def __create_cybox_http_request_response(self, entry, whitelist): if not entry: return None http_request_response = HTTPRequestResponse() if entry['host'].count(':')>0: host, port = entry['host'].rsplit(':', 1) else: port = 80 http_request_response.http_client_request = self.__create_cybox_http_client_request(entry['data'], port, entry['body'], entry['method'], entry['path'], entry['version'], whitelist) if not http_request_response.http_client_request: log.debug("no client response object created ...") return None http_request_response.http_server_response = None return [http_request_response]
def http_conversations(httpconv): a = MalwareAction() ao = AssociatedObject() a.name = "Connect to URL" a.type_ = "Connect" ao.properties = NetworkConnection() ao.properties.layer4_protocol = httpconv["protocol"] header = HTTPResponseHeader() headerfiled = HTTPResponseHeaderFields() response = HTTPServerResponse() if httpconv["response_headers"].has_key("Transfer-Encoding"): headerfiled.transfer_encoding = httpconv["response_headers"]["Transfer-Encoding"] headerfiled.content_type = httpconv["response_headers"]["Content-Type"] headerfiled.server = httpconv["response_headers"]["Server"] headerfiled.connection = httpconv["response_headers"]["Connection"] #headerfiled.date = DateTime(httpconv["response_headers"]["Date"]) t = datetime.strptime(httpconv["response_headers"]["Date"],'%a, %d %b %Y %H:%M:%S %Z').replace(tzinfo=pytz.utc) #print t headerfiled.date = DateTime(t) headerfiled.content_type = httpconv["response_headers"]["type"] header.parsed_header = headerfiled if httpconv.has_key("download_content"): body = HTTPMessage() body.message_body = str(httpconv["download_content"]).encode('string-escape') response.http_message_body = body line = HTTPStatusLine() tmp = httpconv["response_headers"]["Status-Line"].split() line.version = tmp[0] line.status_code = PositiveInteger(tmp[1]) line.reason_phrase = tmp[2] response.http_status_line = line response.http_response_header = header client = HTTPClientRequest() line = HTTPRequestLine() tmp = httpconv["url"].split() line.http_method = tmp[0] line.value = tmp[1] line.version = tmp[2] client.http_request_line = line cheader = HTTPRequestHeader() cheaderfiled = HTTPRequestHeaderFields() host = HostField() host.domain_name = URI(httpconv["dst_host"]) val = Port() val.port_value = PositiveInteger(httpconv["dst_port"]) host.port = val cheaderfiled.host = host cheader.parsed_header = cheaderfiled client.http_request_header = cheader httpsession = HTTPSession() requestresponse = HTTPRequestResponse() requestresponse.http_client_request = client requestresponse.http_server_response = response httpsession.http_request_response = [requestresponse] layer7 = Layer7Connections() layer7.http_session = httpsession ao.properties.layer7_connections = layer7 #print ao.properties.to_dict() a.associated_objects = AssociatedObjects() a.associated_objects.append(ao) return a