httpcap-rb 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5395126f833961ee4394e9db74233d311b37d17c3509fbca61789a458d65c11a
+  data.tar.gz: bda1268e5f8a9088c49e53429d42d6e720243667e1f76dcdd87373f948bb736b
+SHA512:
+  metadata.gz: 560de6e2e6e89edac6776f4231c3fad9699262cbda732353a58269b92d60a1dd50d5e7ddafac2dc4fdc3d9fd48a8f811b1c7644e30da43a71a8cbdd125fc52f6
+  data.tar.gz: bc12ea968fb4e88e308924acd473d4c65105b3e3f77204452d616fd37d35d93e4f307c7831793377bbb0d675f0a4eeb14b3dfed87687c6adda7632c5f9614c8c

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,13 @@
+Metrics/BlockLength:
+  CountComments: false
+  Max: 25
+  ExcludedMethods: []
+  Exclude:
+    - spec/**/*_spec.rb
+    - ./*.gemspec
+
+Metrics/LineLength:
+  Max: 180
+
+Metrics/MethodLength:
+  Max: 20

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.5.0
+before_install: gem install bundler -v 2.0.1

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in httpcap.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,72 @@
+PATH
+  remote: .
+  specs:
+    httpcap-rb (0.1.0)
+      http-parser-lite
+      reassemble_tcp
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.0)
+    byebug (10.0.2)
+    coderay (1.1.2)
+    diff-lcs (1.3)
+    http-parser-lite (0.6.0)
+    jaro_winkler (1.5.2)
+    method_source (0.9.2)
+    packetfu (1.1.13)
+      pcaprub
+    parallel (1.13.0)
+    parser (2.6.0.0)
+      ast (~> 2.4.0)
+    pcaprub (0.13.0)
+    powerpack (0.1.2)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.6.0)
+      byebug (~> 10.0)
+      pry (~> 0.10)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    reassemble_tcp (0.0.2)
+      packetfu (~> 1.1.9)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    rubocop (0.63.1)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-progressbar (1.10.0)
+    unicode-display_width (1.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  httpcap-rb!
+  pry
+  pry-byebug
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rubocop
+
+BUNDLED WITH
+   2.0.1

data/README.md

@@ -0,0 +1,47 @@
+# HTTPcap
+
+parse pcap, then return http request and response
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'httpcap-rb'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install httpcap
+
+## Usage
+
+```ruby
+require 'httpcap'
+HTTPcap.http_flows('./http.pcap') do |flow|
+  p flow.request.body
+  # => "{\"userId\":12345}"
+  p flow.request.headers['Authorization']
+  # => "Bearer hogehoge123455567890"
+  p flow.response.http_status
+  # => 200
+  p flow.response.body
+  # => "{\"userId\":12345,\"name\":\"naari3\",\"author\":true}"
+  p flow.request.headers['Content-Length']
+  # => "46"
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/naari3/httpcap.

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'httpcap'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require 'pry'
+Pry.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/httpcap.gemspec

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'httpcap/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'httpcap-rb'
+  spec.version       = HTTPcap::VERSION
+  spec.authors       = ['naari3']
+  spec.email         = ['naari.named@gmail.com']
+
+  spec.summary       = 'parse pcap, then return http request and response'
+  spec.description   = spec.summary
+  spec.homepage      = 'https://github.com/naari3/httpcap'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'http-parser-lite'
+  spec.add_dependency 'reassemble_tcp'
+
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop'
+end

data/lib/httpcap.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'reassemble_tcp'
+
+require 'httpcap/version'
+require 'httpcap/http_flow'
+require 'httpcap/request'
+require 'httpcap/response'
+
+# HTTPcap - parse pcap, then return http request and response
+module HTTPcap
+  class Error < StandardError; end
+
+  def self.send_recv_combined_tcp_data(filepath)
+    Enumerator.new do |y|
+      ReassembleTcp.tcp_connections(filepath).map do |stream|
+        stream.tcpdata.each_slice(2) do |tcp_send, tcp_recv|
+          y << [tcp_send, tcp_recv]
+        end
+      end
+    end
+  end
+
+  # get HTTP request and response from pcap file
+  # @param [String] filepath pcapfile path
+  # @return [Array<HTTPcap::HTTPConnection>] http connections
+  def self.http_flows(filepath)
+    Enumerator.new do |y|
+      send_recv_combined_tcp_data(filepath) do |tcp_send, tcp_recv|
+        recv, send = [tcp_send, tcp_recv].sort_by { |tcp| tcp[1] }
+        next unless send[1] == :send && recv[1] == :recv
+
+        request = Request.new(send[2])
+        response = Response.new(recv[2])
+
+        y << HTTPFlow.new(request, response)
+      end
+    end
+  end
+end

data/lib/httpcap/headers.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module HTTPcap
+  # http headers for http-parser
+  class Headers
+    extend Forwardable
+
+    TYPE_FIELD = :f
+    TYPE_VALUE = :v
+
+    %i[fetch [] each map].each do |method|
+      def_delegator :@content, method, method
+    end
+
+    def initialize
+      @content = {}
+      @bucket = []
+      @state = nil
+    end
+
+    def stream(type, value)
+      if @state == type
+        @bucket[-1] += value
+      else
+        @bucket << value
+      end
+      @state = type
+    end
+
+    def stream_complete
+      @content.merge!(@bucket.each_slice(2).to_a.select { |a| a.size == 2 }.to_h)
+      @bucket.clear
+    end
+  end
+end

data/lib/httpcap/http_flow.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module HTTPcap
+  # Combining request and response
+  class HTTPFlow
+    attr_reader :request, :response
+
+    # @param [HTTPcap::Request] request
+    # @param [HTTPcap::Response] response
+    def initialize(request, response)
+      @request = request
+      @response = response
+    end
+  end
+end

data/lib/httpcap/message.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'http-parser'
+
+require 'httpcap/headers'
+
+module HTTPcap
+  # Message is a abstract class for Request and Response
+  class Message
+    attr_reader :body, :headers
+
+    # @param [Integer] type request or response
+    def initialize(type, data)
+      @parser = HTTP::Parser.new(type)
+      @headers = Headers.new
+      @body = ''
+
+      %i[on_message_complete on_url on_header_field on_header_value on_headers_complete on_body].each do |name|
+        @parser.send(name, &method(name))
+      end
+      receive_data(data)
+    end
+
+    def receive_data(data)
+      @parser << data
+    end
+
+    def on_message_complete; end
+
+    def on_url; end
+
+    def on_header_field(value)
+      @headers.stream(Headers::TYPE_FIELD, value)
+    end
+
+    def on_header_value(value)
+      @headers.stream(Headers::TYPE_VALUE, value)
+    end
+
+    def on_headers_complete
+      @headers.stream_complete
+    end
+
+    def on_body(data)
+      @body += data
+    end
+  end
+end

data/lib/httpcap/request.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'httpcap/message'
+
+module HTTPcap
+  # Request
+  class Request < Message
+    attr_reader :http_method
+
+    def initialize(data)
+      @http_method = ''
+      @relative_url = ''
+
+      super(HTTP::Parser::TYPE_REQUEST, data)
+    end
+
+    def url
+      @headers.fetch('Host', '') + @relative_url
+    end
+
+    def on_url(url)
+      @relative_url = url
+    end
+
+    def on_message_complete
+      @http_method = @parser.http_method
+    end
+  end
+end

data/lib/httpcap/response.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'httpcap/message'
+
+module HTTPcap
+  # Response
+  class Response < Message
+    attr_reader :http_status
+
+    def initialize(data)
+      @http_status = ''
+
+      super(HTTP::Parser::TYPE_RESPONSE, data)
+    end
+
+    def on_message_complete
+      @http_status = @parser.http_status
+    end
+  end
+end

data/lib/httpcap/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module HTTPcap
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: httpcap-rb
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- naari3
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-02-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: http-parser-lite
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: reassemble_tcp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: parse pcap, then return http request and response
+email:
+- naari.named@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- httpcap.gemspec
+- lib/httpcap.rb
+- lib/httpcap/headers.rb
+- lib/httpcap/http_flow.rb
+- lib/httpcap/message.rb
+- lib/httpcap/request.rb
+- lib/httpcap/response.rb
+- lib/httpcap/version.rb
+homepage: https://github.com/naari3/httpcap
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: parse pcap, then return http request and response
+test_files: []