def load_muck_actions(self, _rule):
"""
Load muck actions for a given rule.
@param _rule: The rule name to load parameters for
@type _rule: string
"""
rule_keys = _rule.keys()
mucks = []
for rule_key in rule_keys:
if rule_key.find("muck_") == 0:
mucks.append(_rule[rule_key])
muck_action = rule.Muck()
try:
muck_action = rule.Muck(mucks)
except:
print self.log.info( ("ConfigRules:load_muck_actions "
"- bad config syntax"))
return muck_action
import muckpipe
import rule
ruledict = {
"name": "http_muck_mangle",
"port": 80,
#"action":rule.Muck(["\//fslash/g","T/t/2"])
"action": rule.Muck(["Address/Arfdress/g"]),
"direction": "s2c"
}
r = rule.Rule("").fromdict(ruledict)
f = open("tip.html", "r")
fdata = f.read()
result = r.action.execute(data=fdata)
print result
not halt the rule chain matching, will ultimately be added. The goal is to add
a "passthrough":True, parameter to the rule, in which case the rule processing
does not terminate with that rule, even if it matches.
Note: UDP is not currently supported, but it will eventually be supported.
"""
# ORDER IS IMPORTANT!
userrules = [
# Default wildcard ruleset, send everything to debugger when active.
{
"name": "http_muck_mangle_c2s",
"action": rule.Muck(["gzip,deflate/ /1", "deflate/ /1", "gzip/ /1"]),
"direction": "c2s",
"passthru": "True"
},
{
"name":
"FuzzS2C",
"action":
rule.Fuzz(bit_flip_percentage=45,
bof_injection_percentage=100,
bit_flip_density=12),
"direction":
"s2c",
"passthru":
"True"
},
def rulefromform(self):
name = str(self.main.linename.text())
direction = ""
if self.main.radio_dir_s2c.isChecked():
direction = "s2c"
elif self.main.radio_dir_c2s.isChecked():
direction = "c2s"
addr = self.main.lineaddr.text()
# Will have three dots when address is empty due to mask
# Not a strict check, but it lets wildcard rules exist
if addr == "...":
addr = ""
port = self.main.lineport.text()
payload = "" # temporary placement until guis element is added
try:
payload = str(self.main.linepayload.text())
except:
pass
passthru = False
if self.main.radio_passthru_yes.isChecked():
passthru = True
action = rule.Nothing()
if self.main.radio_type_debug.isChecked():
action = rule.Debug()
print "RuleEdit.rulefromform: creating debug rule"
elif self.main.radio_type_muck.isChecked():
muckstr = str(self.main.textruleobj.toPlainText())
muckarr = muckstr.split("\n")
#muckarr = [i.decode("string-escape") for i in muckarr]
action = rule.Muck(muckarr)
try:
# Test the muck syntax by executing it against bogus data.
mp = muckpipe.MuckPipe("").fromlist(action.mucks)
mp.data = "dark and empty"
mp.muck()
except:
warn = QtGui.QMessageBox.Warning
title = "Invalid Muckpipe Specification"
text = "Please check the syntax of your Muck(s). " \
"For more information on muck rule formatting please " \
"hover over the 'Muck' label in this form"
self.msgbox = QtGui.QMessageBox(warn, title, text)
self.msgbox.show()
print sys.exc_info()
return None
elif self.main.radio_type_fuzz.isChecked():
action = rule.Fuzz()
newrule = rule.Rule("").fromdict({
"name": name,
"passthru": passthru,
"direction": direction,
"addr": addr,
"port": port,
"action": action,
"payload": payload
})
print "Newrule %s" % (newrule)
return newrule