def expt_file(self, fmt):
file_ = asksaveasfilename(
parent=self.master, title='Please select a directory ...',
initialdir='./', defaultextension='.{fmt}'.format(fmt=fmt)
)
if file_:
try:
ext = Extractor(format=fmt, fin=self._ext.input, fout=file_, auto=False)
except FileNotFoundError:
showerror('Unable to export.', "Original file '{}' is missing.".format(self._ext.input))
else:
# loading label setup
self.label = Label(self.frame, width=40, height=10, bd=4, anchor='w',
justify=LEFT, bg=BGCOLOUR, font=('Courier New', 22)
)
self.label.place(relx=0.5, rely=0.5, anchor=CENTER)
# extracting pcap file
for frame in ext:
percent = 100.0 * ext.length / self.length
content = EXPT(percent)
self.label.config(text=content)
self.label.update()
time.sleep(0.5)
self.label.place_forget()
showinfo('Export done.', "File stored in '{dir}'.".format(dir=file_))
def main():
"""Entrypoint."""
parser = get_parser()
args = parser.parse_args()
warnings.simplefilter('ignore')
if args.format:
fmt = args.format
elif args.json:
fmt = JSON
elif args.plist:
fmt = PLIST
elif args.tree:
fmt = TREE
else:
fmt = None
extractor = Extractor(store=False, format=fmt,
fin=args.fin, fout=args.fout,
auto=args.verbose, files=args.files,
layer=args.layer, protocol=args.protocol,
engine=args.engine, extension=args.auto_extension)
if not args.verbose:
try:
print(emoji.emojize(f":police_car_light: Loading file {extractor.input!r}"))
except UnicodeEncodeError:
print(f"[*] Loading file {extractor.input!r}")
for _ in extractor:
print(f' - Frame {extractor.length:>3d}: {extractor.protocol}')
try:
print(emoji.emojize(f":beer_mug: Report file{'s' if args.files else ''} stored in {extractor.output!r}"))
except UnicodeEncodeError:
print(f"[*] Report file{'s' if args.files else ''} stored in {extractor.output!r}")
def open_cmd(self, *, root='init'):
# remove cache
open('assets/out', 'w').close()
fin = input('\nWhich file would you like to open: ')
if '.pcap' not in fin:
fin = '{}.pcap'.format(fin)
while not os.path.isfile(fin):
if fin in QUIT:
return None
fin = input('Invalid file.\nPlease retry: ')
if '.pcap' not in fin:
fin = '{}.pcap'.format(fin)
self.__frames = []
try:
print('\n🚨Loading file {}...'.format(fin))
self.__ext = Extractor(fin=fin,
fout='assets/out',
format='tree',
auto=False,
extension=False)
# extracting pcap file
print('🍺Extracting...')
for frame in self.__ext:
content = NUMB(self.length, self.protocol)
print(content)
print(end='\r', flush=True)
print('🍻Extraction done.')
return 'open'
except FileError:
print('Unsupported file format.')
return root
except FileNotFoundError:
print("❌Invalid input file '{}'.".format(fin))
return root
def open_file(self, name=None):
# remove cache
open('assets/out', 'w').close()
ifnm = name or askopenfilename(
parent=self.master, title='Please select a file ...',
filetypes=[('PCAP Files', '*.pcap'), ('CAP Files', '*.cap'), ('All Files', '*.*')],
initialdir='./', initialfile='in.pcap'
)
ifnm = ifnm.strip()
if pathlib.Path(ifnm).is_file():
try:
self._ext = Extractor(fin=ifnm, fout='assets/out', format='tree', auto=False, extension=False)
except FileError:
showerror('Unsupported file format!', 'Please retry.')
self.button.place()
self.text.pack()
return
self.button.place_forget()
self.text.pack_forget()
try:
self.listbox.pack_forget()
self.scrollbar.pack_forget()
except:
pass
self._frnum = 1
self.keep_file(ifnm)
self.load_file()
else:
if askokcancel('Unsupported file!', 'Please retry.'):
self.open_file()
else:
self.button.place()
self.text.pack()
def save_cmd(self, fmt, *, root='open'):
path = input('\nWhere would you like to export: ')
while True:
if path in QUIT:
return None
try:
ext = Extractor(format=fmt,
fin=self.__ext.input,
fout=path,
auto=False)
print('\n🍺Exporting...')
# extracting pcap file
for frame in ext:
percent = 100.0 * ext.length / self.length
content = EXPT(percent)
print(content, end='\r', flush=True)
print()
print('🍻Export done.')
print('The report has been stored in {}'.format(ext.output))
return root
except:
path = input('Invalid file name!\nPlease retry: ')
def extract(
fin=None,
fout=None,
format=None, # basic settings
auto=True,
extension=True,
store=True, # internal settings
files=False,
nofile=False,
verbose=False, # output settings
engine=None,
layer=None,
protocol=None, # extraction settings
ip=False,
ipv4=False,
ipv6=False,
tcp=False,
strict=True, # reassembly settings
trace=False,
trace_fout=None,
trace_format=None, # trace settings
trace_byteorder=sys.byteorder,
trace_nanosecond=False): # trace settings
"""Extract a PCAP file.
Keyword arguments:
* fin -- str, file name to be read; if file not exist, raise an error
* fout -- str, file name to be written
* format -- str, file format of output
<keyword> 'plist' / 'json' / 'tree' / 'html'
* auto -- bool, if automatically run till EOF (default is True)
<keyword> True / False
* extension -- bool, if check and append extensions to output file (default is True)
<keyword> True / False
* store -- bool, if store extracted packet info (default is True)
<keyword> True / False
* files -- bool, if split each frame into different files (default is False)
<keyword> True / False
* nofile -- bool, if no output file is to be dumped (default is False)
<keyword> True / False
* verbose -- bool, if print verbose output information (default is False)
<keyword> True / False
* engine -- str, extraction engine to be used
<keyword> 'default | pcapkit'
* layer -- str, extract til which layer
<keyword> 'Link' / 'Internet' / 'Transport' / 'Application'
* protocol -- str, extract til which protocol
<keyword> available protocol name
* ip -- bool, if record data for IPv4 & IPv6 reassembly (default is False)
<keyword> True / False
* ipv4 -- bool, if perform IPv4 reassembly (default is False)
<keyword> True / False
* ipv6 -- bool, if perform IPv6 reassembly (default is False)
<keyword> True / False
* tcp -- bool, if perform TCP reassembly (default is False)
<keyword> True / False
* strict -- bool, if set strict flag for reassembly (default is True)
<keyword> True / False
* trace -- bool, if trace TCP traffic flows (default is False)
<keyword> True / False
* trace_fout -- str, path name for flow tracer if necessary
* trace_format -- str, output file format of flow tracer
<keyword> 'plist' / 'json' / 'tree' / 'html' / 'pcap'
* trace_byteorder -- str, output file byte order
<keyword> 'little' / 'big'
* trace_nanosecond -- bool, output nanosecond-resolution file flag
<keyword> True / False
Returns:
* Extractor -- an Extractor object form `pcapkit.extractor`
"""
if isinstance(layer, type) and issubclass(layer, Protocol):
layer = layer.__layer__
if isinstance(protocol, type) and issubclass(protocol, Protocol):
protocol = protocol.__index__()
str_check(fin or '', fout or '', format or '', trace_fout or '',
trace_format or '', engine or '', layer or '', *(protocol or ''))
bool_check(files, nofile, verbose, auto, extension, store, ip, ipv4, ipv6,
tcp, strict, trace)
return Extractor(fin=fin,
fout=fout,
format=format,
store=store,
files=files,
nofile=nofile,
auto=auto,
verbose=verbose,
extension=extension,
engine=engine,
layer=layer,
protocol=protocol,
ip=ip,
ipv4=ipv4,
ipv6=ipv6,
tcp=tcp,
strict=strict,
trace=trace,
trace_fout=trace_fout,
trace_format=trace_format,
trace_byteorder=trace_byteorder,
trace_nanosecond=trace_nanosecond)
def follow_tcp_stream(fin=None, verbose=False, extension=True, engine=None, # Extrator options
fout=None, format=None, byteorder=None, nanosecond=None): # TraceFlow options
"""Follow TCP streams.
Arguments:
fin (Optiona[str]): file name to be read; if file not exist, raise :exc:`FileNotFound`
extension (bool): if check and append extensions to output file
verbose (bool): if print verbose output information
engine (Optional[Literal['default', 'pcapkit', 'dpkt', 'scapy', 'pyshark', 'server', 'pipeline']]):
extraction engine to be used
fout (Optional[str]): path name for flow tracer if necessary
format (Optional[Literal['plist', 'json', 'tree', 'pcap']]): output file
format of flow tracer
byteorder (Literal['little', 'big']): output file byte order
nanosecond (bool): output nanosecond-resolution file flag
Returns:
Tuple[pcapkit.corekit.infoclass.Info]: List of extracted TCP streams.
"""
if isinstance(engine, str) and engine.casefold() == 'pyshark':
warnings.warn(f'unsupported extraction engine: {engine}; fallback to default engine',
EngineWarning, stacklevel=stacklevel())
engine = None
extraction = Extractor(fin=fin, fout=None, format=None, auto=True, extension=extension,
store=True, files=False, nofile=True, verbose=verbose, engine=engine,
layer=None, protocol=None, ip=False, ipv4=False, ipv6=False, tcp=False,
strict=False, trace=True, trace_fout=fout, trace_format=format,
trace_byteorder=byteorder, trace_nanosecond=nanosecond)
fallback = False
if extraction.engine == 'dpkt':
from pcapkit.toolkit.dpkt import tcp_reassembly
elif extraction.engine == 'scapy':
from pcapkit.toolkit.scapy import tcp_reassembly
else:
from pcapkit.toolkit.default import tcp_reassembly
fallback = True
streams = list()
frames = extraction.frame
for stream in extraction.trace:
reassembly = TCP_Reassembly(strict=False)
packets = list()
for index in stream.index:
frame = frames[index-1]
packets.append(frame)
if fallback:
flag, data = tcp_reassembly(frame)
else:
flag, data = tcp_reassembly(frame, count=index)
if flag:
reassembly(data)
streams.append(Info(
filename=stream.fpout,
packets=tuple(packets),
conversations=tuple(datagram.payload for datagram in sorted(
reassembly.datagram, key=lambda datagram: datagram.index # make sure the converstations are in order
)),
))
return tuple(streams)
def extract(
fin=None,
fout=None,
format=None, # basic settings # pylint: disable=redefined-builtin
auto=True,
extension=True,
store=True, # internal settings
files=False,
nofile=False,
verbose=False, # output settings
engine=None,
layer=None,
protocol=None, # extraction settings
ip=False,
ipv4=False,
ipv6=False,
tcp=False,
strict=True, # reassembly settings
trace=False,
trace_fout=None,
trace_format=None, # trace settings # pylint: disable=redefined-outer-name
trace_byteorder=sys.byteorder,
trace_nanosecond=False): # trace settings
"""Extract a PCAP file.
Arguments:
fin (Optiona[str]): file name to be read; if file not exist, raise :exc:`FileNotFound`
fout (Optiona[str]): file name to be written
format (Optional[Literal['plist', 'json', 'tree']]): file format of output
auto (bool): if automatically run till EOF
extension (bool): if check and append extensions to output file
store (bool): if store extracted packet info
files (bool): if split each frame into different files
nofile (bool): if no output file is to be dumped
verbose (bool): if print verbose output information
engine (Optional[Literal['default', 'pcapkit', 'dpkt', 'scapy', 'pyshark', 'server', 'pipeline']]):
extraction engine to be used
layer (Optional[Literal['Link', 'Internet', 'Transport', 'Application']]): extract til which layer
protocol (Optional[Union[str, Tuple[str], Type[Protocol]]]): extract til which protocol
ip (bool): if record data for IPv4 & IPv6 reassembly
ipv4 (bool): if perform IPv4 reassembly
ipv6 (bool): if perform IPv6 reassembly
tcp (bool): if perform TCP reassembly
strict (bool): if set strict flag for reassembly
trace (bool): if trace TCP traffic flows
trace_fout (Optional[str]): path name for flow tracer if necessary
trace_format (Optional[Literal['plist', 'json', 'tree', 'pcap']]): output file
format of flow tracer
trace_byteorder (Literal['little', 'big']): output file byte order
trace_nanosecond (bool): output nanosecond-resolution file flag
Returns:
Extractor -- an :class:`~pcapkit.foundation.extraction.Extractor` object
"""
if isinstance(layer, type) and issubclass(layer, Protocol):
layer = layer.__layer__
if isinstance(protocol, type) and issubclass(protocol, Protocol):
protocol = protocol.id()
str_check(fin or '', fout or '', format or '', trace_fout or '',
trace_format or '', engine or '', layer or '', *(protocol or ''))
bool_check(files, nofile, verbose, auto, extension, store, ip, ipv4, ipv6,
tcp, strict, trace)
return Extractor(fin=fin,
fout=fout,
format=format,
store=store,
files=files,
nofile=nofile,
auto=auto,
verbose=verbose,
extension=extension,
engine=engine,
layer=layer,
protocol=protocol,
ip=ip,
ipv4=ipv4,
ipv6=ipv6,
tcp=tcp,
strict=strict,
trace=trace,
trace_fout=trace_fout,
trace_format=trace_format,
trace_byteorder=trace_byteorder,
trace_nanosecond=trace_nanosecond)