def parse(self, pkt, payload):
if not payload:
print 'none'
yield None
else:
match = self.CONNECT_RE.search(payload)
if match:
print match
(nick, username, server, full_name) = match.groups()
print match.groups()
yield Identity(service=server,
event='connect',
type='handle',
value=nick,
certainty=0.7)
yield Identity(service=server,
event='connect',
type='name',
value=full_name,
certainty=0.3)
yield Identity(service=server,
event='connect',
type='username',
value=username,
certainty=0.25)
match = self.TOPIC_RE.search(payload)
if match:
(server, nick, channel) = match.groups()
yield Identity(service='%s: %s' % (server, channel),
event='topic',
type='handle',
value=nick,
certainty=1)
def parse(self, pkt, payload):
if payload:
match = self.MODEL_RE.search(payload)
if match:
yield Identity(service='Machine',
event='broadcast',
type='machine_type',
value=match.group(1),
certainty=0.7)
match = self.NAME_RE.search(payload)
if match:
yield Identity(service='Machine',
event='broadcast',
type='hostname',
value=match.group(1),
certainty=0.7)
def parse(self, pkt, payload):
match = self.DOMAIN_RE.search(payload)
if match:
yield Identity(service='Machine',
event='broadcast',
type='machine_name',
value=match.group(1),
certainty=1)
def parse(self, pkt, payload):
if payload:
match = self.SERVER_RE.search(payload)
if match:
yield Identity(service='Machine',
event='broadcast',
type='Operating System',
value=match.group(1),
certainty=0.8)
def test_channel_join(self):
test_data = self._load_testdata('incoming_channel_join.pcap')
responses = list(irc_outgoing.IrcOutgoing().parse(test_data[0]))
expected_nick = Identity('zelazny.freenode.net: #hsbxl',
'topic',
'handle',
'helixblue',
certainty=1)
self.assertEquals(responses[0], expected_nick)
def parse(self, pkt, payload):
if payload:
match = self.PING_RE.search(payload)
if match:
yield Identity(service='Yahoo Instant Messenger',
event='broadcast',
type='login',
value=match.group(1),
certainty=1.0)
def test_connect(self):
test_data = self._load_testdata('connect.pcap')
responses = list(irc_outgoing.IrcOutgoingParser().parse(test_data[0]))
expected_nick = Identity('irc.freenode.net',
'connect',
'handle',
'helixblue',
certainty=0.7)
self.assertEquals(responses[0], expected_nick)
self.assertEquals(responses[1].value, 'thomas')
self.assertEquals(responses[1].type, 'name')
self.assertEquals(responses[2].value, 'tstromberg')
self.assertEquals(responses[2].type, 'username')
def parse(self, pkt, payload):
if not payload:
yield None
else:
match = self.AGENT_RE.search(payload)
if match:
yield Identity(service='Browser',
event='Request',
type='browser_version',
value=match.group(1),
certainty=0.5)
# Wordpress
if 'POST /wp-admin/' in payload:
match = re.search('Host: ([\w\.]+)', payload)
if match:
yield Identity(service='Wordpress',
event='Admin',
type='url',
value=match.group(1),
certainty=0.7)
# Google Talk
match = self.GMAIL_CHAT_RE.search(payload)
if match:
yield Identity(service='Google Talk',
event='Update',
type='login',
value=match.group(1),
certainty=0.8)
yield Identity(service='Google Account',
event='Update',
type='login',
value=match.group(1),
certainty=0.5)
# GMail
elif 'GET /mail/' in payload:
match = re.search('\&gausr=(%s)' % self.EMAIL_REGEXP, payload)
if match:
yield Identity(service='Google Account',
event='Access',
type='login',
value=match.group(1),
certainty=0.8)
yield Identity(service='Gmail',
event='Access',
type='login',
value=match.group(1),
certainty=0.8)
yield Identity(service='Gmail',
event='Access',
type='email',
value=match.group(1),
certainty=0.5)
# Gravatar
match = self.GRAVATAR_RE.search(payload)
if match:
yield Identity(service='Gravatar',
event='Access',
type='login',
value=match.group(1),
certainty=1)
# brizzly.com
if 'Brizzly%20%20%2F%20' in payload:
match = re.search('Brizzly%20%20%2F%20(\w+)%0A', payload)
if match:
yield Identity(service='Brizzly',
event='Access',
type='login',
value=match.group(1),
certainty=1)
# Generic e-mail
elif '&email=' in payload:
match = re.search('&email=(%s)' % self.EMAIL_REGEXP, payload)
if match:
yield Identity(service='E-Mail',
event='POST',
type='email',
value=match.group(1),
certainty=0.5)
def parse(self, pkt, payload):
match = self.GOOGLE_USERMAIL_RE.search(payload)
if match:
yield Identity(service='Google Account',
event='Access',
type='login',
value=match.group(1),
certainty=0.8)
yield Identity(service='Gmail',
event='Access',
type='login',
value=match.group(1),
certainty=0.8)
yield Identity(service='Gmail',
event='Access',
type='email',
value=match.group(1),
certainty=0.5)
# Used by Google
match = self.GOOGLE_UJ_RE.search(payload)
if match:
yield Identity(service='Google Account',
event='Access',
type='login',
value=match.group(1),
certainty=0.8)
# Used by Twitter
match = self.TWITTER_RE.search(payload)
if match:
yield Identity(service='Twitter',
event='Access',
type='handle',
value=match.group(1),
certainty=0.8)
match = self.FLICKR_RE.search(payload)
if match:
yield Identity(service='Flickr',
event='Access',
type='handle',
value=match.group(1),
certainty=0.7)
match = self.PICASAWEB_ALBUM_RE.search(payload)
if match:
yield Identity(service='PicasaWeb',
event='Access',
type='handle',
value=match.group(1),
certainty=0.4)
match = self.PICASAWEB_AUTH_USER_RE.search(payload)
if match:
yield Identity(service='PicasaWeb',
event='Access',
type='handle',
value=match.group(1),
certainty=0.4)
match = self.YOUTUBE_TITLE_RE.search(payload)
if match:
yield Identity(service='YouTube',
event='Access',
type='login',
value=match.group(1),
certainty=0.4)
match = self.YOUTUBE_UTIL_LINKS_RE.search(payload)
if match:
yield Identity(service='YouTube',
event='Access',
type='login',
value=match.group(1),
certainty=0.4)
match = self.FACEBOOK_MENU_LINK_RE.search(payload)
if match:
yield Identity(service='Facebook',
event='Access Main',
type='name',
value=match.group(1),
certainty=1)
match = self.FACEBOOK_PROFILE_TITLE_RE.search(payload)
if match:
yield Identity(service='Facebook',
event='Profile',
type='name',
value=match.group(1),
certainty=1)
match = self.FACEBOOK_PROFILE_STATUS_RE.search(payload)
if match:
yield Identity(service='Facebook',
event='Access',
type='status',
value=match.group(1),
certainty=1)
match = self.GOOGLE_GUSER_RE.search(payload)
if match:
yield Identity(service='Google Account',
event='Access',
type='login',
value=match.group(1),
certainty=0.5)
match = self.GMAIL_CFS_RE.search(payload)
if match:
yield Identity(service='GMail',
event='Access',
type='name',
value=match.group(1),
certainty=0.9)
yield Identity(service='Google Account',
event='Access',
type='login',
value=match.group(2),
certainty=0.7)
yield Identity(service='GMail',
event='Access',
type='email',
value=match.group(2),
certainty=0.5)
match = self.GMAIL_UGN_RE.search(payload)
if match:
yield Identity(service='GMail',
event='Access',
type='name',
value=match.group(1),
certainty=0.9)
match = self.LINKEDIN_WELCOME.search(payload)
if match:
yield Identity(service='LinkedIn',
event='Access Main',
type='name',
value=match.group(1),
certainty=1)