xbase-util 0.5.2__tar.gz → 0.5.3__tar.gz
Sign up to get free protection for your applications and to get access to all the features.
- {xbase_util-0.5.2 → xbase_util-0.5.3}/PKG-INFO +1 -1
- {xbase_util-0.5.2 → xbase_util-0.5.3}/setup.py +1 -1
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/packet_util.py +77 -50
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.5.2 → xbase_util-0.5.3}/README.md +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/setup.cfg +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/__init__.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/esreq.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util_assets/arkimeparse.js +0 -0
@@ -66,57 +66,84 @@ req_body_pattern = re.compile(
|
|
66
66
|
|
67
67
|
|
68
68
|
def get_all_packets_by_reg(packets):
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
'res_text': '',
|
95
|
-
'req_time': [time],
|
96
|
-
'res_time': []
|
97
|
-
}
|
98
|
-
last_is_req = True
|
99
|
-
if res_match:
|
100
|
-
my_map['res_data'] += data
|
101
|
-
my_map['res_text'] = filter_visible_chars(my_map['res_data'])
|
102
|
-
my_map['res_time'].append(time)
|
103
|
-
last_is_req = False
|
104
|
-
else:
|
105
|
-
# 不是请求不是相应,就是中间的包
|
106
|
-
if last_is_req is None:
|
107
|
-
# 一开始就没匹配到请求或者响应头,那就不管即使是中间的包
|
108
|
-
continue
|
109
|
-
if last_is_req is True:
|
110
|
-
my_map['req_time'].append(time)
|
111
|
-
my_map['req_data'] += data
|
112
|
-
my_map['req_text'] = filter_visible_chars(my_map['req_data'])
|
113
|
-
elif last_is_req is False:
|
114
|
-
my_map['res_time'].append(time)
|
115
|
-
my_map['res_data'] += data
|
116
|
-
my_map['res_text'] = filter_visible_chars(my_map['res_data'])
|
117
|
-
if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
|
118
|
-
packet_list.append(my_map.copy())
|
69
|
+
http_Req_Raw = {}
|
70
|
+
http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
|
71
|
+
for packet in packets:
|
72
|
+
if TCP in packet and Raw in packet:
|
73
|
+
data = packet[Raw].load
|
74
|
+
ack = packet[TCP].ack
|
75
|
+
next_ack = packet[TCP].seq + len(data)
|
76
|
+
if ack not in http_Req_Raw:
|
77
|
+
http_Req_Raw[ack] = {"time": [packet.time], "data": data, "next_ack": next_ack}
|
78
|
+
else:
|
79
|
+
http_Req_Raw[ack]["time"].append(packet.time)
|
80
|
+
http_Req_Raw[ack]["data"] += data
|
81
|
+
http_Req_Raw[ack]["next_ack"] = next_ack
|
82
|
+
packet_list = [
|
83
|
+
{
|
84
|
+
'req_data': item['data'],
|
85
|
+
'res_data': http_Req_Raw[item['next_ack']]['data'],
|
86
|
+
'req_text': filter_visible_chars(item['data']),
|
87
|
+
'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
|
88
|
+
'req_time': item['time'],
|
89
|
+
'res_time': http_Req_Raw[item['next_ack']]['time']
|
90
|
+
}
|
91
|
+
for ack, item in http_Req_Raw.items()
|
92
|
+
if any(method in filter_visible_chars(item['data']) for method in http_methods)
|
93
|
+
]
|
119
94
|
return packet_list
|
95
|
+
# def get_all_packets_by_reg(packets):
|
96
|
+
# packets = [packet for packet in packets if packet.haslayer(TCP) and packet.haslayer(IP) and packet.haslayer(Raw)]
|
97
|
+
# packet_list = []
|
98
|
+
# my_map = {
|
99
|
+
# 'req_data': b'',
|
100
|
+
# 'res_data': b'',
|
101
|
+
# 'req_text': '',
|
102
|
+
# 'res_text': '',
|
103
|
+
# 'req_time': [],
|
104
|
+
# 'res_time': []
|
105
|
+
# }
|
106
|
+
# last_is_req = None
|
107
|
+
# for item in packets:
|
108
|
+
# data = item[Raw].load
|
109
|
+
# time = float(item.time)
|
110
|
+
# req_match = req_pattern.search(filter_visible_chars(data))
|
111
|
+
# res_match = res_pattern.search(filter_visible_chars(data))
|
112
|
+
# if req_match is not None or res_match is not None:
|
113
|
+
# if req_match:
|
114
|
+
# # 新的请求:请求时间不为空或者响应时间不为空,说明不为空,添加到列表并清空数据
|
115
|
+
# if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
|
116
|
+
# packet_list.append(my_map.copy())
|
117
|
+
# my_map = {
|
118
|
+
# 'req_data': data,
|
119
|
+
# 'res_data': b'',
|
120
|
+
# 'req_text': filter_visible_chars(data),
|
121
|
+
# 'res_text': '',
|
122
|
+
# 'req_time': [time],
|
123
|
+
# 'res_time': []
|
124
|
+
# }
|
125
|
+
# last_is_req = True
|
126
|
+
# if res_match:
|
127
|
+
# my_map['res_data'] += data
|
128
|
+
# my_map['res_text'] = filter_visible_chars(my_map['res_data'])
|
129
|
+
# my_map['res_time'].append(time)
|
130
|
+
# last_is_req = False
|
131
|
+
# else:
|
132
|
+
# # 不是请求不是相应,就是中间的包
|
133
|
+
# if last_is_req is None:
|
134
|
+
# # 一开始就没匹配到请求或者响应头,那就不管即使是中间的包
|
135
|
+
# continue
|
136
|
+
# if last_is_req is True:
|
137
|
+
# my_map['req_time'].append(time)
|
138
|
+
# my_map['req_data'] += data
|
139
|
+
# my_map['req_text'] = filter_visible_chars(my_map['req_data'])
|
140
|
+
# elif last_is_req is False:
|
141
|
+
# my_map['res_time'].append(time)
|
142
|
+
# my_map['res_data'] += data
|
143
|
+
# my_map['res_text'] = filter_visible_chars(my_map['res_data'])
|
144
|
+
# if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
|
145
|
+
# packet_list.append(my_map.copy())
|
146
|
+
# return packet_list
|
120
147
|
|
121
148
|
|
122
149
|
def get_body(param):
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|