FlowAnalyzer 0.3.1__py3-none-any.whl → 0.3.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- FlowAnalyzer/FlowAnalyzer.py +47 -46
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.2.dist-info}/METADATA +3 -6
- FlowAnalyzer-0.3.2.dist-info/RECORD +8 -0
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.2.dist-info}/WHEEL +1 -1
- FlowAnalyzer-0.3.1.dist-info/RECORD +0 -8
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.2.dist-info}/LICENSE +0 -0
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.2.dist-info}/top_level.txt +0 -0
FlowAnalyzer/FlowAnalyzer.py
CHANGED
|
@@ -15,19 +15,19 @@ logger = configure_logger("FlowAnalyzer", logging.INFO)
|
|
|
15
15
|
|
|
16
16
|
|
|
17
17
|
class Request(NamedTuple):
|
|
18
|
-
frame_num:
|
|
18
|
+
frame_num: int
|
|
19
19
|
header: bytes
|
|
20
20
|
file_data: bytes
|
|
21
|
-
full_uri:
|
|
22
|
-
time_epoch:
|
|
21
|
+
full_uri: str
|
|
22
|
+
time_epoch: float
|
|
23
23
|
|
|
24
24
|
|
|
25
25
|
class Response(NamedTuple):
|
|
26
|
-
frame_num:
|
|
26
|
+
frame_num: int
|
|
27
27
|
header: bytes
|
|
28
28
|
file_data: bytes
|
|
29
|
-
request_in:
|
|
30
|
-
time_epoch:
|
|
29
|
+
request_in: int
|
|
30
|
+
time_epoch: float
|
|
31
31
|
|
|
32
32
|
|
|
33
33
|
class HttpPair(NamedTuple):
|
|
@@ -66,6 +66,37 @@ class FlowAnalyzer:
|
|
|
66
66
|
if os.path.getsize(self.jsonPath) == 0:
|
|
67
67
|
raise ValueError("您的tshark导出的JSON文件内容为空!JSON路径:%s" % self.jsonPath)
|
|
68
68
|
|
|
69
|
+
def parse_packet(self, packet: dict) -> Tuple[int, int, float, str, str]:
|
|
70
|
+
"""解析Json中的关键信息字段
|
|
71
|
+
|
|
72
|
+
Parameters
|
|
73
|
+
----------
|
|
74
|
+
packet : dict
|
|
75
|
+
传入Json字典
|
|
76
|
+
|
|
77
|
+
Returns
|
|
78
|
+
-------
|
|
79
|
+
Tuple[int, int, float, str, str]
|
|
80
|
+
frame_num, request_in, time_epoch, full_uri, full_request
|
|
81
|
+
"""
|
|
82
|
+
# frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
83
|
+
# time_epoch = float(packet["frame.time_epoch"][0]) if packet.get("frame.time_epoch") else None
|
|
84
|
+
# full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
85
|
+
|
|
86
|
+
frame_num = int(packet["frame.number"][0])
|
|
87
|
+
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
88
|
+
full_uri = parse.unquote(packet["http.request.full_uri"][0])
|
|
89
|
+
time_epoch = packet["frame.time_epoch"][0]
|
|
90
|
+
|
|
91
|
+
if packet.get("tcp.reassembled.data"):
|
|
92
|
+
full_request = packet["tcp.reassembled.data"][0]
|
|
93
|
+
elif packet.get("tcp.payload"):
|
|
94
|
+
full_request = packet["tcp.payload"][0]
|
|
95
|
+
else:
|
|
96
|
+
# exported_pdu.exported_pdu
|
|
97
|
+
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
98
|
+
return frame_num, request_in, time_epoch, full_uri, full_request
|
|
99
|
+
|
|
69
100
|
def parse_http_json(self) -> Tuple[Dict[int, Request], Dict[int, Response]]:
|
|
70
101
|
# sourcery skip: use-named-expression
|
|
71
102
|
"""解析JSON数据文件中的HTTP请求和响应信息
|
|
@@ -81,20 +112,7 @@ class FlowAnalyzer:
|
|
|
81
112
|
requests, responses = {}, {}
|
|
82
113
|
for packet in data:
|
|
83
114
|
packet = packet["_source"]["layers"]
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
if packet.get("tcp.reassembled.data"):
|
|
87
|
-
full_request = packet["tcp.reassembled.data"][0]
|
|
88
|
-
elif packet.get("tcp.payload"):
|
|
89
|
-
full_request = packet["tcp.payload"][0]
|
|
90
|
-
else:
|
|
91
|
-
# exported_pdu.exported_pdu
|
|
92
|
-
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
93
|
-
|
|
94
|
-
frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
95
|
-
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
96
|
-
full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
97
|
-
|
|
115
|
+
frame_num, request_in, time_epoch, full_uri, full_request = self.parse_packet(packet)
|
|
98
116
|
header, file_data = self.extract_http_file_data(full_request)
|
|
99
117
|
|
|
100
118
|
if packet.get("http.response_number"):
|
|
@@ -146,32 +164,15 @@ class FlowAnalyzer:
|
|
|
146
164
|
# tshark -r {} -Y "{}" -T json -e http.request_number -e http.response_number -e http.request_in -e tcp.reassembled.data -e frame.number -e tcp.payload -e frame.time_epoch -e http.request.full_uri > output.json
|
|
147
165
|
|
|
148
166
|
command = [
|
|
149
|
-
"tshark",
|
|
150
|
-
"-
|
|
151
|
-
|
|
152
|
-
"-
|
|
153
|
-
|
|
154
|
-
"-
|
|
155
|
-
"
|
|
156
|
-
"-e",
|
|
157
|
-
"
|
|
158
|
-
"-e",
|
|
159
|
-
"http.response_number",
|
|
160
|
-
"-e",
|
|
161
|
-
"http.request_in",
|
|
162
|
-
"-e",
|
|
163
|
-
"tcp.reassembled.data",
|
|
164
|
-
"-e",
|
|
165
|
-
"frame.number",
|
|
166
|
-
"-e",
|
|
167
|
-
"tcp.payload",
|
|
168
|
-
"-e",
|
|
169
|
-
"frame.time_epoch",
|
|
170
|
-
"-e",
|
|
171
|
-
"exported_pdu.exported_pdu",
|
|
172
|
-
"-e",
|
|
173
|
-
"http.request.full_uri" ">",
|
|
174
|
-
"output.json",
|
|
167
|
+
"tshark", "-r", fileName,
|
|
168
|
+
"-Y", f"(tcp.reassembled_in) or ({display_filter})",
|
|
169
|
+
"-T", "json",
|
|
170
|
+
"-e", "http.request_number", "-e", "http.response_number", "-e", "http.request_in",
|
|
171
|
+
"-e", "tcp.reassembled.data", "-e", "frame.number", "-e", "tcp.payload",
|
|
172
|
+
"-e", "frame.time_epoch",
|
|
173
|
+
"-e", "exported_pdu.exported_pdu",
|
|
174
|
+
"-e", "http.request.full_uri",
|
|
175
|
+
">", "output.json",
|
|
175
176
|
]
|
|
176
177
|
|
|
177
178
|
_, stderr = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tshark_workDir).communicate()
|
|
@@ -1,12 +1,10 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.3.
|
|
3
|
+
Version: 0.3.2
|
|
4
4
|
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
5
|
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
6
|
Author: Byxs20
|
|
7
7
|
Author-email: 97766819@qq.com
|
|
8
|
-
License: UNKNOWN
|
|
9
|
-
Platform: UNKNOWN
|
|
10
8
|
Classifier: Development Status :: 3 - Alpha
|
|
11
9
|
Classifier: Intended Audience :: Developers
|
|
12
10
|
Classifier: License :: OSI Approved :: MIT License
|
|
@@ -16,6 +14,7 @@ Classifier: Programming Language :: Python :: 3.7
|
|
|
16
14
|
Classifier: Programming Language :: Python :: 3.8
|
|
17
15
|
Classifier: Programming Language :: Python :: 3.9
|
|
18
16
|
Description-Content-Type: text/markdown
|
|
17
|
+
License-File: LICENSE
|
|
19
18
|
|
|
20
19
|
# FlowAnalyzer
|
|
21
20
|
|
|
@@ -53,7 +52,7 @@ display_filter = "(http.request and urlencoded-form) or (http.request and data-t
|
|
|
53
52
|
jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
|
|
54
53
|
for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
|
|
55
54
|
print(f"[+] 正在处理第{count}个HTTP流!")
|
|
56
|
-
|
|
55
|
+
|
|
57
56
|
request, response = http.request, http.response
|
|
58
57
|
if request:
|
|
59
58
|
request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
|
|
@@ -83,5 +82,3 @@ Feel free to submit issues or pull requests if you have any suggestions, improve
|
|
|
83
82
|
# License
|
|
84
83
|
|
|
85
84
|
This project is licensed under the [MIT License.](LICENSE)
|
|
86
|
-
|
|
87
|
-
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
FlowAnalyzer/FlowAnalyzer.py,sha256=mfqc2GO6eyJthfUM-Kg39W1TfoOxrH5KvszQVax1Wf4,11115
|
|
2
|
+
FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
|
|
3
|
+
FlowAnalyzer/logging_config.py,sha256=e-73IByM1TuE2G1isOBvtIcr9XztWqPkGN-VsNEFbvY,671
|
|
4
|
+
FlowAnalyzer-0.3.2.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
|
|
5
|
+
FlowAnalyzer-0.3.2.dist-info/METADATA,sha256=dT7quKm_d0TZ9dc0mp81HXU9M1UuoMt38h6dXDnmJYo,10288
|
|
6
|
+
FlowAnalyzer-0.3.2.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
7
|
+
FlowAnalyzer-0.3.2.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
|
|
8
|
+
FlowAnalyzer-0.3.2.dist-info/RECORD,,
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
FlowAnalyzer/FlowAnalyzer.py,sha256=aTrTmIbajG8EqiyDnVTFnuhvL32uIHNzgtHzMs8Bs_U,10695
|
|
2
|
-
FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
|
|
3
|
-
FlowAnalyzer/logging_config.py,sha256=e-73IByM1TuE2G1isOBvtIcr9XztWqPkGN-VsNEFbvY,671
|
|
4
|
-
FlowAnalyzer-0.3.1.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
|
|
5
|
-
FlowAnalyzer-0.3.1.dist-info/METADATA,sha256=wR3Rq7muUriFb3zb5lqgJ7f63ns_RYRfVvn_NzPtATY,10302
|
|
6
|
-
FlowAnalyzer-0.3.1.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
|
|
7
|
-
FlowAnalyzer-0.3.1.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
|
|
8
|
-
FlowAnalyzer-0.3.1.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|