def check_app(app, force=False): ''' Check application based on app name in Tapioca results ''' dnscacheloaded = False largewarned = False # Get pcap file location if app.endswith('.pcap'): pcapfile = app if os.path.exists(pcapfile): sys.stdout = Logger('%s.%s' % (pcapfile, report_output)) else: pcapfile = os.path.join('results', app, 'tcpdump.pcap') if os.path.exists(pcapfile): sys.stdout = Logger(os.path.join('results', app, report_output)) if os.path.exists(pcapfile): pcapdir = os.path.dirname(pcapfile) dnspkl = os.path.join(pcapdir, '.dnsmap.pkl') eprint(color.bright('Checking app %s...' % color.cyan(app))) if os.path.exists(dnspkl) and not force: eprint('Loading cached DNS info...') with open(dnspkl, 'rb') as pklhandle: try: net.dnsmap = pickle.load(pklhandle) dnscacheloaded = True except: pass if not dnscacheloaded: if os.path.getsize(pcapfile) > 100000000: # Over 100MB eprint( color.bright( color.yellow( 'Warning: capture size is large. Please be patient.' ))) largewarned = True # Get captured DNS info for IP addresses eprint('Getting DNS info...') dnspackets = pyshark.FileCapture(pcapfile, keep_packets=False, display_filter='dns') dnspackets.apply_on_packets(net.get_dns_info, timeout=1000) with open(dnspkl, 'wb') as pklhandle: pickle.dump(net.dnsmap, pklhandle, protocol=pickle.HIGHEST_PROTOCOL) if os.path.getsize(pcapfile) > 100000000 and not largewarned: # Over 100MB eprint( color.bright( color.yellow( 'Warning: capture size is large. Please be patient.'))) largewarned = True sslpackets = pyshark.FileCapture(pcapfile, keep_packets=False, display_filter='ssl') eprint('Getting SSL info from capture...') # get_indexed_ssl_info(cap) sslpackets.apply_on_packets(net.get_ssl_info, timeout=1000) dtlspackets = pyshark.FileCapture(pcapfile, keep_packets=False, display_filter='dtls') eprint('Getting DTLS info from capture...') dtlspackets.apply_on_packets(net.get_dtls_info, timeout=1000) # Print report generate_report(app, pcapfile=pcapfile) # Reset globals net.clear()
def check_app(app, fullpacket=False, force=False): ''' Check application based on app name in Tapioca results ''' dnscacheloaded = False targetscacheloaded = False largewarned = False # load local network from config net.set_local() # Get pcap file location if app.endswith('.pcap'): pcapfile = app if os.path.exists(pcapfile): sys.stdout = Logger('%s.%s' % (pcapfile, report_output)) else: pcapfile = os.path.join('results', app, 'tcpdump.pcap') if os.path.exists(pcapfile): sys.stdout = Logger(os.path.join('results', app, report_output)) if os.path.exists(pcapfile): pcapdir = os.path.dirname(pcapfile) dnspkl = os.path.join(pcapdir, '.dnsmap.pkl') targetspkl = os.path.join(pcapdir, '.targets.pkl') eprint(color.bright('Checking app %s...' % color.cyan(app))) if os.path.exists(dnspkl) and not force: eprint('Loading cached DNS info...') with open(dnspkl, 'rb') as pklhandle: try: net.dnsmap = pickle.load(pklhandle) net.dnsreqs = pickle.load(pklhandle) dnscacheloaded = True except: pass if not dnscacheloaded: if os.path.getsize(pcapfile) > 100000000: # Over 100MB eprint( color.bright( color.yellow( 'Warning: capture size is large. Please be patient.' ))) largewarned = True # Get captured DNS info for IP addresses eprint('Getting DNS info...') dnspackets = pyshark.FileCapture(pcapfile, keep_packets=False, display_filter='dns') dnspackets.apply_on_packets(net.get_dns_info, timeout=1000) with open(dnspkl, 'wb') as pklhandle: pickle.dump(net.dnsmap, pklhandle, protocol=pickle.HIGHEST_PROTOCOL) pickle.dump(net.dnsreqs, pklhandle, protocol=pickle.HIGHEST_PROTOCOL) # if os.path.exists(targetspkl) and not force: # eprint('Loading cached targets...') # with open(targetspkl, 'rb') as pklhandle: # try: # net.targets = pickle.load(pklhandle) # targetscacheloaded = True # except: # pass if not targetscacheloaded: if fullpacket: packets = pyshark.FileCapture(pcapfile, keep_packets=False) # Get hosts contacted eprint('Getting hosts contacted...') packets.apply_on_packets(net.get_hosts_contacted_fullpacket, timeout=1000) else: packets = pyshark.FileCapture(pcapfile, keep_packets=False, only_summaries=True) # Get hosts contacted eprint('Getting hosts contacted...') packets.apply_on_packets(net.get_hosts_contacted, timeout=1000) # with open(targetspkl, 'wb') as pklhandle: # pickle.dump( # net.targets, pklhandle, protocol=pickle.HIGHEST_PROTOCOL) # Print report generate_report(app, fullpacket=fullpacket, pcapfile=pcapfile) # Reset globals net.clear()