FlowAnalyzer 0.3.8__py3-none-any.whl → 0.4.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- FlowAnalyzer/FlowAnalyzer.py +48 -38
- {FlowAnalyzer-0.3.8.dist-info → FlowAnalyzer-0.4.0.dist-info}/METADATA +2 -2
- FlowAnalyzer-0.4.0.dist-info/RECORD +9 -0
- FlowAnalyzer-0.3.8.dist-info/RECORD +0 -9
- {FlowAnalyzer-0.3.8.dist-info → FlowAnalyzer-0.4.0.dist-info}/LICENSE +0 -0
- {FlowAnalyzer-0.3.8.dist-info → FlowAnalyzer-0.4.0.dist-info}/WHEEL +0 -0
- {FlowAnalyzer-0.3.8.dist-info → FlowAnalyzer-0.4.0.dist-info}/top_level.txt +0 -0
FlowAnalyzer/FlowAnalyzer.py
CHANGED
|
@@ -3,8 +3,8 @@ import gzip
|
|
|
3
3
|
import hashlib
|
|
4
4
|
import json
|
|
5
5
|
import os
|
|
6
|
-
import shutil
|
|
7
6
|
import subprocess
|
|
7
|
+
from dataclasses import dataclass
|
|
8
8
|
from typing import Dict, Iterable, NamedTuple, Optional, Tuple
|
|
9
9
|
from urllib import parse
|
|
10
10
|
|
|
@@ -12,7 +12,8 @@ from .logging_config import logger
|
|
|
12
12
|
from .Path import get_default_tshark_path
|
|
13
13
|
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
@dataclass
|
|
16
|
+
class Request:
|
|
16
17
|
frame_num: int
|
|
17
18
|
header: bytes
|
|
18
19
|
file_data: bytes
|
|
@@ -20,12 +21,13 @@ class Request(NamedTuple):
|
|
|
20
21
|
time_epoch: float
|
|
21
22
|
|
|
22
23
|
|
|
23
|
-
|
|
24
|
+
@dataclass
|
|
25
|
+
class Response:
|
|
24
26
|
frame_num: int
|
|
25
27
|
header: bytes
|
|
26
28
|
file_data: bytes
|
|
27
|
-
request_in: int
|
|
28
29
|
time_epoch: float
|
|
30
|
+
_request_in: Optional[int]
|
|
29
31
|
|
|
30
32
|
|
|
31
33
|
class HttpPair(NamedTuple):
|
|
@@ -112,7 +114,7 @@ class FlowAnalyzer:
|
|
|
112
114
|
if packet.get("http.response.code"):
|
|
113
115
|
responses[frame_num] = Response(
|
|
114
116
|
frame_num=frame_num,
|
|
115
|
-
|
|
117
|
+
_request_in=request_in,
|
|
116
118
|
header=header,
|
|
117
119
|
file_data=file_data,
|
|
118
120
|
time_epoch=time_epoch,
|
|
@@ -131,20 +133,20 @@ class FlowAnalyzer:
|
|
|
131
133
|
包含请求和响应信息的字典迭代器
|
|
132
134
|
"""
|
|
133
135
|
requests, responses = self.parse_http_json()
|
|
134
|
-
response_map = {r.
|
|
136
|
+
response_map = {r._request_in: r for r in responses.values()}
|
|
135
137
|
yielded_resps = []
|
|
136
138
|
for req_id, req in requests.items():
|
|
137
139
|
resp = response_map.get(req_id)
|
|
138
140
|
if resp:
|
|
139
141
|
yielded_resps.append(resp)
|
|
140
|
-
resp =
|
|
142
|
+
resp._request_in = None
|
|
141
143
|
yield HttpPair(request=req, response=resp)
|
|
142
144
|
else:
|
|
143
145
|
yield HttpPair(request=req, response=None)
|
|
144
146
|
|
|
145
147
|
for resp in response_map.values():
|
|
146
148
|
if resp not in yielded_resps:
|
|
147
|
-
resp =
|
|
149
|
+
resp._request_in = None
|
|
148
150
|
yield HttpPair(request=None, response=resp)
|
|
149
151
|
|
|
150
152
|
@staticmethod
|
|
@@ -153,30 +155,38 @@ class FlowAnalyzer:
|
|
|
153
155
|
return hashlib.md5(f.read() + display_filter.encode()).hexdigest()
|
|
154
156
|
|
|
155
157
|
@staticmethod
|
|
156
|
-
def extract_json_file(file_name: str, display_filter: str, tshark_work_dir: str,
|
|
158
|
+
def extract_json_file(file_name: str, display_filter: str, tshark_path: str, tshark_work_dir: str, json_work_path: str) -> None:
|
|
157
159
|
command = [
|
|
158
160
|
tshark_path,
|
|
159
|
-
"-r",
|
|
160
|
-
|
|
161
|
-
"-
|
|
162
|
-
"
|
|
163
|
-
"-
|
|
164
|
-
"
|
|
165
|
-
"-e",
|
|
166
|
-
"
|
|
167
|
-
"-e",
|
|
168
|
-
"
|
|
169
|
-
"-e",
|
|
161
|
+
"-r",
|
|
162
|
+
file_name,
|
|
163
|
+
"-Y",
|
|
164
|
+
f"({display_filter})",
|
|
165
|
+
"-T",
|
|
166
|
+
"json",
|
|
167
|
+
"-e",
|
|
168
|
+
"http.response.code",
|
|
169
|
+
"-e",
|
|
170
|
+
"http.request_in",
|
|
171
|
+
"-e",
|
|
172
|
+
"tcp.reassembled.data",
|
|
173
|
+
"-e",
|
|
174
|
+
"frame.number",
|
|
175
|
+
"-e",
|
|
176
|
+
"tcp.payload",
|
|
177
|
+
"-e",
|
|
178
|
+
"frame.time_epoch",
|
|
179
|
+
"-e",
|
|
180
|
+
"exported_pdu.exported_pdu",
|
|
181
|
+
"-e",
|
|
182
|
+
"http.request.full_uri",
|
|
170
183
|
]
|
|
184
|
+
logger.debug(f"导出Json命令: {command}")
|
|
171
185
|
|
|
172
|
-
with open(
|
|
173
|
-
process = subprocess.Popen(
|
|
174
|
-
command,
|
|
175
|
-
stdout=output_file,
|
|
176
|
-
stderr=subprocess.PIPE,
|
|
177
|
-
cwd=tshark_work_dir
|
|
178
|
-
)
|
|
186
|
+
with open(json_work_path, "wb") as output_file:
|
|
187
|
+
process = subprocess.Popen(command, stdout=output_file, stderr=subprocess.PIPE, cwd=tshark_work_dir)
|
|
179
188
|
_, stderr = process.communicate()
|
|
189
|
+
logger.debug(f"导出Json文件路径: {json_work_path}")
|
|
180
190
|
|
|
181
191
|
if stderr and b"WARNING" not in stderr:
|
|
182
192
|
try:
|
|
@@ -185,10 +195,7 @@ class FlowAnalyzer:
|
|
|
185
195
|
print(f"[Warning/Error]: {stderr.decode('gbk')}")
|
|
186
196
|
|
|
187
197
|
@staticmethod
|
|
188
|
-
def
|
|
189
|
-
if tshark_json_path != json_work_path:
|
|
190
|
-
shutil.move(tshark_json_path, json_work_path)
|
|
191
|
-
|
|
198
|
+
def add_md5sum(json_work_path: str, md5_sum: str) -> None:
|
|
192
199
|
with open(json_work_path, "r", encoding="utf-8") as f:
|
|
193
200
|
data = json.load(f)
|
|
194
201
|
data[0]["MD5Sum"] = md5_sum
|
|
@@ -217,9 +224,10 @@ class FlowAnalyzer:
|
|
|
217
224
|
raise FileNotFoundError("您的填写的流量包没有找到!流量包路径:%s" % file_path)
|
|
218
225
|
|
|
219
226
|
md5_sum = FlowAnalyzer.get_hash(file_path, display_filter)
|
|
227
|
+
logger.debug(f"md5校验值: {md5_sum}")
|
|
228
|
+
|
|
220
229
|
work_dir = os.getcwd()
|
|
221
|
-
|
|
222
|
-
tshark_json_path = os.path.join(tshark_work_dir, "output.json")
|
|
230
|
+
tshark_command_work_dir = os.path.dirname(os.path.abspath(file_path))
|
|
223
231
|
json_work_path = os.path.join(work_dir, "output.json")
|
|
224
232
|
file_name = os.path.basename(file_path)
|
|
225
233
|
|
|
@@ -228,14 +236,14 @@ class FlowAnalyzer:
|
|
|
228
236
|
with open(json_work_path, "r", encoding="utf-8") as f:
|
|
229
237
|
data = json.load(f)
|
|
230
238
|
if data[0].get("MD5Sum") == md5_sum:
|
|
231
|
-
logger.debug("匹配
|
|
239
|
+
logger.debug("匹配md5校验无误,自动返回Json文件路径!")
|
|
232
240
|
return json_work_path
|
|
233
241
|
except Exception:
|
|
234
242
|
logger.debug("默认的Json文件无法被正常解析, 正在重新生成Json文件中")
|
|
235
|
-
|
|
243
|
+
|
|
236
244
|
tshark_path = FlowAnalyzer.get_tshark_path(tshark_path)
|
|
237
|
-
FlowAnalyzer.extract_json_file(file_name, display_filter,
|
|
238
|
-
FlowAnalyzer.
|
|
245
|
+
FlowAnalyzer.extract_json_file(file_name, display_filter, tshark_path, tshark_command_work_dir, json_work_path)
|
|
246
|
+
FlowAnalyzer.add_md5sum(json_work_path, md5_sum)
|
|
239
247
|
return json_work_path
|
|
240
248
|
|
|
241
249
|
@staticmethod
|
|
@@ -243,6 +251,8 @@ class FlowAnalyzer:
|
|
|
243
251
|
default_tshark_path = get_default_tshark_path()
|
|
244
252
|
if not os.path.exists(default_tshark_path):
|
|
245
253
|
logger.debug("没有检测到tshark存在, 请查看并检查tshark_path")
|
|
254
|
+
else:
|
|
255
|
+
logger.debug("检测到默认tshark存在!")
|
|
246
256
|
|
|
247
257
|
if tshark_path is None:
|
|
248
258
|
logger.debug("您没有传入tshark_path, 请传入tshark_path")
|
|
@@ -319,6 +329,6 @@ class FlowAnalyzer:
|
|
|
319
329
|
file_data = self.dechunck_http_response(file_data)
|
|
320
330
|
|
|
321
331
|
with contextlib.suppress(Exception):
|
|
322
|
-
if file_data.startswith(b"\
|
|
332
|
+
if file_data.startswith(b"\x1f\x8b"):
|
|
323
333
|
file_data = gzip.decompress(file_data)
|
|
324
334
|
return header, file_data
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: FlowAnalyzer
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.4.0
|
|
4
4
|
Summary: FlowAnalyzer是一个流量分析器,用于解析和处理tshark导出的JSON数据文件
|
|
5
5
|
Home-page: https://github.com/Byxs20/FlowAnalyzer
|
|
6
6
|
Author: Byxs20
|
|
@@ -52,7 +52,7 @@ tshark_path = r"C:\Program Files\Wireshark\tshark.exe"
|
|
|
52
52
|
```
|
|
53
53
|
$ git clone https://github.com/Byxs20/FlowAnalyzer.git
|
|
54
54
|
$ cd ./FlowAnalyzer/
|
|
55
|
-
$ python
|
|
55
|
+
$ python tests\demo.py
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
运行结果:
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
FlowAnalyzer/FlowAnalyzer.py,sha256=kMjeMp8tylou_0wk-jC_9yYRFdYlFM9wYyb15jy9blA,12259
|
|
2
|
+
FlowAnalyzer/Path.py,sha256=E5VvucTftp8VTQUffFzFWHotQEYtZL-j7IQPOaleiug,130
|
|
3
|
+
FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
|
|
4
|
+
FlowAnalyzer/logging_config.py,sha256=-RntNJhrBiW7ToXIP1WJjZ4Yf9jmZQ1PTX_er3tDxhw,730
|
|
5
|
+
FlowAnalyzer-0.4.0.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
|
|
6
|
+
FlowAnalyzer-0.4.0.dist-info/METADATA,sha256=iS4ByUDWmq8kyqu5sgbLc1AXXgKOg4qA7jBo-wna8_0,1956
|
|
7
|
+
FlowAnalyzer-0.4.0.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
|
|
8
|
+
FlowAnalyzer-0.4.0.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
|
|
9
|
+
FlowAnalyzer-0.4.0.dist-info/RECORD,,
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
FlowAnalyzer/FlowAnalyzer.py,sha256=AV1AGAQqJsniHvnhzXhNRg4F__sAsl6MIwqW8BGdxSI,12163
|
|
2
|
-
FlowAnalyzer/Path.py,sha256=E5VvucTftp8VTQUffFzFWHotQEYtZL-j7IQPOaleiug,130
|
|
3
|
-
FlowAnalyzer/__init__.py,sha256=vfiHONPTrvjUU3MwhjFOEo3sWfzlhkA6gOLn_4UJ7sg,70
|
|
4
|
-
FlowAnalyzer/logging_config.py,sha256=-RntNJhrBiW7ToXIP1WJjZ4Yf9jmZQ1PTX_er3tDxhw,730
|
|
5
|
-
FlowAnalyzer-0.3.8.dist-info/LICENSE,sha256=ybAV0ECduYBZCpjkHyNALVWRRmT_eM0BDgqUszhwEFU,1080
|
|
6
|
-
FlowAnalyzer-0.3.8.dist-info/METADATA,sha256=Jz4mmDZwGJscF_DsxRbHniPpg5HUb3ZmbmK4BpoikEE,1956
|
|
7
|
-
FlowAnalyzer-0.3.8.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
|
|
8
|
-
FlowAnalyzer-0.3.8.dist-info/top_level.txt,sha256=2MtvAF6dEe_eHipw_6G5pFLb2uOCbGnlH0bC4iBtm5A,13
|
|
9
|
-
FlowAnalyzer-0.3.8.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|