FlowAnalyzer 0.3.6__py3-none-any.whl → 0.3.7__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. FlowAnalyzer/FlowAnalyzer.py +3 -4
  2. FlowAnalyzer-0.3.7.dist-info/METADATA +71 -0
  3. FlowAnalyzer-0.3.7.dist-info/RECORD +9 -0
  4. FlowAnalyzer-0.3.6.dist-info/METADATA +0 -94
  5. FlowAnalyzer-0.3.6.dist-info/RECORD +0 -9
  6. {FlowAnalyzer-0.3.6.dist-info → FlowAnalyzer-0.3.7.dist-info}/LICENSE +0 -0
  7. {FlowAnalyzer-0.3.6.dist-info → FlowAnalyzer-0.3.7.dist-info}/WHEEL +0 -0
  8. {FlowAnalyzer-0.3.6.dist-info → FlowAnalyzer-0.3.7.dist-info}/top_level.txt +0 -0
FlowAnalyzer/FlowAnalyzer.py CHANGED
@@ -110,7 +110,7 @@ class FlowAnalyzer:
110
110
  header, file_data = self.extract_http_file_data(full_request)
111
111
 
112
112
  # 请求包使用 full_uri 来记录请求 url 返回包使用 request_in 来记录请求包的序号
113
- if packet.get("http.response_number"):
113
+ if packet.get("http.response.code"):
114
114
  responses[frame_num] = Response(
115
115
  frame_num=frame_num,
116
116
  request_in=request_in,
@@ -161,8 +161,7 @@ class FlowAnalyzer:
161
161
  "-r", fileName,
162
162
  "-Y", f"(tcp.reassembled_in) or ({display_filter})",
163
163
  "-T", "json",
164
- "-e", "http.request_number",
165
- "-e", "http.response_number",
164
+ "-e", "http.response.code",
166
165
  "-e", "http.request_in",
167
166
  "-e", "tcp.reassembled.data",
168
167
  "-e", "frame.number",
@@ -224,7 +223,7 @@ class FlowAnalyzer:
224
223
  logger.debug("匹配HASH校验无误,自动返回Json文件路径!")
225
224
  return jsonWordPath
226
225
  except Exception:
227
- logger.debug("默认的Json文件无法被正常解析, 正在重新生成josn文件中")
226
+ logger.debug("默认的Json文件无法被正常解析, 正在重新生成Json文件中")
228
227
 
229
228
  tshark_path = FlowAnalyzer.get_tshark_path(tshark_path)
230
229
  FlowAnalyzer.extract_json_file(fileName, display_filter, tshark_workDir, tshark_path)
FlowAnalyzer-0.3.7.dist-info/METADATA ADDED
@@ -0,0 +1,71 @@
1
+ Metadata-Version: 2.1
2
+ Name: FlowAnalyzer
3
+ Version: 0.3.7
4
+ Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
+ Home-page: https://github.com/Byxs20/FlowAnalyzer
6
+ Author: Byxs20
7
+ Author-email: 97766819@qq.com
8
+ Classifier: Development Status :: 3 - Alpha
9
+ Classifier: Intended Audience :: Developers
10
+ Classifier: License :: OSI Approved :: MIT License
11
+ Classifier: Programming Language :: Python :: 3
12
+ Classifier: Programming Language :: Python :: 3.6
13
+ Classifier: Programming Language :: Python :: 3.7
14
+ Classifier: Programming Language :: Python :: 3.8
15
+ Classifier: Programming Language :: Python :: 3.9
16
+ Description-Content-Type: text/markdown
17
+ License-File: LICENSE
18
+
19
+ # FlowAnalyzer
20
+
21
+ # 安装
22
+
23
+ 使用 `pip` 安装:
24
+
25
+ ```
26
+ pip3 install FlowAnalyzer
27
+ ```
28
+
29
+ ```
30
+ pip3 install FlowAnalyzer -i https://pypi.org/simple
31
+ ```
32
+
33
+ # 快速上手
34
+
35
+ ## 配置
36
+
37
+ 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
38
+
39
+ ```python
40
+ # windows
41
+ tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
42
+ ```
43
+
44
+ `Linux`, `MacOS` 默认路径不清楚,需要看下面的**纠正路径**,**确定路径没有问题,那也无需任何配置即可使用!**
45
+
46
+ ## 纠正路径
47
+
48
+ 修改 `python安装目录\Lib\site-packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为**tshark正确路径**
49
+
50
+ ## 测试
51
+
52
+ ```
53
+ $ git clone https://github.com/Byxs20/FlowAnalyzer.git
54
+ $ cd ./FlowAnalyzer/
55
+ $ python -m tests.demo
56
+ ```
57
+
58
+ 运行结果:
59
+
60
+ ```
61
+ [+] 正在处理第1个HTTP流!
62
+ 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\n
63
+ ...
64
+ ```
65
+
66
+ # Contributing
67
+ Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
68
+
69
+ # License
70
+
71
+ This project is licensed under the [MIT License.](LICENSE)
FlowAnalyzer-0.3.7.dist-info/RECORD ADDED
@@ -0,0 +1,9 @@
1
+ FlowAnalyzer/FlowAnalyzer.py,sha256=E4hp7anNMlELKF_EOZcO2QCVxRjwrQv3pQcSs3lPw5o,12031
2
+ FlowAnalyzer/Path.py,sha256=E5VvucTftp8VTQUffFzFWHotQEYtZL-j7IQPOaleiug,130
3
+ FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
4
+ FlowAnalyzer/logging_config.py,sha256=-RntNJhrBiW7ToXIP1WJjZ4Yf9jmZQ1PTX_er3tDxhw,730
5
+ FlowAnalyzer-0.3.7.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
6
+ FlowAnalyzer-0.3.7.dist-info/METADATA,sha256=6vdbTYk2wCH58J6dvnclz5odouEw4EPIossdV75PHu4,1956
7
+ FlowAnalyzer-0.3.7.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
8
+ FlowAnalyzer-0.3.7.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
9
+ FlowAnalyzer-0.3.7.dist-info/RECORD,,
FlowAnalyzer-0.3.6.dist-info/METADATA DELETED
@@ -1,94 +0,0 @@
1
- Metadata-Version: 2.1
2
- Name: FlowAnalyzer
3
- Version: 0.3.6
4
- Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
- Home-page: https://github.com/Byxs20/FlowAnalyzer
6
- Author: Byxs20
7
- Author-email: 97766819@qq.com
8
- Classifier: Development Status :: 3 - Alpha
9
- Classifier: Intended Audience :: Developers
10
- Classifier: License :: OSI Approved :: MIT License
11
- Classifier: Programming Language :: Python :: 3
12
- Classifier: Programming Language :: Python :: 3.6
13
- Classifier: Programming Language :: Python :: 3.7
14
- Classifier: Programming Language :: Python :: 3.8
15
- Classifier: Programming Language :: Python :: 3.9
16
- Description-Content-Type: text/markdown
17
- License-File: LICENSE
18
-
19
- # FlowAnalyzer
20
-
21
- # 安装
22
-
23
- 使用 `pip` 安装:
24
-
25
- ```
26
- pip3 install FlowAnalyzer
27
- ```
28
-
29
- ```
30
- pip3 install FlowAnalyzer -i https://pypi.org/simple
31
- ```
32
-
33
- # 快速上手
34
-
35
- 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
36
-
37
- ```python
38
- # windows
39
- tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
40
- ```
41
-
42
- 您确定路径没有问题,那也无需任何配置即可使用!
43
-
44
- 否则,您需要修改 `python安装目录\Lib\site- packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为您的安装目录
45
-
46
- ```
47
- $ git clone https://github.com/Byxs20/FlowAnalyzer.git
48
- $ cd ./FlowAnalyzer/
49
- ```
50
-
51
- 使用 `python3 .\tests\demo.py` 看是否能输出正确的运行结果,测试代码如下:
52
-
53
- ```python
54
- # sourcery skip: use-fstring-for-formatting
55
- import os
56
- from FlowAnalyzer import FlowAnalyzer
57
-
58
-
59
- baseDir = os.path.dirname(os.path.abspath(__file__))
60
- flowPath = os.path.join(baseDir, "flow.pcapng")
61
- display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
62
-
63
- jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
64
- for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
65
- print(f"[+] 正在处理第{count}个HTTP流!")
66
-
67
- request, response = http.request, http.response
68
- if request:
69
- request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
70
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
71
-
72
- if response:
73
- response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
74
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
75
- ```
76
-
77
- 运行结果:
78
-
79
- ```
80
- [+] 正在处理第1个HTTP流!
81
- 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
82
- 序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
83
- [+] 正在处理第2个HTTP流!
84
- 序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
85
- 序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
86
- ...
87
- ```
88
-
89
- # Contributing
90
- Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
91
-
92
- # License
93
-
94
- This project is licensed under the [MIT License.](LICENSE)
FlowAnalyzer-0.3.6.dist-info/RECORD DELETED
@@ -1,9 +0,0 @@
1
- FlowAnalyzer/FlowAnalyzer.py,sha256=SqNqI0aWJRCnobicnca1lXXvhSv7wq2fZKgBkBGGlMo,12077
2
- FlowAnalyzer/Path.py,sha256=E5VvucTftp8VTQUffFzFWHotQEYtZL-j7IQPOaleiug,130
3
- FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
4
- FlowAnalyzer/logging_config.py,sha256=-RntNJhrBiW7ToXIP1WJjZ4Yf9jmZQ1PTX_er3tDxhw,730
5
- FlowAnalyzer-0.3.6.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
6
- FlowAnalyzer-0.3.6.dist-info/METADATA,sha256=Wc_cJNb6hYf9xNbLmefwWxqJU2joVbG_0XSss8ZVdCI,8103
7
- FlowAnalyzer-0.3.6.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
8
- FlowAnalyzer-0.3.6.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
9
- FlowAnalyzer-0.3.6.dist-info/RECORD,,