FlowAnalyzer 0.2.8__tar.gz → 0.3.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer/FlowAnalyzer.py +56 -30
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer.egg-info/PKG-INFO +3 -1
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/PKG-INFO +3 -1
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/README.md +2 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/setup.py +1 -1
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer/__init__.py +0 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer/logging_config.py +0 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer.egg-info/SOURCES.txt +0 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer.egg-info/dependency_links.txt +0 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/FlowAnalyzer.egg-info/top_level.txt +0 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/LICENSE +0 -0
- {FlowAnalyzer-0.2.8 → FlowAnalyzer-0.3.1}/setup.cfg +0 -0
|
@@ -13,6 +13,7 @@ from .logging_config import configure_logger
|
|
|
13
13
|
|
|
14
14
|
logger = configure_logger("FlowAnalyzer", logging.INFO)
|
|
15
15
|
|
|
16
|
+
|
|
16
17
|
class Request(NamedTuple):
|
|
17
18
|
frame_num: Optional[int]
|
|
18
19
|
header: bytes
|
|
@@ -81,14 +82,18 @@ class FlowAnalyzer:
|
|
|
81
82
|
for packet in data:
|
|
82
83
|
packet = packet["_source"]["layers"]
|
|
83
84
|
time_epoch = float(packet["frame.time_epoch"][0]) if packet.get("frame.time_epoch") else None
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
85
|
+
|
|
86
|
+
if packet.get("tcp.reassembled.data"):
|
|
87
|
+
full_request = packet["tcp.reassembled.data"][0]
|
|
88
|
+
elif packet.get("tcp.payload"):
|
|
89
|
+
full_request = packet["tcp.payload"][0]
|
|
90
|
+
else:
|
|
91
|
+
# exported_pdu.exported_pdu
|
|
92
|
+
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
93
|
+
|
|
87
94
|
frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
88
95
|
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
89
|
-
full_uri = (
|
|
90
|
-
parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
91
|
-
)
|
|
96
|
+
full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
92
97
|
|
|
93
98
|
header, file_data = self.extract_http_file_data(full_request)
|
|
94
99
|
|
|
@@ -139,23 +144,52 @@ class FlowAnalyzer:
|
|
|
139
144
|
def extract_json_file(fileName: str, display_filter: str, tshark_workDir: str) -> None:
|
|
140
145
|
# sourcery skip: replace-interpolation-with-fstring, use-fstring-for-formatting
|
|
141
146
|
# tshark -r {} -Y "{}" -T json -e http.request_number -e http.response_number -e http.request_in -e tcp.reassembled.data -e frame.number -e tcp.payload -e frame.time_epoch -e http.request.full_uri > output.json
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
147
|
+
|
|
148
|
+
command = [
|
|
149
|
+
"tshark",
|
|
150
|
+
"-r",
|
|
151
|
+
fileName,
|
|
152
|
+
"-Y",
|
|
153
|
+
f"(tcp.reassembled_in) or ({display_filter})",
|
|
154
|
+
"-T",
|
|
155
|
+
"json",
|
|
156
|
+
"-e",
|
|
157
|
+
"http.request_number",
|
|
158
|
+
"-e",
|
|
159
|
+
"http.response_number",
|
|
160
|
+
"-e",
|
|
161
|
+
"http.request_in",
|
|
162
|
+
"-e",
|
|
163
|
+
"tcp.reassembled.data",
|
|
164
|
+
"-e",
|
|
165
|
+
"frame.number",
|
|
166
|
+
"-e",
|
|
167
|
+
"tcp.payload",
|
|
168
|
+
"-e",
|
|
169
|
+
"frame.time_epoch",
|
|
170
|
+
"-e",
|
|
171
|
+
"exported_pdu.exported_pdu",
|
|
172
|
+
"-e",
|
|
173
|
+
"http.request.full_uri" ">",
|
|
174
|
+
"output.json",
|
|
175
|
+
]
|
|
176
|
+
|
|
155
177
|
_, stderr = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tshark_workDir).communicate()
|
|
156
178
|
if stderr != b"" and b"WARNING" not in stderr:
|
|
157
179
|
print(f"[Waring/Error]: {stderr}")
|
|
158
180
|
|
|
181
|
+
@staticmethod
|
|
182
|
+
def move_and_addMD5Sum(tshark_jsonPath: str, jsonWordPath: str, MD5Sum: str) -> None:
|
|
183
|
+
if tshark_jsonPath != jsonWordPath:
|
|
184
|
+
shutil.move(tshark_jsonPath, jsonWordPath)
|
|
185
|
+
|
|
186
|
+
with open(jsonWordPath, "r", encoding="utf-8") as f:
|
|
187
|
+
data = json.load(f)
|
|
188
|
+
data[0]["MD5Sum"] = MD5Sum
|
|
189
|
+
|
|
190
|
+
with open(jsonWordPath, "w", encoding="utf-8") as f:
|
|
191
|
+
json.dump(data, f, indent=2)
|
|
192
|
+
|
|
159
193
|
@staticmethod
|
|
160
194
|
def get_json_data(filePath: str, display_filter: str) -> str:
|
|
161
195
|
# sourcery skip: replace-interpolation-with-fstring
|
|
@@ -186,20 +220,12 @@ class FlowAnalyzer:
|
|
|
186
220
|
if os.path.exists(jsonWordPath):
|
|
187
221
|
with open(jsonWordPath, "r", encoding="utf-8") as f:
|
|
188
222
|
data = json.load(f)
|
|
189
|
-
if data[0].get(
|
|
223
|
+
if data[0].get("MD5Sum") == MD5Sum:
|
|
190
224
|
logger.debug("匹配HASH校验无误,自动返回Json文件路径!")
|
|
191
225
|
return jsonWordPath
|
|
192
|
-
FlowAnalyzer.extract_json_file(fileName, display_filter, tshark_workDir)
|
|
193
226
|
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
with open(jsonWordPath, "r", encoding="utf-8") as f:
|
|
198
|
-
data = json.load(f)
|
|
199
|
-
data[0]['MD5Sum'] = MD5Sum
|
|
200
|
-
|
|
201
|
-
with open(jsonWordPath, "w", encoding="utf-8") as f:
|
|
202
|
-
json.dump(data, f, indent=2)
|
|
227
|
+
FlowAnalyzer.extract_json_file(fileName, display_filter, tshark_workDir)
|
|
228
|
+
FlowAnalyzer.move_and_addMD5Sum(tshark_jsonPath, jsonWordPath, MD5Sum)
|
|
203
229
|
return jsonWordPath
|
|
204
230
|
|
|
205
231
|
def Split_HTTP_headers(self, file_data: bytes) -> Tuple[bytes, bytes]:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.3.1
|
|
4
4
|
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
5
|
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
6
|
Author: Byxs20
|
|
@@ -22,6 +22,8 @@ Description: # FlowAnalyzer
|
|
|
22
22
|
|
|
23
23
|
# Usage
|
|
24
24
|
|
|
25
|
+
请务必添加 `tshark.exe` 到环境变量,否则找不到会出错!
|
|
26
|
+
|
|
25
27
|
```
|
|
26
28
|
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
27
29
|
$ cd ./FlowAnalyzer/
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.3.1
|
|
4
4
|
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
5
|
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
6
|
Author: Byxs20
|
|
@@ -22,6 +22,8 @@ Description: # FlowAnalyzer
|
|
|
22
22
|
|
|
23
23
|
# Usage
|
|
24
24
|
|
|
25
|
+
请务必添加 `tshark.exe` 到环境变量,否则找不到会出错!
|
|
26
|
+
|
|
25
27
|
```
|
|
26
28
|
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
27
29
|
$ cd ./FlowAnalyzer/
|
|
@@ -7,7 +7,7 @@ with open(os.path.join(os.path.dirname(__file__), "README.md"), encoding="utf-8"
|
|
|
7
7
|
|
|
8
8
|
setup(
|
|
9
9
|
name="FlowAnalyzer",
|
|
10
|
-
version="0.
|
|
10
|
+
version="0.3.1",
|
|
11
11
|
description="FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件",
|
|
12
12
|
author="Byxs20",
|
|
13
13
|
author_email="97766819@qq.com",
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|