you are loading a sequence created with a newer "
"scapy version" % (self.field_id,
type(self.current_protocol)))
def remove_plugin_from_cache(self, pkg):
for attr in ('conflicts', 'provides', 'needs'):
for dep in getattr(pkg, attr, []):
try:
name, op, ver = Version.extract_version(dep)
d = getattr(self, "who_%s" % attr)
# It's more probably that the entry is in the last
for i in xrange(len(d[name]) - 1, -1, -1):
_op, _ver, _pkg = d[name][i]
if pkg == _pkg and \
ver == _ver and \
op == _op:
del d[name][i]
# Remove unused keys.
if not d[name]:
del d[name]
except Exception, err:
log.warning(err)
log.warning("Ignoring %s entry" % dep)
def load_directory(self, modpath):
if not PM_DEVELOPMENT:
log.error("This method should not be called in release.")
return
start_file = 'main'
log.warning("You are loading a plugin without checking for needs, " \
"provides or conflitcts")
log.warning("* You have been warned! *")
log.warning("Assuming `%s' as start file!" % start_file)
# Load the plugin
sys.path.insert(0, os.path.abspath(modpath))
if start_file in sys.modules:
sys.modules.pop(start_file)
try:
__builtin__.__import__ = hook_import
module = hook_import(start_file, level=0)
if hasattr(module, "__plugins__") and \
isinstance(module.__plugins__, list):
lst = module.__plugins__
ret = []
for plug in lst:
try:
if issubclass(plug, PassiveAudit):
is_audit = 1
elif issubclass(plug, ActiveAudit):
is_audit = 2
else:
is_audit = 0
inst = plug()
inst.start(None)
if is_audit:
inst.register_decoders()
inst.register_hooks()
ret.append(inst)
except Exception, err:
log.critical("Error while starting %s:" % (plug))
log.critical(generate_traceback())
log.critical("Ignoring instance.")
if not ret:
log.error("Not startable plugin defined in main file")
else:
from umit.pm.gui.core.icons import get_pixbuf
from umit.pm.gui.widgets.plotter import Plotter
from umit.pm.gui.tabs.operationstab import SendOperation, SendReceiveOperation
from umit.pm.gui.pages.base import Perspective
try:
from umit.pm.gui.widgets.pygtkhexview import HexView
log.info('Cool we\'re using read/write hex-view.')
except ImportError:
from umit.pm.gui.widgets.hexview import HexView
log.warning('Erm :( We are using read only hex-view. Try to install '
'pygtkhexview and restart PM. You could get a copy from: '
'http://code.google.com/p/pygtkhex/')
class ProtocolHierarchy(gtk.ScrolledWindow):
def __init__(self, parent):
gtk.ScrolledWindow.__init__(self)
self.__create_widgets()
self.__pack_widgets()
self.__connect_signals()
self.session = parent
self.proto_icon = get_pixbuf('protocol_small')
self.reload()
def tcp_queue(self, stream, mpkt, snd, rcv, payload, datalen):
"""
Append a packet to a tcp queue
@param stream a TCPStream instance
@param mpkt a MetaPacket object
@param snd a HalfStream instance
@param rcv a HalfStream instance
@param payload the payload of the tcp packet as str
@param datalen the datalen
"""
tcpseq = mpkt.l4_seq
tcpflags = mpkt.l4_flags
exp_seq = (snd.first_data_seq + rcv.count + rcv.urg_count)
if not tcpseq - exp_seq > 0:
# This packet is old because seq < current
if (tcpseq + datalen + (tcpflags & TH_FIN)) - exp_seq > 0:
log.debug('Last packet of the window')
cur_ts = get_ts(mpkt)[1]
self.add_from_skb(stream, mpkt, rcv, snd, payload, datalen,
tcpseq, tcpflags & TH_FIN, tcpflags & TH_URG,
mpkt.get_field('tcp.urgptr', 0) + tcpseq - 1)
packet = rcv.plist
while packet:
if packet.seq - exp_seq > 0:
break
if (packet.seq + len(packet.data) + packet.fin) - \
exp_seq > 0:
self.add_from_skb(stream, mpkt, rcv, snd, packet.data,
len(packet.data), packet.seq,
packet.fin, packet.urg,
packet.urg_ptr + packet.seq - 1)
rcv.rmem_alloc -= len(packet.data)
if packet.prev:
packet.prev.next = packet.next
else:
packet.plist = packet.next
if packet.next:
packet.next.prev = packet.prev
else:
rcv.plist_tail = packet.prev
tmp = packet.next
del packet.data
del packet
packet = tmp
else:
log.warning('Inconsistent packet (%.10s) ignored.' % payload)
return
else:
log.debug('Standard packet. Looking for the right position')
p = rcv.plist_tail
packet = Buffer()
packet.data = payload[:]
rcv.rmem_alloc += len(packet.data)
packet.fin = tcpflags & TH_FIN
if packet.fin:
snd.state = TCP_CLOSING
if rcv.state == FIN_SENT or rcv.state == FIN_CONFIRMED:
self.add_closing_timeout(stream, mpkt)
packet.seq = tcpseq
packet.urg = tcpflags & TH_URG
packet.urg_ptr = mpkt.get_field('tcp.urgptr', 0)
while True:
if not p or not p.seq - tcpseq > 0:
break
p = p.prev
if not p:
packet.prev = None
packet.next = rcv.plist
if rcv.plist:
rcv.plist.prev = packet
rcv.plist = packet
if not rcv.plist_tail:
rcv.plist_tail = packet
log.debug('Prepending packet %s' % packet)
else:
packet.next = p.next
p.next = packet
packet.prev = p
log.debug('Appending %s after %s' % (packet, p))
if packet.next:
packet.next.prev = packet
else:
rcv.plist_tail = packet
def process_tcp(self, mpkt):
"""
Process a TCP packet
@param mpkt a MetaPacket object
"""
datalen = mpkt.get_field('ip.len') - \
mpkt.l3_len - mpkt.l4_len
if datalen < 0:
log.warning('Bogus TCP/IP header (datalen < 0)')
return
ipsrc, ipdst = inet_aton(mpkt.l3_src), \
inet_aton(mpkt.l3_dst)
if ipsrc == '\x00\x00\x00\x00' and \
ipdst == '\x00\x00\x00\x00':
log.warning('Bogus IP header (src or dst are NULL)')
return
tcpflags = mpkt.l4_flags
if not tcpflags:
return
is_client, stream = self.find_stream(mpkt)
if not stream:
if tcpflags & TH_SYN and \
not tcpflags & TH_ACK and not tcpflags & TH_RST:
self.add_new_tcp(mpkt)
return
if is_client:
snd, rcv = stream.client, stream.server
else:
snd, rcv = stream.server, stream.client
tcpseq = mpkt.l4_seq or 0
tcpack = mpkt.l4_ack or 0
if tcpflags & TH_SYN:
if is_client or stream.client.state != TCP_SYN_SENT or \
stream.server.state != TCP_CLOSE or not tcpflags & TH_ACK:
return
if stream.client.seq != tcpack:
return
stream.server.state = TCP_SYN_RECV
stream.server.seq = \
stream.server.first_data_seq = tcpseq + 1
stream.server.ack_seq = tcpack
stream.server.window = mpkt.get_field('tcp.window', 0)
if stream.client.ts_on:
stream.server.ts_on, stream.server.curr_ts = get_ts(mpkt)
if not stream.server.ts_on:
stream.client.ts_on = 0
else:
stream.server.ts_on = 0
if stream.client.wscale_on:
stream.server.wscale_on, stream.server.wscale = get_wscale(mpkt)
if not stream.server.wscale_on:
stream.client.wscale_on = 0
stream.client.wscale = 1
stream.server.wscale = 1
else:
stream.server.wscale_on = 0
stream.server.wscale = 1
#if not (not datalen and tcpseq == (rcv.ack_seq)) and \
# (not (tcpseq - (rcv.ack_seq + rcv.window * rcv.wscale) < 0) or \
# (tcpseq + datalen) - rcv.ack_seq < 0):
if tcpseq + datalen - rcv.ack_seq < 0:
return
if tcpflags & TH_RST:
if stream.state == CONN_DATA:
stream.state = CONN_RESET
for listener in stream.listeners:
listener(stream, mpkt, None)
self.free_tcp_stream(stream)
return
ts_on, ts_val = get_ts(mpkt)
if rcv.ts_on and ts_on and ts_val - snd.curr_ts < 0:
return
if tcpflags & TH_ACK:
if is_client and stream.client.state == TCP_SYN_SENT and \
stream.server.state == TCP_SYN_RECV:
if tcpack == stream.server.seq:
stream.client.state = TCP_ESTABLISHED
stream.client.ack_seq = tcpack
stream.server.state = TCP_ESTABLISHED
stream.state = CONN_JUST_ESTABLISHED
for callback in self.analyzers:
callback(stream, mpkt)
if not stream.listeners:
self.free_tcp_stream(stream)
return
stream.state = CONN_DATA
if tcpflags & TH_ACK:
if tcpack - snd.ack_seq > 0:
snd.ack_seq = tcpack
if rcv.state == FIN_SENT:
rcv.state = FIN_CONFIRMED
if rcv.state == FIN_CONFIRMED and snd.state == FIN_CONFIRMED:
stream.state = CONN_CLOSE
for listener in stream.listeners:
listener(stream, mpkt, None)
self.free_tcp_stream(stream)
return
if (datalen + (tcpflags & TH_FIN)) > 0:
payload = mpkt.data
if payload:
self.tcp_queue(stream, mpkt, snd, rcv, payload, datalen)
snd.window = mpkt.get_field('tcp.window', 0)
if rcv.rmem_alloc > 65535:
self.prune_queue(rcv)