xbase-util 0.4.8__tar.gz → 0.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {xbase_util-0.4.8 → xbase_util-0.5.0}/PKG-INFO +1 -1
- {xbase_util-0.4.8 → xbase_util-0.5.0}/setup.py +1 -1
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/packet_util.py +11 -11
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.4.8 → xbase_util-0.5.0}/README.md +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/setup.cfg +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/__init__.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/esreq.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util_assets/arkimeparse.js +0 -0
@@ -59,12 +59,10 @@ def get_all_columns(
|
|
59
59
|
|
60
60
|
|
61
61
|
def get_all_packets_by_reg(packets):
|
62
|
-
req_pattern = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?\r\n\r\n",
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
re.DOTALL)
|
67
|
-
res_pattern = re.compile(r"HTTP/\d\.\d \d{3} [a-zA-Z]+.*", re.DOTALL)
|
62
|
+
req_pattern = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?\r\n\r\n",re.DOTALL)
|
63
|
+
req_body_pattern = re.compile(
|
64
|
+
r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?(?=HTTP/\d\.\d)",re.DOTALL)
|
65
|
+
res_pattern = re.compile(r"HTTP/\d\.\d \d{3}.*",re.DOTALL)
|
68
66
|
tcp_packet_map = {}
|
69
67
|
for packet in packets:
|
70
68
|
if packet.haslayer(TCP) and packet.haslayer(Raw):
|
@@ -97,6 +95,7 @@ def get_all_packets_by_reg(packets):
|
|
97
95
|
next_ack = f"{data_set['last_len'] + data_set['last_seq']}"
|
98
96
|
packet_data = data_set['data']
|
99
97
|
request_time = data_set['time']
|
98
|
+
response_time=[]
|
100
99
|
req_len = len(packet_data)
|
101
100
|
res_len = 0
|
102
101
|
while True:
|
@@ -107,36 +106,37 @@ def get_all_packets_by_reg(packets):
|
|
107
106
|
break
|
108
107
|
new_packet = tcp_packet_map[next_ack]
|
109
108
|
# 判断新的包是不是响应包
|
110
|
-
|
111
109
|
res_match = re.search(res_pattern, filter_visible_chars(new_packet['data']))
|
112
110
|
if res_match is None:
|
113
111
|
req_len += len(new_packet['data'])
|
112
|
+
request_time += new_packet['time']
|
114
113
|
else:
|
115
114
|
print("匹配到响应")
|
116
115
|
res_len += len(new_packet['data'])
|
116
|
+
response_time += new_packet['time']
|
117
|
+
|
117
118
|
# 判断新的包是不是第二个请求包
|
118
119
|
if re.search(req_pattern, new_packet['data'].decode("utf-8", errors="ignore")):
|
119
120
|
print("这个包是个新的请求包的开头,停止查找")
|
120
121
|
break
|
121
122
|
packet_data += new_packet['data']
|
122
|
-
request_time += new_packet['time']
|
123
123
|
next_ack = f"{new_packet['last_len'] + new_packet['last_seq']}"
|
124
124
|
map = {}
|
125
125
|
data = filter_visible_chars(packet_data)
|
126
126
|
match_req = re.search(
|
127
|
-
|
127
|
+
req_body_pattern,
|
128
128
|
data)
|
129
129
|
match_res = re.search(res_pattern, data)
|
130
130
|
map['data'] = packet_data
|
131
131
|
map['req_len'] = req_len
|
132
132
|
map['res_len'] = res_len
|
133
|
-
map['
|
133
|
+
map['request_time'] = request_time
|
134
|
+
map['response_time'] = response_time
|
134
135
|
map['req'] = match_req.group() if match_req is not None else ""
|
135
136
|
map['res'] = match_res.group() if match_res is not None else ""
|
136
137
|
packet_list.append(map)
|
137
138
|
return packet_list
|
138
139
|
|
139
|
-
|
140
140
|
def get_body(param):
|
141
141
|
body = "".join([item.strip() for item in param.split("\r\n\r\n") if item.strip() != "" and "HTTP/" not in param])
|
142
142
|
return "" if body is None else body
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|