Пример #1
0
class StatAnalyzerTests(unittest.TestCase):

    MOCK_PACKET = Ether()/ IP(dst='1.1.1.1')/ TCP() / http.HTTPRequest(Host='one.one')

    def setUp(self) -> None:
        self.analyzer = None

    def tearDown(self) -> None:
        self.analyzer.finish()

    def test_analyze(self):
        with patch.object(StatAnalyzer, '_handle_db_save') as db_save:
            self.analyzer = StatAnalyzer()
            self.analyzer.analyze(self.MOCK_PACKET)
            self.analyzer.db_cache.flush()
            db_save.assert_called()
            self.assertEqual(call('one.one', '1.1.1.1'), db_save.call_args)
Пример #2
0
class HostAnalyzerTest(unittest.TestCase):

    MOCK_PACKET = Ether() / IP(dst='1.1.1.1') / TCP() / http.HTTPRequest(
        Host='one.one')

    def setUp(self) -> None:
        gsafe = MagicMock()
        gsafe.api_call = MagicMock(return_value=(False, ""))
        self.analyzer = HostAnalyzer(gsafe)

    def tearDown(self) -> None:
        self.analyzer.finish()

    def test_analyze(self):
        mock_notify = MagicMock()
        self.analyzer.notify = mock_notify
        self.analyzer.analyze(self.MOCK_PACKET)
        mock_notify.assert_called()
Пример #3
0
    def run(self, script=None):
        self.update_vars_from_script(script)
        try:
            seq = self.plugins_data._get("seq")
        except KeyError:
            seq = 0

        req = http.HTTPRequest(
            Path=b'/' + bytes(script["log_plugin"].encode("utf-8")),
            User_Agent=b'' + bytes(script["kvdata"].encode("utf-8")))
        httpreq = Ether() / IP(src="10.10.10.10", dst="10.10.10.10") / TCP(
            sport=666, dport=666, flags="P"
            "A", seq=seq) / req
        self.plugins_data.pcap.append(httpreq)

        seq += len(httpreq['TCP'].payload)
        if seq > 2147483647:  # 2^32 - 1
            seq = 0
        self.plugins_data._set("seq", seq)

        return script["_next"], self.plugins_data
Пример #4
0
 def handle(self, request, client_address):
     data = self.receive(request)
     try:
         http_request = http.HTTPRequest(data)
     except ValueError:
         lpz.logger.debug(f'-> Failed to parse: {data}')
     else:
         encrypted = self.get_payload(http_request)
         if encrypted:
             decrypted = decode(encrypted).encode('utf8')
             if decrypted:
                 lpz.logger.info(f'-> Encrypted data: {encrypted}')
                 lpz.logger.info(f'-> Decrypted data: {decrypted}')
                 self.output_write(decrypted)
             else:
                 lpz.logger.info(f'-> Nothing to decrypt...')
         url = urllib.parse.urlparse(http_request.Path)
         if url.path == b'/':
             request.sendall(self.response_200().encode('utf8'))
         else:
             request.sendall(self.response_404().encode('utf8'))
         lpz.logger.info(f'-> Sent response to {client_address}')
Пример #5
0
    def run(self, ami, action):
        action_ptr = action
        kvstring=""
        afa = action.FieldActions()
        for field, action in afa.items():
            for actiontype, actionval in action.items():
                if actiontype == "set":
                    for k, v in actionval.items():
                        kvstring += "%s='''%s''' " % (field,k)
                        
        req = http.HTTPRequest(
            Path=b'/' + bytes(self.getvar("log_plugin").encode("utf-8")),
            User_Agent=b'' + bytes(kvstring.encode("utf-8"))
        )
        httpreq = Ether() / IP(src="10.10.10.10",dst="10.10.10.10") / TCP(sport=666,dport=666, flags="P""A", seq=self.seq) / req
        self.plugins_data.AddPacket(action_ptr, httpreq)

        self.seq += len(httpreq['TCP'].payload)
        if self.seq > 2147483647: # 2^32 - 1
            self.seq = 0
        
        return self.plugins_data