xbase-util 0.4.9__tar.gz → 0.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {xbase_util-0.4.9 → xbase_util-0.5.0}/PKG-INFO +1 -1
- {xbase_util-0.4.9 → xbase_util-0.5.0}/setup.py +1 -1
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/packet_util.py +4 -6
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.4.9 → xbase_util-0.5.0}/README.md +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/setup.cfg +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/__init__.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/esreq.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.4.9 → xbase_util-0.5.0}/xbase_util_assets/arkimeparse.js +0 -0
|
@@ -60,9 +60,9 @@ def get_all_columns(
|
|
|
60
60
|
|
|
61
61
|
def get_all_packets_by_reg(packets):
|
|
62
62
|
req_pattern = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?\r\n\r\n",re.DOTALL)
|
|
63
|
-
|
|
64
|
-
r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?(?=HTTP/\d\.\d
|
|
65
|
-
res_pattern = re.compile(r"HTTP/\d\.\d \d{3}
|
|
63
|
+
req_body_pattern = re.compile(
|
|
64
|
+
r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?(?=HTTP/\d\.\d)",re.DOTALL)
|
|
65
|
+
res_pattern = re.compile(r"HTTP/\d\.\d \d{3}.*",re.DOTALL)
|
|
66
66
|
tcp_packet_map = {}
|
|
67
67
|
for packet in packets:
|
|
68
68
|
if packet.haslayer(TCP) and packet.haslayer(Raw):
|
|
@@ -106,7 +106,6 @@ def get_all_packets_by_reg(packets):
|
|
|
106
106
|
break
|
|
107
107
|
new_packet = tcp_packet_map[next_ack]
|
|
108
108
|
# 判断新的包是不是响应包
|
|
109
|
-
|
|
110
109
|
res_match = re.search(res_pattern, filter_visible_chars(new_packet['data']))
|
|
111
110
|
if res_match is None:
|
|
112
111
|
req_len += len(new_packet['data'])
|
|
@@ -121,12 +120,11 @@ def get_all_packets_by_reg(packets):
|
|
|
121
120
|
print("这个包是个新的请求包的开头,停止查找")
|
|
122
121
|
break
|
|
123
122
|
packet_data += new_packet['data']
|
|
124
|
-
# request_time += new_packet['time']
|
|
125
123
|
next_ack = f"{new_packet['last_len'] + new_packet['last_seq']}"
|
|
126
124
|
map = {}
|
|
127
125
|
data = filter_visible_chars(packet_data)
|
|
128
126
|
match_req = re.search(
|
|
129
|
-
|
|
127
|
+
req_body_pattern,
|
|
130
128
|
data)
|
|
131
129
|
match_res = re.search(res_pattern, data)
|
|
132
130
|
map['data'] = packet_data
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|