FlowAnalyzer 0.3.1__py3-none-any.whl → 0.3.3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- FlowAnalyzer/FlowAnalyzer.py +48 -46
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.3.dist-info}/METADATA +3 -6
- FlowAnalyzer-0.3.3.dist-info/RECORD +8 -0
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.3.dist-info}/WHEEL +1 -1
- FlowAnalyzer-0.3.1.dist-info/RECORD +0 -8
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.3.dist-info}/LICENSE +0 -0
- {FlowAnalyzer-0.3.1.dist-info → FlowAnalyzer-0.3.3.dist-info}/top_level.txt +0 -0
FlowAnalyzer/FlowAnalyzer.py
CHANGED
|
@@ -15,19 +15,19 @@ logger = configure_logger("FlowAnalyzer", logging.INFO)
|
|
|
15
15
|
|
|
16
16
|
|
|
17
17
|
class Request(NamedTuple):
|
|
18
|
-
frame_num:
|
|
18
|
+
frame_num: int
|
|
19
19
|
header: bytes
|
|
20
20
|
file_data: bytes
|
|
21
|
-
full_uri:
|
|
22
|
-
time_epoch:
|
|
21
|
+
full_uri: str
|
|
22
|
+
time_epoch: float
|
|
23
23
|
|
|
24
24
|
|
|
25
25
|
class Response(NamedTuple):
|
|
26
|
-
frame_num:
|
|
26
|
+
frame_num: int
|
|
27
27
|
header: bytes
|
|
28
28
|
file_data: bytes
|
|
29
|
-
request_in:
|
|
30
|
-
time_epoch:
|
|
29
|
+
request_in: int
|
|
30
|
+
time_epoch: float
|
|
31
31
|
|
|
32
32
|
|
|
33
33
|
class HttpPair(NamedTuple):
|
|
@@ -66,6 +66,37 @@ class FlowAnalyzer:
|
|
|
66
66
|
if os.path.getsize(self.jsonPath) == 0:
|
|
67
67
|
raise ValueError("您的tshark导出的JSON文件内容为空!JSON路径:%s" % self.jsonPath)
|
|
68
68
|
|
|
69
|
+
def parse_packet(self, packet: dict) -> Tuple[int, int, float, str, str]:
|
|
70
|
+
"""解析Json中的关键信息字段
|
|
71
|
+
|
|
72
|
+
Parameters
|
|
73
|
+
----------
|
|
74
|
+
packet : dict
|
|
75
|
+
传入Json字典
|
|
76
|
+
|
|
77
|
+
Returns
|
|
78
|
+
-------
|
|
79
|
+
Tuple[int, int, float, str, str]
|
|
80
|
+
frame_num, request_in, time_epoch, full_uri, full_request
|
|
81
|
+
"""
|
|
82
|
+
# frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
83
|
+
# time_epoch = float(packet["frame.time_epoch"][0]) if packet.get("frame.time_epoch") else None
|
|
84
|
+
# full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
85
|
+
|
|
86
|
+
frame_num = int(packet["frame.number"][0])
|
|
87
|
+
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
88
|
+
full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else ""
|
|
89
|
+
time_epoch = float(packet["frame.time_epoch"][0])
|
|
90
|
+
|
|
91
|
+
if packet.get("tcp.reassembled.data"):
|
|
92
|
+
full_request = packet["tcp.reassembled.data"][0]
|
|
93
|
+
elif packet.get("tcp.payload"):
|
|
94
|
+
full_request = packet["tcp.payload"][0]
|
|
95
|
+
else:
|
|
96
|
+
# exported_pdu.exported_pdu
|
|
97
|
+
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
98
|
+
return frame_num, request_in, time_epoch, full_uri, full_request
|
|
99
|
+
|
|
69
100
|
def parse_http_json(self) -> Tuple[Dict[int, Request], Dict[int, Response]]:
|
|
70
101
|
# sourcery skip: use-named-expression
|
|
71
102
|
"""解析JSON数据文件中的HTTP请求和响应信息
|
|
@@ -81,22 +112,10 @@ class FlowAnalyzer:
|
|
|
81
112
|
requests, responses = {}, {}
|
|
82
113
|
for packet in data:
|
|
83
114
|
packet = packet["_source"]["layers"]
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
if packet.get("tcp.reassembled.data"):
|
|
87
|
-
full_request = packet["tcp.reassembled.data"][0]
|
|
88
|
-
elif packet.get("tcp.payload"):
|
|
89
|
-
full_request = packet["tcp.payload"][0]
|
|
90
|
-
else:
|
|
91
|
-
# exported_pdu.exported_pdu
|
|
92
|
-
full_request = packet["exported_pdu.exported_pdu"][0]
|
|
93
|
-
|
|
94
|
-
frame_num = int(packet["frame.number"][0]) if packet.get("frame.number") else None
|
|
95
|
-
request_in = int(packet["http.request_in"][0]) if packet.get("http.request_in") else frame_num
|
|
96
|
-
full_uri = parse.unquote(packet["http.request.full_uri"][0]) if packet.get("http.request.full_uri") else None
|
|
97
|
-
|
|
115
|
+
frame_num, request_in, time_epoch, full_uri, full_request = self.parse_packet(packet)
|
|
98
116
|
header, file_data = self.extract_http_file_data(full_request)
|
|
99
117
|
|
|
118
|
+
# 请求包使用 full_uri 来记录请求 url 返回包使用 request_in 来记录请求包的序号
|
|
100
119
|
if packet.get("http.response_number"):
|
|
101
120
|
responses[frame_num] = Response(
|
|
102
121
|
frame_num=frame_num,
|
|
@@ -146,32 +165,15 @@ class FlowAnalyzer:
|
|
|
146
165
|
# tshark -r {} -Y "{}" -T json -e http.request_number -e http.response_number -e http.request_in -e tcp.reassembled.data -e frame.number -e tcp.payload -e frame.time_epoch -e http.request.full_uri > output.json
|
|
147
166
|
|
|
148
167
|
command = [
|
|
149
|
-
"tshark",
|
|
150
|
-
"-
|
|
151
|
-
|
|
152
|
-
"-
|
|
153
|
-
|
|
154
|
-
"-
|
|
155
|
-
"
|
|
156
|
-
"-e",
|
|
157
|
-
"
|
|
158
|
-
"-e",
|
|
159
|
-
"http.response_number",
|
|
160
|
-
"-e",
|
|
161
|
-
"http.request_in",
|
|
162
|
-
"-e",
|
|
163
|
-
"tcp.reassembled.data",
|
|
164
|
-
"-e",
|
|
165
|
-
"frame.number",
|
|
166
|
-
"-e",
|
|
167
|
-
"tcp.payload",
|
|
168
|
-
"-e",
|
|
169
|
-
"frame.time_epoch",
|
|
170
|
-
"-e",
|
|
171
|
-
"exported_pdu.exported_pdu",
|
|
172
|
-
"-e",
|
|
173
|
-
"http.request.full_uri" ">",
|
|
174
|
-
"output.json",
|
|
168
|
+
"tshark", "-r", fileName,
|
|
169
|
+
"-Y", f"(tcp.reassembled_in) or ({display_filter})",
|
|
170
|
+
"-T", "json",
|
|
171
|
+
"-e", "http.request_number", "-e", "http.response_number", "-e", "http.request_in",
|
|
172
|
+
"-e", "tcp.reassembled.data", "-e", "frame.number", "-e", "tcp.payload",
|
|
173
|
+
"-e", "frame.time_epoch",
|
|
174
|
+
"-e", "exported_pdu.exported_pdu",
|
|
175
|
+
"-e", "http.request.full_uri",
|
|
176
|
+
">", "output.json",
|
|
175
177
|
]
|
|
176
178
|
|
|
177
179
|
_, stderr = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tshark_workDir).communicate()
|
|
@@ -1,12 +1,10 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.3.
|
|
3
|
+
Version: 0.3.3
|
|
4
4
|
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
5
|
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
6
|
Author: Byxs20
|
|
7
7
|
Author-email: 97766819@qq.com
|
|
8
|
-
License: UNKNOWN
|
|
9
|
-
Platform: UNKNOWN
|
|
10
8
|
Classifier: Development Status :: 3 - Alpha
|
|
11
9
|
Classifier: Intended Audience :: Developers
|
|
12
10
|
Classifier: License :: OSI Approved :: MIT License
|
|
@@ -16,6 +14,7 @@ Classifier: Programming Language :: Python :: 3.7
|
|
|
16
14
|
Classifier: Programming Language :: Python :: 3.8
|
|
17
15
|
Classifier: Programming Language :: Python :: 3.9
|
|
18
16
|
Description-Content-Type: text/markdown
|
|
17
|
+
License-File: LICENSE
|
|
19
18
|
|
|
20
19
|
# FlowAnalyzer
|
|
21
20
|
|
|
@@ -53,7 +52,7 @@ display_filter = "(http.request and urlencoded-form) or (http.request and data-t
|
|
|
53
52
|
jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
|
|
54
53
|
for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
|
|
55
54
|
print(f"[+] 正在处理第{count}个HTTP流!")
|
|
56
|
-
|
|
55
|
+
|
|
57
56
|
request, response = http.request, http.response
|
|
58
57
|
if request:
|
|
59
58
|
request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
|
|
@@ -83,5 +82,3 @@ Feel free to submit issues or pull requests if you have any suggestions, improve
|
|
|
83
82
|
# License
|
|
84
83
|
|
|
85
84
|
This project is licensed under the [MIT License.](LICENSE)
|
|
86
|
-
|
|
87
|
-
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
FlowAnalyzer/FlowAnalyzer.py,sha256=LpTPzcikRpeTOfNumMM8Kd08Jh8nQkC6jOx27EsD-yk,11285
|
|
2
|
+
FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
|
|
3
|
+
FlowAnalyzer/logging_config.py,sha256=e-73IByM1TuE2G1isOBvtIcr9XztWqPkGN-VsNEFbvY,671
|
|
4
|
+
FlowAnalyzer-0.3.3.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
|
|
5
|
+
FlowAnalyzer-0.3.3.dist-info/METADATA,sha256=9HR-TIXj1i7kLgpfpQ7blxf55pOoOp-n5_je_nNb_vk,10288
|
|
6
|
+
FlowAnalyzer-0.3.3.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
7
|
+
FlowAnalyzer-0.3.3.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
|
|
8
|
+
FlowAnalyzer-0.3.3.dist-info/RECORD,,
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
FlowAnalyzer/FlowAnalyzer.py,sha256=aTrTmIbajG8EqiyDnVTFnuhvL32uIHNzgtHzMs8Bs_U,10695
|
|
2
|
-
FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
|
|
3
|
-
FlowAnalyzer/logging_config.py,sha256=e-73IByM1TuE2G1isOBvtIcr9XztWqPkGN-VsNEFbvY,671
|
|
4
|
-
FlowAnalyzer-0.3.1.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
|
|
5
|
-
FlowAnalyzer-0.3.1.dist-info/METADATA,sha256=wR3Rq7muUriFb3zb5lqgJ7f63ns_RYRfVvn_NzPtATY,10302
|
|
6
|
-
FlowAnalyzer-0.3.1.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
|
|
7
|
-
FlowAnalyzer-0.3.1.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
|
|
8
|
-
FlowAnalyzer-0.3.1.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|