pcap_tools 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/pcap_tools +62 -0
- data/lib/pcap_tools.rb +0 -6
- data/pcap_tools.gemspec +4 -4
- metadata +4 -4
- data/bin/pcap_tools_http +0 -37
data/bin/pcap_tools
ADDED
@@ -0,0 +1,62 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'pcap_tools'
|
4
|
+
require 'optparse'
|
5
|
+
|
6
|
+
options = {
|
7
|
+
:mode => :http,
|
8
|
+
}
|
9
|
+
|
10
|
+
OptionParser.new do |opts|
|
11
|
+
opts.banner = "Usage: pcap_tools_http [options] pcap_files"
|
12
|
+
|
13
|
+
opts.on("--no-body", "Do not display body") do
|
14
|
+
options[:no_body] = true
|
15
|
+
end
|
16
|
+
|
17
|
+
opts.on("--mode [MODE]", [:http, :tcp], "parsing mode") do |m|
|
18
|
+
options[:mode] = m
|
19
|
+
end
|
20
|
+
|
21
|
+
end.parse!
|
22
|
+
|
23
|
+
data = ARGV.map{|f| puts "Loading #{f}"; PacketFu::PcapFile.file_to_array(f)}
|
24
|
+
|
25
|
+
tcps = PcapTools::extract_tcp_streams(data)
|
26
|
+
|
27
|
+
puts "Tcp streams extracted : #{tcps.size}"
|
28
|
+
puts "Parsing mode : #{options[:mode]}"
|
29
|
+
puts
|
30
|
+
|
31
|
+
if options[:mode] == :http
|
32
|
+
tcps.each do |tcp|
|
33
|
+
PcapTools::extract_http_calls(tcp).each do |req, resp|
|
34
|
+
puts ">>>> #{req["pcap-src"]}:#{req["pcap-src-port"]} > #{req["pcap-dst"]}:#{req["pcap-dst-port"]}"
|
35
|
+
puts "#{req.method} #{req.path}"
|
36
|
+
req.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
|
37
|
+
puts "#{x}: #{req[x]}"
|
38
|
+
end
|
39
|
+
puts
|
40
|
+
puts req.body unless options[:no_body]
|
41
|
+
puts "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< #{resp.time}"
|
42
|
+
puts "#{resp.code} #{resp.message}"
|
43
|
+
resp.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
|
44
|
+
puts "#{x}: #{resp[x]}"
|
45
|
+
end
|
46
|
+
puts
|
47
|
+
puts resp.body unless options[:no_body]
|
48
|
+
puts
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
if options[:mode] == :tcp
|
54
|
+
tcps.each do |tcp|
|
55
|
+
tcp.each do |packet|
|
56
|
+
type = packet[:type] == :out ? ">>>>" : "<<<<<"
|
57
|
+
puts "#{type} #{packet[:from]}:#{packet[:from_port]} > #{packet[:to]}:#{packet[:to_port]}, size #{packet[:data].size}"
|
58
|
+
puts packet[:data]
|
59
|
+
puts
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
data/lib/pcap_tools.rb
CHANGED
@@ -52,12 +52,6 @@ module PcapTools
|
|
52
52
|
|
53
53
|
end
|
54
54
|
|
55
|
-
def load_mutliple_files dir
|
56
|
-
Dir.glob(dir).sort{|a, b| File.new(a).mtime <=> File.new(b).mtime}.map{|file| PacketFu::PcapFile.file_to_array(file)}
|
57
|
-
end
|
58
|
-
|
59
|
-
module_function :load_mutliple_files
|
60
|
-
|
61
55
|
def extract_http_calls_from_captures captures
|
62
56
|
calls = []
|
63
57
|
extract_tcp_streams(captures).each do |tcp|
|
data/pcap_tools.gemspec
CHANGED
@@ -2,14 +2,14 @@ require 'rake'
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = 'pcap_tools'
|
5
|
-
s.version = '0.0.
|
5
|
+
s.version = '0.0.4'
|
6
6
|
s.authors = ['Bertrand Paquet']
|
7
7
|
s.email = 'bertrand.paquet@gmail.com'
|
8
8
|
s.summary = 'Tools for extracting data from pcap files'
|
9
9
|
s.homepage = 'https://github.com/bpaquet/pcap_tools'
|
10
|
-
s.executables << '
|
10
|
+
s.executables << 'pcap_tools'
|
11
11
|
s.files = `git ls-files`.split($/)
|
12
12
|
s.license = 'BSD'
|
13
13
|
|
14
|
-
s.
|
15
|
-
end
|
14
|
+
s.add_runtime_dependency('packetfu', '>= 1.1.9')
|
15
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pcap_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
- - ! '>='
|
20
20
|
- !ruby/object:Gem::Version
|
21
21
|
version: 1.1.9
|
22
|
-
type: :
|
22
|
+
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
none: false
|
@@ -30,12 +30,12 @@ dependencies:
|
|
30
30
|
description:
|
31
31
|
email: bertrand.paquet@gmail.com
|
32
32
|
executables:
|
33
|
-
-
|
33
|
+
- pcap_tools
|
34
34
|
extensions: []
|
35
35
|
extra_rdoc_files: []
|
36
36
|
files:
|
37
37
|
- README.markdown
|
38
|
-
- bin/
|
38
|
+
- bin/pcap_tools
|
39
39
|
- lib/pcap_tools.rb
|
40
40
|
- pcap_tools.gemspec
|
41
41
|
homepage: https://github.com/bpaquet/pcap_tools
|
data/bin/pcap_tools_http
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'pcap_tools'
|
4
|
-
require 'optparse'
|
5
|
-
|
6
|
-
options = {}
|
7
|
-
OptionParser.new do |opts|
|
8
|
-
opts.banner = "Usage: pcap_tools_http [options] pcap_files"
|
9
|
-
|
10
|
-
opts.on("--no-body", "Do not display body") do
|
11
|
-
options[:no_body] = true
|
12
|
-
end
|
13
|
-
end.parse!
|
14
|
-
|
15
|
-
data = ARGV.map{|f| PacketFu::PcapFile.file_to_array(f)}
|
16
|
-
|
17
|
-
tcps = PcapTools::extract_tcp_streams(data)
|
18
|
-
|
19
|
-
tcps.each do |tcp|
|
20
|
-
PcapTools::extract_http_calls(tcp).each do |req, resp|
|
21
|
-
puts ">>>> #{req["pcap-src"]}:#{req["pcap-src-port"]} > #{req["pcap-dst"]}:#{req["pcap-dst-port"]}"
|
22
|
-
puts "#{req.method} #{req.path}"
|
23
|
-
req.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
|
24
|
-
puts "#{x}: #{req[x]}"
|
25
|
-
end
|
26
|
-
puts
|
27
|
-
puts req.body unless options[:no_body]
|
28
|
-
puts "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< #{resp.time}"
|
29
|
-
puts "#{resp.code} #{resp.message}"
|
30
|
-
resp.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
|
31
|
-
puts "#{x}: #{resp[x]}"
|
32
|
-
end
|
33
|
-
puts
|
34
|
-
puts resp.body unless options[:no_body]
|
35
|
-
puts
|
36
|
-
end
|
37
|
-
end
|