本文整理汇总了Python中impacket.ImpactDecoder.LinuxSLLDecoder.decode方法的典型用法代码示例。如果您正苦于以下问题:Python LinuxSLLDecoder.decode方法的具体用法?Python LinuxSLLDecoder.decode怎么用?Python LinuxSLLDecoder.decode使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.ImpactDecoder.LinuxSLLDecoder的用法示例。
在下文中一共展示了LinuxSLLDecoder.decode方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: OSCServer
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class OSCServer(Thread) :
def __init__(self, callback, dev='any', port = 3333, ignoreIp = None) :
Thread.__init__(self)
DEV = dev # interface to listen on
MAX_LEN = 1514 # max size of packet to capture
PROMISCUOUS = 1 # promiscuous mode?
READ_TIMEOUT = 100 # in milliseconds
self.MAX_PKTS = -1 # number of packets to capture; -1 => no limit
self.p = open_live(DEV, MAX_LEN, PROMISCUOUS, READ_TIMEOUT)
myfilter = 'udp and port '+str(port)
if ignoreIp:
myfilter+=' and not dst host '+ignoreIp
self.p.setfilter(myfilter)
self.callback = callback
self.packets = 0
datalink = self.p.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
def ph(self,hdr, data):
p = self.decoder.decode(data)
ip = p.child()
udp = ip.child()
self.packets+=1
self.callback( udp.get_data_as_string())
def run(self) :
self.p.loop(self.MAX_PKTS,self.ph)示例2: __init__
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class UdpSender:
def __init__(self, pcapReader, dstIp, dstPort):
self.socket_ = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.dest = (dstIp, dstPort)
# Query datalink type and instantiate the corresponding decoder
datalink = pcapReader.datalink()
if datalink == pcapy.DLT_EN10MB:
self.decoder = EthDecoder()
elif datalink == pcapy.DLT_LINUX_SLL:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported");
self.pcapReader = pcapReader
self.counter = 0
def run(self):
# Sniff ad infinitum
# Packet handler will be invoked by pcap for every packet
self.pcapReader.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
# Use the ImpactDecoder to turn the raw packet into a hierarchy of
# ImpactPacket instances
# Display the packet en human-readable form
dl_header = self.decoder.decode(data)
ip_header = dl_header.child()
self.counter += 1
data_to_send = ip_header.get_packet()
self.socket_.sendto(data_to_send, self.dest)
print "Transfered packet No. %d" % self.counter示例3: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
"""A thread to sniff packets on my machine,
read the SYN number and send it to the peer"""
def __init__(self, pcapObj, udp_obj):
self.udp_obj = udp_obj
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
Thread.__init__(self)
def run(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(1, self.packetHandler)
def packetHandler(self, hdr, data):
# Use the ImpactDecoder to turn the rawpacket into a hierarchy
# of ImpactPacket instances.
# Display the packet in human-readable form.
try:
packet = self.decoder.decode(data)
#print 'Try to send SYN...'
syn = packet.child().child().get_th_seq()
self.udp_obj.send_SYN_to_ConnectionBroker(syn)
except:
print "Unexpected error:", sys.exc_info()[0], sys.exc_info()[1]示例4: __init__
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class Decoder:
def __init__(self, pcapObj):
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
self.connections = {}
def start(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
# Use the ImpactDecoder to turn the rawpacket into a hierarchy
# of ImpactPacket instances.
try:
p = self.decoder.decode(data)
ip = p.child()
protocol = ip.get_ip_p()
# Build a distinctive key for this pair of peers.
if protocol == 6:
tcp = ip.child()
proto = 'TCP'
src = (ip.get_ip_src(), tcp.get_th_sport())
dst = (ip.get_ip_dst(), tcp.get_th_dport())
con = Connection(proto, src, dst)
elif protocol == 17:
udp = ip.child()
proto = 'UDP'
src = (ip.get_ip_src(), udp.get_uh_sport())
dst = (ip.get_ip_dst(), udp.get_uh_dport())
con = Connection(proto, src, dst)
# If there isn't an entry associated yetwith this connection,
# open a new pcapdumper and create an association.
if not self.connections.has_key(con):
fn = con.getFilename()
print "Found a new connection, storing into:", fn
try:
dumper = self.pcap.dump_open(fn)
except pcapy.PcapError, e:
print "Can't write packet to:", fn
return
self.connections[con] = dumper
# Write the packet to the corresponding file.
self.connections[con].dump(hdr, data)
except Exception as e:
print str(e)
pass示例5: __init__
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class Decoder:
def __init__(self, pcapObj):
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
self.connections = {}
def start(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
"""Handles an incoming pcap packet. This method only knows how
to recognize TCP/IP connections.
Be sure that only TCP packets are passed onto this handler (or
fix the code to ignore the others).
Setting r"ip proto \tcp" as part of the pcap filter expression
suffices, and there shouldn't be any problem combining that with
other expressions.
"""
# Use the ImpactDecoder to turn the rawpacket into a hierarchy
# of ImpactPacket instances.
p = self.decoder.decode(data)
ip = p.child()
tcp = ip.child()
# Build a distinctive key for this pair of peers.
src = (ip.get_ip_src(), tcp.get_th_sport() )
dst = (ip.get_ip_dst(), tcp.get_th_dport() )
con = Connection(src,dst)
# If there isn't an entry associated yetwith this connection,
# open a new pcapdumper and create an association.
if not self.connections.has_key(con):
fn = con.getFilename()
print "Found a new connection, storing into:", fn
try:
dumper = self.pcap.dump_open(fn)
except pcapy.PcapError, e:
print "Can't write packet to:", fn
return
self.connections[con] = dumper
# Write the packet to the corresponding file.
self.connections[con].dump(hdr, data)示例6: __init__
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class Decoder:
def __init__(self, pcapObj):
# Query the type of the link and instantiate a decoder accordingly.
self.proto_id = None
self.src_ip = None
self.tgt_ip = None
self.src_port = None
self.tgt_port = None
self.msgs = [] # error msgs
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
self.connections = []
def start(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
"""Handles an incoming pcap packet. This method only knows how
to recognize TCP/IP connections.
Be sure that only TCP packets are passed onto this handler (or
fix the code to ignore the others).
Setting r"ip proto \tcp" as part of the pcap filter expression
suffices, and there shouldn't be any problem combining that with
other expressions.
"""
# Use the ImpactDecoder to turn the rawpacket into a hierarchy
# of ImpactPacket instances.
try:
p = self.decoder.decode(data)
logging.debug("start decoding" )
except Exception, e:
logging.error("p = self.decoder.decode(data) failed for device" )
msgs.append(str(e))
# get the details from the decoded packet data
if p:
try:
self.src_ip = p.child().get_ip_src()
self.tgt_ip = p.child().get_ip_dst()
self.proto_id = p.child().child().protocol
except Exception, e:
logging.error("exception while parsing ip packet: %s" % str(e))
self.msgs.append(str(e))示例7: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
def __init__(self, pcapObj):
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
Thread.__init__(self)
def run(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
# Use the ImpactDecoder to turn the rawpacket into a hierarchy
# of ImpactPacket instances.
# Display the packet in human-readable form.
print self.decoder.decode(data)示例8: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
def __init__(self, pcapObj,subnet,arptable):
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
self.subnet = subnet
self.arptable = arptable
Thread.__init__(self)
#super(Thread, self).__init__()
def run(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
e = self.decoder.decode(data)
if e.get_ether_type() == impacket.ImpactPacket.IP.ethertype:
#print e.child().get_ip_src()
ip = e.child()
ttl = ip.get_ip_ttl()
## Uneven but not 1 or 255 ttl means it's probably coming from a router ##
if (ttl % 2) > 0 and ttl > 1 and ttl != 255:
self.subnet.gatewaymac = e.get_ether_shost()
self.subnet.sourcemac = e.get_ether_dhost()
self.subnet.sourceaddress = ip.get_ip_dst()
if e.get_ether_type() == impacket.ImpactPacket.ARP.ethertype:
arp = e.child()
self.subnet.registeraddress(arp.get_ar_tpa())
self.subnet.registeraddress(arp.get_ar_spa())
if arp.get_op_name(arp.get_ar_op()) == "REPLY":
print "got arp reply"
self.arptable.registeraddress(arp.get_ar_spa(), arp.as_hrd(arp.get_ar_sha()))
if arp.get_op_name(arp.get_ar_op()) == "REQUEST":
self.arptable.registeraddress(arp.get_ar_spa(), arp.as_hrd(arp.get_ar_sha()))示例9: NetdudeDecoder
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class NetdudeDecoder(Decoder):
"""
"""
def __init__(self,pcapObj ):
"""
"""
self.proto_id = None
self.src_ip = None
self.tgt_ip = None
self.src_port = None
self.tgt_port = None
self.msgs = [] # error msgs
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
self.connections = []
def packetHandler(self, hdr, data):
try:
p = self.decoder.decode(data)
logging.debug("start decoding" )
except Exception, e:
logging.error("p = self.decoder.decode(data) failed for device" )
msgs.append(str(e))
# get the details from the decoded packet data
if p:
try:
self.src_ip = p.child().get_ip_src()
self.tgt_ip = p.child().get_ip_dst()
self.proto_id = p.child().child().protocol
except Exception, e:
logging.error("exception while parsing ip packet: %s" % str(e))
self.msgs.append(str(e))示例10: PacketLoop
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class PacketLoop(Thread):
""" PacketLoop(Thread) Main Class """
def __init__(self, pcapy_object):
""" PacketLoop(Thread) Class Constructor """
datalink = pcapy_object.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
print "Datalink type not supported: " % datalink
exit()
self.pcap = pcapy_object
Thread.__init__(self)
self.stop = False
#----------------------------------------------------------------------
def run(self):
""" Thread Main Function """
while not self.stop:
self.pcap.dispatch(1, self.packet_handler)
#----------------------------------------------------------------------
def get_ips(self, decoded_data):
""" Returns src and dst ips in tuple format """
return (decoded_data.child().get_ip_src(), decoded_data.child().get_ip_dst())
#----------------------------------------------------------------------
def get_ports(self, decoded_data):
""" Returns src and dst ports in tuple format """
return (
decoded_data.child().child().get_th_sport(),
decoded_data.child().child().get_th_dport()
)
#----------------------------------------------------------------------
def get_raw_data(self, decoded_data):
""" Returns byte data """
#return decoded_data.child().child().child().get_buffer_as_string()
return decoded_data.child().child().child().get_packet()
#----------------------------------------------------------------------
def packet_handler(self, header, data):
print data
import sys
sys.exit(12)
"""
Packet Handler Function
Use the ImpactDecoder to turn the rawpacket into a human readable format
"""
decoded_data = self.decoder.decode(data)
src_ip, dst_ip = self.get_ips(decoded_data)
src_port, dst_port = self.get_ports(decoded_data)
raw_data = self.get_raw_data(decoded_data)
#print "[%s:%s] --> [%s:%s]" % (src_ip, src_port, dst_ip, dst_port)
print raw_data
if raw_data.startswith("HTTP"):
decode_raw = HttpResponseDecoder(raw_data)
decode_raw.parse()
print decode_raw
print decode_raw.body
self.stop = True
else:
decode_raw = HttpRequestDecoder(raw_data)
decode_raw.parse()
print decode_raw示例11: Pcap
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class Pcap(object):
def __init__(self, promisc=True, buffer_size=None, read_timeout=100, show_packets=False):
self._pcap_t = None
self._packets = None
assert promisc in (True, False), "promisc must be either True or False"
self._promisc = promisc
self._buffer_size = buffer_size
self._read_timeout = read_timeout
assert show_packets in (True, False), "show_packets must be either True or False"
self._show_packets = show_packets
self._pcap_lock = threading.Lock()
try:
from impacket.ImpactDecoder import LinuxSLLDecoder
self._decoder = LinuxSLLDecoder()
except ImportError:
self._decoder = None
def _set_buffer(self, buffer_size):
w.pcap_set_buffer_size(self._pcap_t, buffer_size)
def _set_timeout(self, read_timeout):
w.pcap_set_timeout(self._pcap_t, read_timeout)
@property
def packets(self):
for p in iter(self._packets.get, None):
yield p
@property
def packet_count(self):
return self._packets.qsize()
@property
def activated(self):
return self._pcap_t is not None
@property
def snaplen(self):
if not self.activated:
raise PcapError(w.PCAP_ERROR_NOT_ACTIVATED)
return w.pcap_snapshot(self._pcap_t)
@snaplen.setter
def snaplen(self, snaplen):
if not self.activated:
raise PcapError(w.PCAP_ERROR_NOT_ACTIVATED)
return w.pcap_set_snaplen(self._pcap_t, snaplen) == 0
@property
def promisc(self):
return self._promisc
def _set_promisc(self, state):
w.pcap_set_promisc(self._pcap_t, state)
@property
def tstamp_types(self):
return [(val, w.pcap_tstamp_type_val_to_name(val), w.pcap_tstamp_type_val_to_description(val)) for val in w.pcap_list_tstamp_types(self._pcap_t)]
@property
def datalink(self):
dl = w.pcap_datalink(self._pcap_t)
for dl_type, dl_name, dl_description in self.datalinks:
if dl == dl_type:
return dl_name
return None
def set_datalink(self, dlt):
return w.pcap_set_datalink(self._pcap_t, dlt) == 0
@property
def datalinks(self):
if not self.activated:
raise PcapError(w.PCAP_ERROR_NOT_ACTIVATED)
return [(val, w.pcap_datalink_val_to_name(val), w.pcap_datalink_val_to_description(val)) for val in w.pcap_list_datalinks(self._pcap_t)]
def set_tstamp_type(self, tstamp_type):
return w.pcap_set_tstamp_type(self._pcap_t, tstamp_type) == 0
def _activate(self):
self._packets = Queue()
w.pcap_activate(self._pcap_t)
def _start(self):
self._activate()
self._start_loop()
def _start_loop(self):
thread.start_new_thread(self._loop, tuple())
def _loop(self):
user = str(id(self))
_pcap_user_mapping[user] = self
#.........这里部分代码省略.........
示例12: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
def __init__(self, pcapObj):
self.searchTerm = 'commands'
self.hostDict = {}
self.flowDict = {}
self.arbitraryChunkedLength = 30000 # as length of chunked tranfers can not be measured, we will provide an artibrary length for now
# OSC functionality (multicasting for now)
sendAddress = '127.0.0.1', 57120
self.oscClient=OSCClient()
self.oscClient.connect(sendAddress)
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.pcap = pcapObj
Thread.__init__(self)
def run(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
# Use the ImpactDecoder to turn the rawpacket into a hierarchy of ImpactPacket instances.
eth = self.decoder.decode(data)
ip = eth.child()
tcp = ip.child()
src = (ip.get_ip_src(), tcp.get_th_sport() )
dst = (ip.get_ip_dst(), tcp.get_th_dport() )
self.detectHTTP(tcp, src, dst)
def detectHTTP(self, tcp, src, dst):
packetString = tcp.get_data_as_string()
srcIp = src[0]
dstIp = dst[0]
self.detectRequestOrNewResponseOrExistingResponse(packetString, src, dst, tcp)
def detectRequestOrNewResponseOrExistingResponse(self, packetString, src, dst, tcp):
request = HTTPRequest(packetString)
if request.error_code is None: # detect request
self.parseRequest(request, src, dst)
elif packetString[:8] == "HTTP/1.1": # detect response
# only pass if a request was sent
flowKey = (src, dst)
if flowKey in self.hostDict:
self.parseNewResponse(packetString, src, dst, tcp)
else:
flowKey = (src, dst)
if flowKey in self.flowDict: # continue if packet is a continuation of an existing response
body = packetString # with an existing response the body is the entire packetstring
self.parseExistingResponse(flowKey, body, src, dst, tcp)
def parseRequest(self, request, src, dst):
if request.command == 'GET' and request.request_version == 'HTTP/1.1':
# store the host and path related to this request by unique key for later lookup:
self.hostDict[(dst, src)] = {}
self.hostDict[(dst, src)]['host'] = request.headers['host']
self.hostDict[(dst, src)]['path'] = request.path
def parseNewResponse(self, packetString, src, dst, tcp):
responseCode = packetString[9:12]
if responseCode == '200': # just okay responses for now
if '\r\n\r\n' in packetString: # only proceed if the response has a body
bodyIndex = packetString.index('\r\n\r\n') + 4
body = packetString[bodyIndex:]
socket = FakeSocket(packetString)
response = HTTPResponse(socket)
response.begin()
headerArray = response.getheaders()
for item in headerArray:
flowKey = (src, dst)
if item[0] == 'content-type' and 'text/html' in item[1]: # accept any kind of text content
for item in headerArray:
if item[0] == 'content-length':
length = int(item[1])
self.parseFixedLengthResponse(flowKey, body, length, src, dst, tcp, responseCode)
elif item[0] == 'transfer-encoding' and item[1] == 'chunked':
print 'found chunked'
self.parseChunkedResponse(flowKey, body, src, dst, tcp, responseCode)
else:
print "body not found"
def parseFixedLengthResponse(self, flowKey, body, length, src, dst, tcp, responseCode):
self.flowDict[flowKey] = {'body': body, 'type': 'fixedLength', 'length': length}
self.doStart(flowKey, body, src, dst, tcp, responseCode, 'fixedLength')
contentLength = self.arbitraryChunkedLength
progress = float(len(body)) / float(contentLength)
packetContentLength = progress
searchResults = self.bodySearch(body, contentLength)
self.sendInfoAboutThisPacket(body, progress, packetContentLength, searchResults)
def parseChunkedResponse(self, flowKey, body, src, dst, tcp, responseCode):
self.flowDict[flowKey] = {'body': body, 'type': 'chunked'}
self.doStart(flowKey, body, src, dst, tcp, responseCode, 'chunked')
contentLength = self.flowDict[flowKey]['length']
progress = float(len(body)) / float(contentLength)
#.........这里部分代码省略.........
示例13: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
protocols = ['DHCP', 'HTTP', 'dot1x', 'ARP', 'TTL']
def __init__(self, bridge, subnet, arptable):
# Open interface for capturing.
self.pcap = open_live(bridge.bridgename, 65536, 1, 100)
# Query the type of the link and instantiate a decoder accordingly.
datalink = self.pcap.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.bridge = bridge
self.subnet = subnet
self.arptable = arptable
self.protocols = args.discovery_protos or self.protocols
Thread.__init__(self)
def run(self):
self.running = True
# Reset the link
try:
cmd("mii-tool -R %s 2>/dev/null" % ' '.join(self.bridge.interfaces))
except:
pass
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
while self.running:
self.pcap.dispatch(1, self.packetHandler)
def stop(self):
self.running = False
time.sleep(0.1)
def packetHandler(self, hdr, data):
try:
e = self.decoder.decode(data)
except:
return
if e.get_ether_type() == impacket.ImpactPacket.ARP.ethertype:
arp = e.child()
if arp.get_op_name(arp.get_ar_op()) == "REPLY":
self.arptable.registeraddress(arp.get_ar_spa(), arp.as_hrd(arp.get_ar_sha()))
if arp.get_op_name(arp.get_ar_op()) == "REQUEST":
self.arptable.registeraddress(arp.get_ar_spa(), arp.as_hrd(arp.get_ar_sha()))
# Got both interface sides. No more discovery needed
if self.bridge.clientsiteint and self.bridge.switchsideint:
return
if 'dot1x' in self.protocols and not self.subnet.dhcp and \
e.get_ether_type() == impacket.eap.DOT1X_AUTHENTICATION:
eapol = e.child()
if eapol.get_packet_type() == eapol.EAP_PACKET:
eap = eapol.child()
eapr = eap.child()
# Only client sends responses with identity
if eap.get_code() == eap.RESPONSE and eapr.get_type() == eapr.IDENTITY:
self.subnet.clientmac = self.subnet.clientmac or e.get_ether_shost()
self.subnet.clientip = self.subnet.clientip or \
self.arptable.mac2ip(self.subnet.get_clientmac)
elif e.get_ether_type() == impacket.ImpactPacket.IP.ethertype:
ip = e.child()
if isinstance(ip.child(), impacket.ImpactPacket.UDP):
udp = ip.child()
if 'DHCP' in self.protocols and \
isinstance(udp.child(), impacket.dhcp.BootpPacket):
bootp = udp.child()
if isinstance(bootp.child(), impacket.dhcp.DhcpPacket):
dhcp = bootp.child()
if dhcp.getOptionValue('message-type') == dhcp.DHCPDISCOVER:
self.subnet.clientmac = e.get_ether_shost()
elif dhcp.getOptionValue('message-type') == dhcp.DHCPREQUEST:
self.subnet.clientmac = e.get_ether_shost()
elif dhcp.getOptionValue('message-type') == dhcp.DHCPACK or \
dhcp.getOptionValue('message-type') == dhcp.DHCPOFFER:
if not self.subnet.clientip:
self.subnet.clientip = self.subnet.int2ip(bootp["yiaddr"])
self.subnet.gatewayip = self.subnet.int2ip(dhcp.getOptionValue("router")[0])
self.subnet.gatewaymac = e.get_ether_shost()
self.subnet.subnetmask = self.subnet.ip2array(
self.subnet.int2ip(dhcp.getOptionValue("subnet-mask")))
self.subnet.subnet = self.subnet.ip2array(self.subnet.int2ip(
dhcp.getOptionValue("subnet-mask") & bootp["yiaddr"]))
self.subnet.dnsip = self.subnet.int2ip(dhcp.getOptionValue("domain-name-server")[0])
self.subnet.dhcp = True
elif isinstance(ip.child(), impacket.ImpactPacket.TCP):
tcp = ip.child()
#.........这里部分代码省略.........
示例14: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
def __init__(self, bridge, subnet, arptable):
# Open interface for capturing.
self.pcap = open_live(bridge.bridgename, 1500, 0, 100)
# Query the type of the link and instantiate a decoder accordingly.
datalink = self.pcap.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.bridge = bridge
self.subnet = subnet
self.arptable = arptable
self.running = True
Thread.__init__(self)
def run(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
while self.running:
self.pcap.dispatch(1, self.packetHandler)
def stop(self):
self.running = False
time.sleep(0.1)
def packetHandler(self, hdr, data):
e = self.decoder.decode(data)
if e.get_ether_type() == impacket.eap.DOT1X_AUTHENTICATION:
eapol = e.child()
if eapol.get_packet_type() == eapol.EAP_PACKET:
eap = eapol.child()
eapr = eap.child()
# Only client sends responses with identity
if eap.get_code() == eap.RESPONSE and eapr.get_type() == eapr.IDENTITY:
self.subnet.clientmac = e.get_ether_shost()
elif e.get_ether_type() == impacket.ImpactPacket.IP.ethertype:
ip = e.child()
if isinstance(ip.child(), impacket.ImpactPacket.UDP):
udp = ip.child()
if isinstance(udp.child(), impacket.dhcp.BootpPacket):
bootp = udp.child()
if isinstance(bootp.child(), impacket.dhcp.DhcpPacket):
dhcp = bootp.child()
if dhcp.getOptionValue('message-type') == dhcp.DHCPDISCOVER:
self.subnet.clientmac = e.get_ether_shost()
elif dhcp.getOptionValue('message-type') == dhcp.DHCPREQUEST:
self.subnet.clientmac = e.get_ether_shost()
elif dhcp.getOptionValue('message-type') == dhcp.DHCPACK:
self.subnet.clientip = self.subnet.int2ip(bootp["yiaddr"])
self.subnet.clientmac = e.get_ether_dhost()
self.subnet.gatewayip = self.subnet.int2ip(dhcp.getOptionValue("router")[0])
self.subnet.gatewaymac = e.get_ether_shost()
self.subnet.subnetmask = self.subnet.ip2array(
self.subnet.int2ip(dhcp.getOptionValue("subnet-mask")))
self.subnet.subnet = self.subnet.ip2array(self.subnet.int2ip(
dhcp.getOptionValue("subnet-mask") & bootp["yiaddr"]))
self.subnet.dhcp = True
elif dhcp.getOptionValue('message-type') == dhcp.DHCPOFFER:
self.subnet.clientip = self.subnet.int2ip(bootp["yiaddr"])
self.subnet.clientmac = e.get_ether_dhost()
self.subnet.gatewayip = self.subnet.int2ip(dhcp.getOptionValue("router")[0])
self.subnet.gatewaymac = e.get_ether_shost()
self.subnet.subnetmask = self.subnet.ip2array(
self.subnet.int2ip(dhcp.getOptionValue("subnet-mask")))
self.subnet.subnet = self.subnet.ip2array(self.subnet.int2ip(
dhcp.getOptionValue("subnet-mask") & bootp["yiaddr"]))
self.subnet.dhcp = True
else:
if not self.subnet.dhcp:
ttl = ip.get_ip_ttl()
# Uneven but not 1 or 255 ttl means it's probably coming from a router
if (ttl % 2) > 0 and ttl > 1 and ttl != 255:
self.subnet.gatewaymac = e.get_ether_shost()
self.subnet.clientmac = e.get_ether_dhost()
self.subnet.clientip = ip.get_ip_dst()
elif e.get_ether_type() == impacket.ImpactPacket.ARP.ethertype:
arp = e.child()
if not self.subnet.dhcp:
self.subnet.registeraddress(arp.get_ar_tpa())
self.subnet.registeraddress(arp.get_ar_spa())
if arp.get_op_name(arp.get_ar_op()) == "REPLY":
logging.debug("got arp reply")
self.arptable.registeraddress(arp.get_ar_spa(), arp.as_hrd(arp.get_ar_sha()))
if arp.get_op_name(arp.get_ar_op()) == "REQUEST":
self.arptable.registeraddress(arp.get_ar_spa(), arp.as_hrd(arp.get_ar_sha()))示例15: DecoderThread
# 需要导入模块: from impacket.ImpactDecoder import LinuxSLLDecoder [as 别名]
# 或者: from impacket.ImpactDecoder.LinuxSLLDecoder import decode [as 别名]
class DecoderThread(Thread):
def __init__(self, pcapObj, queue):
# Query the type of the link and instantiate a decoder accordingly.
datalink = pcapObj.datalink()
if pcapy.DLT_EN10MB == datalink:
self.decoder = EthDecoder()
elif pcapy.DLT_LINUX_SLL == datalink:
self.decoder = LinuxSLLDecoder()
else:
raise Exception("Datalink type not supported: " % datalink)
self.queue = queue
self.pcap = pcapObj
Thread.__init__(self)
def run(self):
# Sniff ad infinitum.
# PacketHandler shall be invoked by pcap for every packet.
self.pcap.loop(0, self.packetHandler)
def packetHandler(self, hdr, data):
# Use the ImpactDecoder to turn the rawpacket into a hierarchy
# of ImpactPacket instances, then send it to the Visualiser
# which drives the Holiday lights.
try:
p = self.decoder.decode(data)
except (Exception, KeyboardInterrupt) as e:
print e
return
try:
protocol = p.child().__class__.__name__
size = p.get_size()
src = False
if protocol == 'IP' or protocol == 'UDP':
src = p.child().get_ip_src()
dest = p.child().get_ip_dst()
elif protocol == 'IP6':
src = p.child().get_source_address()
dest = p.child().get_destination_address()
print "IP6", src, dest
src = False
if src:
l = size_to_length(size)
if src[0:2] == '10':
col = local_ip_to_rgb(src)
#col = ip_to_rgb(dest)
v = SPEED / l
i = 0
else:
if RETURN_SAME:
col = local_ip_to_rgb(src)
else:
col = ip_to_rgb(src)
v = -SPEED / l
i = -52
gradient = make_pulse(col, l)
#print gradient
self.queue.put(pulse.Pulse(i, v, gradient))
#print protocol, src, " -> ", dest, "Size ", size
except Exception as e:
print "Decoding failed"
print e
return