Пример #1
0
class USBPcapWriter(Dissector):
    """ """
    _desc_ = "USB Pcap Writer"

    @classmethod
    def create_arg_subparser(cls, parser):
        parser.add_argument("--output",
                            "-o",
                            metavar="PCAP_FILE",
                            help="PCAP file")

    def __init__(self, args):
        super(USBPcapWriter, self).__init__(args)
        self.pcap = RawPcapWriter(args.output, linktype=220, sync=True)
        self.lock = Lock()

    def hookUSBDevice(self, msg):
        # We do not receive REQUEST from host if type is not CTRL
        if msg.ep.eptype != CTRL:
            req = req_from_msg(msg)
            self.write_pcap(req)

        pkt = usbdev_to_usbpcap(msg)
        self.write_pcap(pkt)
        return msg

    def hookUSBHost(self, msg):
        pkt = usbhost_to_usbpcap(msg)
        self.write_pcap(pkt)

        # We do not receive ACK from device for OUT data
        if msg.ep.epdir == PROTO_OUT:
            ack = ack_from_msg(msg)
            self.write_pcap(ack)
        return msg

    def write_pcap(self, msg):
        self.lock.acquire()
        self.pcap.write(str(msg))
        self.lock.release()
Пример #2
0
def merge_cap_files (pcap_file_list, out_filename, delete_src = False):

    exising_pcaps = [f for f in pcap_file_list if os.path.exists(f)]
    if not exising_pcaps:
        print('ERROR: DP cores did not produce output files!')
        return

    if len(exising_pcaps) != len(pcap_file_list):
        print("WARNING: not all DP cores produced output files\n")

    out_pkts = []
    for src in exising_pcaps:
        pkts = RawPcapReader(src)
        out_pkts += pkts
        if delete_src:
            os.unlink(src)

    # sort by timestamp
    out_pkts = sorted(out_pkts, key = __ts_key)

    writer = RawPcapWriter(out_filename, linktype = 1)

    writer._write_header(None)
    for pkt in out_pkts:
        writer._write_packet(pkt[0], sec=pkt[1][0], usec=pkt[1][1], caplen=pkt[1][2], wirelen=None)
Пример #3
0
class PcapFileWriter:
    'Write a PCAP file containing all proxied USB traffic.'

    #: Filename for the PCAP file.
    pcap = attr.ib(converter=str)

    def __attrs_post_init__(self):
        log.info(f'Logging packets to PCAP file {self.pcap}')
        self._pcap = RawPcapWriter(self.pcap, linktype=220, sync=True)

    def _do_host(self, msg):
        # Convert and write
        pcap_pkt = usbhost_to_usbpcap(msg)
        self._pcap.write(raw(pcap_pkt))

        # We do not receive ACK from device for OUT data
        if msg.ep.epdir == msg.URBEPDirection.URB_OUT:
            ack = ack_from_msg(msg)
            self._pcap.write(raw(ack))

    def _do_device(self, msg):
        # We do not receive REQUEST from host if type is not CTRL
        if msg.ep.eptype != USBDefs.EP.TransferType.CTRL:
            req = req_from_msg(msg)
            self._pcap.write(raw(req))

        # Convert and write
        pcap_pkt = usbdev_to_usbpcap(msg)
        self._pcap.write(raw(pcap_pkt))

    @hookimpl
    def usbq_log_pkt(self, pkt: Union[USBMessageDevice, USBMessageHost]):
        # Only log USB Host or Device type packets to the pcap file
        if type(pkt) in [USBMessageDevice, USBMessageHost]:
            if pkt.type != pkt.MitmType.USB:
                return

            msg = pkt.content
            if type(pkt) == USBMessageDevice:
                self._do_device(msg)
            else:
                self._do_host(msg)
Пример #4
0
 def _write_pcap_files(self, iface_pkts_map):
     """ Writes the collected packets to their respective interfaces.
     This is done by creating a pcap file with the corresponding name. """
     for iface, pkts in iface_pkts_map.items():
         direction = "in"
         infile = self.filename(iface, direction)
         # Linktype 1 the Ethernet Link Type, see also 'man pcap-linktype'
         fp = RawPcapWriter(infile, linktype=1)
         fp._write_header(None)
         for pkt_data in pkts:
             try:
                 fp._write_packet(pkt_data)
             except ValueError:
                 report_err(self.outputs["stderr"], "Invalid packet data",
                            pkt_data)
                 return FAILURE
     return SUCCESS
Пример #5
0
def merge_cap_files(pcap_file_list, out_filename, delete_src=False):

    if not all([os.path.exists(f) for f in pcap_file_list]):
        print("failed to merge cap file list...\nnot all files exist\n")
        return

    out_pkts = []
    for src in pcap_file_list:
        pkts = RawPcapReader(src)
        out_pkts += pkts
        if delete_src:
            os.unlink(src)

    # sort by timestamp
    out_pkts = sorted(out_pkts, key=__ts_key)

    writer = RawPcapWriter(out_filename, linktype=1)

    writer._write_header(None)
    for pkt in out_pkts:
        writer._write_packet(pkt[0], sec=pkt[1][0],
                             usec=pkt[1][1], caplen=pkt[1][2], wirelen=None)
Пример #6
0
        if PCAP_IN is None:
            raise getopt.GetoptError("Missing pcap file (-i)")

    except getopt.GetoptError, e:
        print >>sys.stderr, "ERROR: %s" % e
        raise SystemExit

    from scapy.config import conf
    from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
    from scapy.layers import all

    pcap = RawPcapReader(PCAP_IN)
    pcap_out = None
    if PCAP_OUT:
        pcap_out = RawPcapWriter(
            PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype)
        pcap_out._write_header(None)

    LLcls = conf.l2types.get(pcap.linktype)
    if LLcls is None:
        print >>sys.stderr, " Unknown link type [%i]. Can't test anything!" % pcap.linktype
        raise SystemExit

    i = -1
    differ = 0
    failed = 0
    for p1, meta in pcap:
        i += 1
        try:
            p2d = LLcls(p1)
            p2 = str(p2d)
Пример #7
0
def main(argv):
    PCAP_IN = None
    PCAP_OUT = None
    COMPRESS = False
    APPEND = False
    DIFF = False
    VERBOSE = 0
    try:
        opts = getopt.getopt(argv, "hi:o:azdv")
        for opt, parm in opts[0]:
            if opt == "-h":
                usage()
                raise SystemExit
            elif opt == "-i":
                PCAP_IN = parm
            elif opt == "-o":
                PCAP_OUT = parm
            elif opt == "-v":
                VERBOSE += 1
            elif opt == "-d":
                DIFF = True
            elif opt == "-a":
                APPEND = True
            elif opt == "-z":
                COMPRESS = True

        if PCAP_IN is None:
            raise getopt.GetoptError("Missing pcap file (-i)")

    except getopt.GetoptError as e:
        print >> sys.stderr, "ERROR: %s" % e
        raise SystemExit

    from scapy.config import conf
    from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
    from scapy.layers import all

    pcap = RawPcapReader(PCAP_IN)
    pcap_out = None
    if PCAP_OUT:
        pcap_out = RawPcapWriter(PCAP_OUT,
                                 append=APPEND,
                                 gz=COMPRESS,
                                 linktype=pcap.linktype)
        pcap_out._write_header(None)

    LLcls = conf.l2types.get(pcap.linktype)
    if LLcls is None:
        print >> sys.stderr, " Unknown link type [%i]. Can't test anything!" % pcap.linktype
        raise SystemExit

    i = -1
    differ = 0
    failed = 0
    for p1, meta in pcap:
        i += 1
        try:
            p2d = LLcls(p1)
            p2 = str(p2d)
        except KeyboardInterrupt:
            raise
        except Exception as e:
            print "Dissection error on packet %i" % i
            failed += 1
        else:
            if p1 == p2:
                if VERBOSE >= 2:
                    print "Packet %i ok" % i
                continue
            else:
                print "Packet %i differs" % i
                differ += 1
                if VERBOSE >= 1:
                    print repr(p2d)
                if DIFF:
                    hexdiff(p1, p2)
        if pcap_out is not None:
            pcap_out.write(p1)
    i += 1
    correct = i - differ - failed
    print "%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (
        i, correct, differ, failed, i and 100.0 * (correct) / i)
Пример #8
0
    
    except getopt.GetoptError,e:
        print >>sys.stderr,"ERROR: %s" % e
        raise SystemExit
    
    

    from scapy.config import conf
    from scapy.utils import RawPcapReader,RawPcapWriter,hexdiff
    from scapy.layers import all


    pcap = RawPcapReader(PCAP_IN)
    pcap_out = None
    if PCAP_OUT:
        pcap_out = RawPcapWriter(PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype)
        pcap_out._write_header(None)

    LLcls = conf.l2types.get(pcap.linktype)
    if LLcls is None:
        print >>sys.stderr," Unknown link type [%i]. Can't test anything!" % pcap.linktype
        raise SystemExit
    
    
    i=-1
    differ=0
    failed=0
    for p1,meta in pcap:
        i += 1
        try:
            p2d = LLcls(p1)
Пример #9
0
def pcap_writer(tmp_path):
    f = tmp_path / 'test.pcap'
    return RawPcapWriter(f.open('wb'), linktype=220, sync=True)
Пример #10
0
def main(argv):
    PCAP_IN = None
    PCAP_OUT = None
    COMPRESS = False
    APPEND = False
    DIFF = False
    VERBOSE = 0
    try:
        opts = getopt.getopt(argv, "hi:o:azdv")
        for opt, parm in opts[0]:
            if opt == "-h":
                usage()
                raise SystemExit
            elif opt == "-i":
                PCAP_IN = parm
            elif opt == "-o":
                PCAP_OUT = parm
            elif opt == "-v":
                VERBOSE += 1
            elif opt == "-d":
                DIFF = True
            elif opt == "-a":
                APPEND = True
            elif opt == "-z":
                COMPRESS = True

        if PCAP_IN is None:
            raise getopt.GetoptError("Missing pcap file (-i)")

    except getopt.GetoptError as e:
        print("ERROR: %s" % e, file=sys.stderr)
        raise SystemExit

    from scapy.config import conf
    from scapy.utils import RawPcapReader, RawPcapWriter, hexdiff
    from scapy.layers import all  # noqa: F401

    pcap = RawPcapReader(PCAP_IN)
    pcap_out = None
    if PCAP_OUT:
        pcap_out = RawPcapWriter(PCAP_OUT, append=APPEND, gz=COMPRESS, linktype=pcap.linktype)  # noqa: E501
        pcap_out._write_header(None)

    LLcls = conf.l2types.get(pcap.linktype)
    if LLcls is None:
        print(" Unknown link type [%i]. Can't test anything!" % pcap.linktype, file=sys.stderr)  # noqa: E501
        raise SystemExit

    i = -1
    differ = 0
    failed = 0
    for p1, meta in pcap:
        i += 1
        try:
            p2d = LLcls(p1)
            p2 = str(p2d)
        except KeyboardInterrupt:
            raise
        except Exception as e:
            print("Dissection error on packet %i: %s" % (i, e))
            failed += 1
        else:
            if p1 == p2:
                if VERBOSE >= 2:
                    print("Packet %i ok" % i)
                continue
            else:
                print("Packet %i differs" % i)
                differ += 1
                if VERBOSE >= 1:
                    print(repr(p2d))
                if DIFF:
                    hexdiff(p1, p2)
        if pcap_out is not None:
            pcap_out.write(p1)
    i += 1
    correct = i - differ - failed
    print("%i total packets. %i ok, %i differed, %i failed. %.2f%% correct." % (i, correct, differ,  # noqa: E501
                                                                                failed, i and 100.0 * (correct) / i))  # noqa: E501
Пример #11
0
    mod_start, mod_end, mod_count = time_range(mod_in)
    print('mod start={start}, end={end}'.format(start=format_utc(mod_start),
                                                end=format_utc(mod_end)))

# ref_start=1516826211
# ref_end=1516912610
# mod_start=1517336042
# mod_end=1517422440
# mod_count=4_156_081

# number of packets to process before output
status_period = mod_count // 10

with RawPcapReader(modify) as mod_in, \
 RawPcapWriter(modify_out,
                 linktype=mod_in.linktype,
                 endianness=mod_in.endian,
                 nano=mod_in.nano) as mod_out:

    count = 0
    # all packets should end up between ref_start and ref_end
    ref_range = ref_end - ref_start
    mod_range = mod_end - mod_start

    # since we're using the _write_packet internal function
    # must call _write_header manually, which has a required
    # parameter that isn't used
    mod_out._write_header(None)

    if should_normalize(ref_range, mod_range):
        print('Normalizing: pcaps time ranges are more than 10%')
        for pkt, meta in mod_in:
Пример #12
0
 def __init__(self, args):
     super(USBPcapWriter, self).__init__(args)
     self.pcap = RawPcapWriter(args.output, linktype=220, sync=True)
     self.lock = Lock()
Пример #13
0
 def __attrs_post_init__(self):
     log.info(f'Logging packets to PCAP file {self.pcap}')
     self._pcap = RawPcapWriter(self.pcap, linktype=220, sync=True)