def cybox_object_http(obj): http_session = HTTPSession() hh = HTTPRequestResponse() hc = HTTPClientRequest() if obj.client_request.message_body: hm = HTTPMessage() hm.lenght = len(obj.client_request.message_body) hm.message_body = String(obj.client_request.message_body) hc.http_message_body = hm rh = HTTPRequestHeader() if obj.client_request.raw_header: rh.raw_header = String(obj.client_request.raw_header) hhf = HTTPRequestHeaderFields() hhf.user_agent = String(obj.client_request.user_agent) host_field = HostField() host_field.domain_name = URI(value=obj.client_request.domain_name) port = Port() port.port_value = PositiveInteger(obj.client_request.port.port) host_field.port = port hhf.host = host_field rh.parsed_header = hhf hc.http_request_header = rh hl = HTTPRequestLine() hl.http_method = String(obj.client_request.request_method) hl.version = String(obj.client_request.request_version) hl.value = String(obj.client_request.request_uri) hc.http_request_line = hl hh.http_client_request = hc http_session.http_request_response = [hh] return http_session
def __create_cybox_http_client_request(self, data, port, body, method, value, version, whitelist): if not port: port = 80 http_client_req = HTTPClientRequest() if data: http_client_req.http_request_header = self.__create_cybox_http_header(data, port, whitelist) if not http_client_req.http_request_header: log.debug("no http request header object created ...") return None else: log.debug("no data information ...") if body: http_client_req.http_message_body = self.__create_cybox_http_message(body) else: log.debug("no body information ...") http_client_req.http_request_line = self.__create_cybox_http_req_line(method, value, version) return http_client_req
def http_conversations(httpconv): a = MalwareAction() ao = AssociatedObject() a.name = "Connect to URL" a.type_ = "Connect" ao.properties = NetworkConnection() ao.properties.layer4_protocol = httpconv["protocol"] header = HTTPResponseHeader() headerfiled = HTTPResponseHeaderFields() response = HTTPServerResponse() if httpconv["response_headers"].has_key("Transfer-Encoding"): headerfiled.transfer_encoding = httpconv["response_headers"]["Transfer-Encoding"] headerfiled.content_type = httpconv["response_headers"]["Content-Type"] headerfiled.server = httpconv["response_headers"]["Server"] headerfiled.connection = httpconv["response_headers"]["Connection"] #headerfiled.date = DateTime(httpconv["response_headers"]["Date"]) t = datetime.strptime(httpconv["response_headers"]["Date"],'%a, %d %b %Y %H:%M:%S %Z').replace(tzinfo=pytz.utc) #print t headerfiled.date = DateTime(t) headerfiled.content_type = httpconv["response_headers"]["type"] header.parsed_header = headerfiled if httpconv.has_key("download_content"): body = HTTPMessage() body.message_body = str(httpconv["download_content"]).encode('string-escape') response.http_message_body = body line = HTTPStatusLine() tmp = httpconv["response_headers"]["Status-Line"].split() line.version = tmp[0] line.status_code = PositiveInteger(tmp[1]) line.reason_phrase = tmp[2] response.http_status_line = line response.http_response_header = header client = HTTPClientRequest() line = HTTPRequestLine() tmp = httpconv["url"].split() line.http_method = tmp[0] line.value = tmp[1] line.version = tmp[2] client.http_request_line = line cheader = HTTPRequestHeader() cheaderfiled = HTTPRequestHeaderFields() host = HostField() host.domain_name = URI(httpconv["dst_host"]) val = Port() val.port_value = PositiveInteger(httpconv["dst_port"]) host.port = val cheaderfiled.host = host cheader.parsed_header = cheaderfiled client.http_request_header = cheader httpsession = HTTPSession() requestresponse = HTTPRequestResponse() requestresponse.http_client_request = client requestresponse.http_server_response = response httpsession.http_request_response = [requestresponse] layer7 = Layer7Connections() layer7.http_session = httpsession ao.properties.layer7_connections = layer7 #print ao.properties.to_dict() a.associated_objects = AssociatedObjects() a.associated_objects.append(ao) return a