xbase-util 0.7.1__tar.gz → 0.7.3__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {xbase_util-0.7.1 → xbase_util-0.7.3}/PKG-INFO +1 -1
- {xbase_util-0.7.1 → xbase_util-0.7.3}/setup.py +1 -1
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/packet_util.py +2 -3
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/segment.py +8 -3
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.7.1 → xbase_util-0.7.3}/README.md +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/setup.cfg +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/__init__.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/esreq.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.7.1 → xbase_util-0.7.3}/xbase_util_assets/arkimeparse.js +0 -0
|
@@ -22,7 +22,6 @@ def content_type_is_plain(packet):
|
|
|
22
22
|
if ":" not in item:
|
|
23
23
|
continue
|
|
24
24
|
content_type = item.split(":")[1].replace("\r", "").strip()
|
|
25
|
-
print(content_type)
|
|
26
25
|
return content_type in plain_content_type_columns
|
|
27
26
|
return False
|
|
28
27
|
|
|
@@ -140,9 +139,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
|
|
|
140
139
|
res_field['plain_body_src'] = ""
|
|
141
140
|
res_field['plain_body_dst'] = ""
|
|
142
141
|
if content_type_is_plain(req_header):
|
|
143
|
-
res_field['plain_body_src'] = f
|
|
142
|
+
res_field['plain_body_src'] = filter_visible_chars(f'{req_body}')
|
|
144
143
|
if content_type_is_plain(res_header):
|
|
145
|
-
res_field['plain_body_dst'] = f
|
|
144
|
+
res_field['plain_body_dst'] = filter_visible_chars(f'{res_body}')
|
|
146
145
|
|
|
147
146
|
http_server_version_res = http_version.findall(res_header)
|
|
148
147
|
res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
import copy
|
|
2
|
+
import gzip
|
|
2
3
|
import re
|
|
4
|
+
import zlib
|
|
5
|
+
from io import BytesIO
|
|
3
6
|
|
|
4
7
|
import numpy as np
|
|
5
8
|
from scapy.all import *
|
|
@@ -50,7 +53,8 @@ def read_packets(packets):
|
|
|
50
53
|
tmp_packets.clear()
|
|
51
54
|
return packet_list
|
|
52
55
|
|
|
53
|
-
|
|
56
|
+
pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
|
|
57
|
+
pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
|
|
54
58
|
def parse_req_or_res(data, pkts):
|
|
55
59
|
if data.find(b"\r\n\r\n") != -1:
|
|
56
60
|
res = data.split(b"\r\n\r\n", 1)
|
|
@@ -59,8 +63,6 @@ def parse_req_or_res(data, pkts):
|
|
|
59
63
|
else:
|
|
60
64
|
header = data
|
|
61
65
|
body = b''
|
|
62
|
-
pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
|
|
63
|
-
pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
|
|
64
66
|
chuncked_pattern = pattern_chuncked.search(header)
|
|
65
67
|
gzip_pattern = pattern_gzip.search(header)
|
|
66
68
|
if chuncked_pattern and b'chunked' in chuncked_pattern.group():
|
|
@@ -99,6 +101,7 @@ def parse_req_or_res(data, pkts):
|
|
|
99
101
|
result_body = body
|
|
100
102
|
if gzip_pattern and b'gzip' in gzip_pattern.group():
|
|
101
103
|
try:
|
|
104
|
+
|
|
102
105
|
decompressed = gzip.decompress(result_body)
|
|
103
106
|
result_body_str = "\n".join(
|
|
104
107
|
[line.strip() for line in decompressed.decode("utf-8", errors="replace").splitlines() if
|
|
@@ -126,6 +129,8 @@ def get_all_packets_by_segment(packets):
|
|
|
126
129
|
response = [item for item in response_packets if item['first_seq'] == ack]
|
|
127
130
|
# print(f"找到对应的响应:{len(response)}")
|
|
128
131
|
# print(f"请求:{request['data'].decode('utf-8', errors='replace')}")
|
|
132
|
+
# gzip.decompress(response[0]['data'].split(b'\r\n\r\n')[1])
|
|
133
|
+
# decompressed_data = zlib.decompress((response[0]['data'].split(b'\r\n\r\n')[1])[10:], wbits=zlib.MAX_WBITS | 16)
|
|
129
134
|
if len(response) > 0:
|
|
130
135
|
res_header, res_body, res_times = parse_req_or_res(response[0]['data'], response[0]['pkts'])
|
|
131
136
|
req_header, req_body, req_times = parse_req_or_res(request['data'], request['pkts'])
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|