FlowAnalyzer 0.3.1__py3-none-any.whl → 0.3.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -15,19 +15,19 @@ logger = configure_logger("FlowAnalyzer", logging.INFO)
15
15
 
16
16
 
17
17
  class Request(NamedTuple):
18
- frame_num: Optional[int]
18
+ frame_num: int
19
19
  header: bytes
20
20
  file_data: bytes
21
- full_uri: Optional[str]
22
- time_epoch: Optional[float]
21
+ full_uri: str
22
+ time_epoch: float
23
23
 
24
24
 
25
25
  class Response(NamedTuple):
26
- frame_num: Optional[int]
26
+ frame_num: int
27
27
  header: bytes
28
28
  file_data: bytes
29
- request_in: Optional[int]
30
- time_epoch: Optional[float]
29
+ request_in: int
30
+ time_epoch: float
31
31
 
32
32
 
33
33
  class HttpPair(NamedTuple):
@@ -66,6 +66,37 @@ class FlowAnalyzer:
66
66
  if os.path.getsize(self.jsonPath) == 0:
67
67
  raise ValueError("您的tshark导出的JSON文件内容为空!JSON路径:%s" % self.jsonPath)
68
68
 
69
+ def parse_packet(self, packet: dict) -> Tuple[int, int, float, str, str]:
70
+ """解析Json中的关键信息字段
71
+
72
+ Parameters
73
+ ----------
74
+ packet : dict
75
+ 传入Json字典
76
+
77
+ Returns
78
+ -------
79
+ Tuple[int, int, float, str, str]
80
+ frame_num, request_in, time_epoch, full_uri, full_request
81
+ """
82
+ # frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
83
+ # time_epoch = float(packet["frame.time_epoch"][0]) if packet.get("frame.time_epoch") else None
84
+ # full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
85
+
86
+ frame_num = int(packet["frame.number"][0])
87
+ request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
88
+ full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else ""
89
+ time_epoch = float(packet["frame.time_epoch"][0])
90
+
91
+ if packet.get("tcp.reassembled.data"):
92
+ full_request = packet["tcp.reassembled.data"][0]
93
+ elif packet.get("tcp.payload"):
94
+ full_request = packet["tcp.payload"][0]
95
+ else:
96
+ # exported_pdu.exported_pdu
97
+ full_request = packet["exported_pdu.exported_pdu"][0]
98
+ return frame_num, request_in, time_epoch, full_uri, full_request
99
+
69
100
  def parse_http_json(self) -> Tuple[Dict[int, Request], Dict[int, Response]]:
70
101
  # sourcery skip: use-named-expression
71
102
  """解析JSON数据文件中的HTTP请求和响应信息
@@ -81,22 +112,10 @@ class FlowAnalyzer:
81
112
  requests, responses = {}, {}
82
113
  for packet in data:
83
114
  packet = packet["_source"]["layers"]
84
- time_epoch = float(packet["frame.time_epoch"][0]) if packet.get("frame.time_epoch") else None
85
-
86
- if packet.get("tcp.reassembled.data"):
87
- full_request = packet["tcp.reassembled.data"][0]
88
- elif packet.get("tcp.payload"):
89
- full_request = packet["tcp.payload"][0]
90
- else:
91
- # exported_pdu.exported_pdu
92
- full_request = packet["exported_pdu.exported_pdu"][0]
93
-
94
- frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
95
- request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
96
- full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
97
-
115
+ frame_num, request_in, time_epoch, full_uri, full_request = self.parse_packet(packet)
98
116
  header, file_data = self.extract_http_file_data(full_request)
99
117
 
118
+ # 请求包使用 full_uri 来记录请求 url 返回包使用 request_in 来记录请求包的序号
100
119
  if packet.get("http.response_number"):
101
120
  responses[frame_num] = Response(
102
121
  frame_num=frame_num,
@@ -146,32 +165,15 @@ class FlowAnalyzer:
146
165
  # tshark -r {} -Y "{}" -T json -e http.request_number -e http.response_number -e http.request_in -e tcp.reassembled.data -e frame.number -e tcp.payload -e frame.time_epoch -e http.request.full_uri > output.json
147
166
 
148
167
  command = [
149
- "tshark",
150
- "-r",
151
- fileName,
152
- "-Y",
153
- f"(tcp.reassembled_in) or ({display_filter})",
154
- "-T",
155
- "json",
156
- "-e",
157
- "http.request_number",
158
- "-e",
159
- "http.response_number",
160
- "-e",
161
- "http.request_in",
162
- "-e",
163
- "tcp.reassembled.data",
164
- "-e",
165
- "frame.number",
166
- "-e",
167
- "tcp.payload",
168
- "-e",
169
- "frame.time_epoch",
170
- "-e",
171
- "exported_pdu.exported_pdu",
172
- "-e",
173
- "http.request.full_uri" ">",
174
- "output.json",
168
+ "tshark", "-r", fileName,
169
+ "-Y", f"(tcp.reassembled_in) or ({display_filter})",
170
+ "-T", "json",
171
+ "-e", "http.request_number", "-e", "http.response_number", "-e", "http.request_in",
172
+ "-e", "tcp.reassembled.data", "-e", "frame.number", "-e", "tcp.payload",
173
+ "-e", "frame.time_epoch",
174
+ "-e", "exported_pdu.exported_pdu",
175
+ "-e", "http.request.full_uri",
176
+ ">", "output.json",
175
177
  ]
176
178
 
177
179
  _, stderr = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tshark_workDir).communicate()
@@ -1,12 +1,10 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: FlowAnalyzer
3
- Version: 0.3.1
3
+ Version: 0.3.3
4
4
  Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
5
  Home-page: https://github.com/Byxs20/FlowAnalyzer
6
6
  Author: Byxs20
7
7
  Author-email: 97766819@qq.com
8
- License: UNKNOWN
9
- Platform: UNKNOWN
10
8
  Classifier: Development Status :: 3 - Alpha
11
9
  Classifier: Intended Audience :: Developers
12
10
  Classifier: License :: OSI Approved :: MIT License
@@ -16,6 +14,7 @@ Classifier: Programming Language :: Python :: 3.7
16
14
  Classifier: Programming Language :: Python :: 3.8
17
15
  Classifier: Programming Language :: Python :: 3.9
18
16
  Description-Content-Type: text/markdown
17
+ License-File: LICENSE
19
18
 
20
19
  # FlowAnalyzer
21
20
 
@@ -53,7 +52,7 @@ display_filter = "(http.request and urlencoded-form) or (http.request and data-t
53
52
  jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
54
53
  for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
55
54
  print(f"[+] 正在处理第{count}个HTTP流!")
56
-
55
+
57
56
  request, response = http.request, http.response
58
57
  if request:
59
58
  request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
@@ -83,5 +82,3 @@ Feel free to submit issues or pull requests if you have any suggestions, improve
83
82
  # License
84
83
 
85
84
  This project is licensed under the [MIT License.](LICENSE)
86
-
87
-
@@ -0,0 +1,8 @@
1
+ FlowAnalyzer/FlowAnalyzer.py,sha256=LpTPzcikRpeTOfNumMM8Kd08Jh8nQkC6jOx27EsD-yk,11285
2
+ FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
3
+ FlowAnalyzer/logging_config.py,sha256=e-73IByM1TuE2G1isOBvtIcr9XztWqPkGN-VsNEFbvY,671
4
+ FlowAnalyzer-0.3.3.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
5
+ FlowAnalyzer-0.3.3.dist-info/METADATA,sha256=9HR-TIXj1i7kLgpfpQ7blxf55pOoOp-n5_je_nNb_vk,10288
6
+ FlowAnalyzer-0.3.3.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
7
+ FlowAnalyzer-0.3.3.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
8
+ FlowAnalyzer-0.3.3.dist-info/RECORD,,
@@ -1,5 +1,5 @@
1
1
  Wheel-Version: 1.0
2
- Generator: bdist_wheel (0.40.0)
2
+ Generator: setuptools (72.1.0)
3
3
  Root-Is-Purelib: true
4
4
  Tag: py3-none-any
5
5
 
@@ -1,8 +0,0 @@
1
- FlowAnalyzer/FlowAnalyzer.py,sha256=aTrTmIbajG8EqiyDnVTFnuhvL32uIHNzgtHzMs8Bs_U,10695
2
- FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
3
- FlowAnalyzer/logging_config.py,sha256=e-73IByM1TuE2G1isOBvtIcr9XztWqPkGN-VsNEFbvY,671
4
- FlowAnalyzer-0.3.1.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
5
- FlowAnalyzer-0.3.1.dist-info/METADATA,sha256=wR3Rq7muUriFb3zb5lqgJ7f63ns_RYRfVvn_NzPtATY,10302
6
- FlowAnalyzer-0.3.1.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
7
- FlowAnalyzer-0.3.1.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
8
- FlowAnalyzer-0.3.1.dist-info/RECORD,,