PyPI - xbase-util - Versions diffs - 0.5.1__tar.gz → 0.5.3__tar.gz - Mend

xbase-util 0.5.1tar.gz → 0.5.3tar.gz

Files changed (34) hide show

{xbase_util-0.5.1 → xbase_util-0.5.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase_util
-Version: 0.5.1
+Version: 0.5.3
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.5.1 → xbase_util-0.5.3}/setup.py RENAMED Viewed

@@ -3,7 +3,7 @@ from distutils.core import setup
 from setuptools import find_packages
 setup(name="xbase_util",
-      version="0.5.1",
+      version="0.5.3",
       description="网络安全基础工具",
       long_description="包含提取，预测，训练的基础工具",
       author="xyt",

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/packet_util.py RENAMED Viewed

@@ -66,57 +66,84 @@ req_body_pattern = re.compile(
 def get_all_packets_by_reg(packets):
-    packets = [packet for packet in packets if packet.haslayer(TCP) and packet.haslayer(IP) and packet.haslayer(Raw)]
-    packet_list = []
-    my_map = {
-        'req_data': b'',
-        'res_data': b'',
-        'req_text': '',
-        'res_text': '',
-        'req_time': [],
-        'res_time': []
-    }
-    last_is_req = None
-    for item in packets:
-        data = item[Raw].load
-        time = item.time
-        req_match = req_pattern.search(filter_visible_chars(data))
-        res_match = res_pattern.search(filter_visible_chars(data))
-        if req_match is not None or res_match is not None:
-            if req_match:
-                # 新的请求：请求时间不为空或者响应时间不为空，说明不为空，添加到列表并清空数据
-                if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
-                    packet_list.append(my_map.copy())
-                my_map = {
-                    'req_data': data,
-                    'res_data': b'',
-                    'req_text': filter_visible_chars(data),
-                    'res_text': '',
-                    'req_time': [time],
-                    'res_time': []
-                }
-                last_is_req = True
-            if res_match:
-                my_map['res_data'] += data
-                my_map['res_text'] = filter_visible_chars(my_map['res_data'])
-                my_map['res_time'].append(time)
-                last_is_req = False
-        else:
-            # 不是请求不是相应，就是中间的包
-            if last_is_req is None:
-                # 一开始就没匹配到请求或者响应头，那就不管即使是中间的包
-                continue
-            if last_is_req is True:
-                my_map['req_time'].append(time)
-                my_map['req_data'] += data
-                my_map['req_text'] = filter_visible_chars(my_map['req_data'])
-            elif last_is_req is False:
-                my_map['res_time'].append(time)
-                my_map['res_data'] += data
-                my_map['res_text'] = filter_visible_chars(my_map['res_data'])
-    if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
-        packet_list.append(my_map.copy())
+    http_Req_Raw = {}
+    http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
+    for packet in packets:
+        if TCP in packet and Raw in packet:
+            data = packet[Raw].load
+            ack = packet[TCP].ack
+            next_ack = packet[TCP].seq + len(data)
+            if ack not in http_Req_Raw:
+                http_Req_Raw[ack] = {"time": [packet.time], "data": data, "next_ack": next_ack}
+            else:
+                http_Req_Raw[ack]["time"].append(packet.time)
+                http_Req_Raw[ack]["data"] += data
+                http_Req_Raw[ack]["next_ack"] = next_ack
+    packet_list = [
+        {
+            'req_data': item['data'],
+            'res_data': http_Req_Raw[item['next_ack']]['data'],
+            'req_text': filter_visible_chars(item['data']),
+            'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
+            'req_time': item['time'],
+            'res_time': http_Req_Raw[item['next_ack']]['time']
+        }
+        for ack, item in http_Req_Raw.items()
+        if any(method in filter_visible_chars(item['data']) for method in http_methods)
+    ]
     return packet_list
+# def get_all_packets_by_reg(packets):
+#     packets = [packet for packet in packets if packet.haslayer(TCP) and packet.haslayer(IP) and packet.haslayer(Raw)]
+#     packet_list = []
+#     my_map = {
+#         'req_data': b'',
+#         'res_data': b'',
+#         'req_text': '',
+#         'res_text': '',
+#         'req_time': [],
+#         'res_time': []
+#     }
+#     last_is_req = None
+#     for item in packets:
+#         data = item[Raw].load
+#         time = float(item.time)
+#         req_match = req_pattern.search(filter_visible_chars(data))
+#         res_match = res_pattern.search(filter_visible_chars(data))
+#         if req_match is not None or res_match is not None:
+#             if req_match:
+#                 # 新的请求：请求时间不为空或者响应时间不为空，说明不为空，添加到列表并清空数据
+#                 if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
+#                     packet_list.append(my_map.copy())
+#                 my_map = {
+#                     'req_data': data,
+#                     'res_data': b'',
+#                     'req_text': filter_visible_chars(data),
+#                     'res_text': '',
+#                     'req_time': [time],
+#                     'res_time': []
+#                 }
+#                 last_is_req = True
+#             if res_match:
+#                 my_map['res_data'] += data
+#                 my_map['res_text'] = filter_visible_chars(my_map['res_data'])
+#                 my_map['res_time'].append(time)
+#                 last_is_req = False
+#         else:
+#             # 不是请求不是相应，就是中间的包
+#             if last_is_req is None:
+#                 # 一开始就没匹配到请求或者响应头，那就不管即使是中间的包
+#                 continue
+#             if last_is_req is True:
+#                 my_map['req_time'].append(time)
+#                 my_map['req_data'] += data
+#                 my_map['req_text'] = filter_visible_chars(my_map['req_data'])
+#             elif last_is_req is False:
+#                 my_map['res_time'].append(time)
+#                 my_map['res_data'] += data
+#                 my_map['res_text'] = filter_visible_chars(my_map['res_data'])
+#     if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
+#         packet_list.append(my_map.copy())
+#     return packet_list
 def get_body(param):

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase-util
-Version: 0.5.1
+Version: 0.5.3
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.5.1 → xbase_util-0.5.3}/README.md RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/setup.cfg RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/add_column_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/dangerous_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/bean/ConfigBean.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/bean/CurrentConfigBean.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/bean/FlowBean.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/bean/TaskTemplateBean.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/bean/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/dao/ConfigDao.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/dao/CurrentConfigDao.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/dao/FlowDao.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/dao/TaskTemplateDao.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/dao/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/db/initsqlite3.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/es_db_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/esreq.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/geo_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/handle_features_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/pcap_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/xbase_constant.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util/xbase_util.py RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util.egg-info/not-zip-safe RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util.egg-info/top_level.txt RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util_assets/GeoLite2-City.mmdb RENAMED Viewed

File without changes

{xbase_util-0.5.1 → xbase_util-0.5.3}/xbase_util_assets/arkimeparse.js RENAMED Viewed

File without changes

xbase-util 0.5.1__tar.gz → 0.5.3__tar.gz

xbase-util 0.5.1tar.gz → 0.5.3tar.gz