xbase-util 0.7.2__tar.gz → 0.7.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. {xbase_util-0.7.2 → xbase_util-0.7.3}/PKG-INFO +1 -1
  2. {xbase_util-0.7.2 → xbase_util-0.7.3}/setup.py +1 -1
  3. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/packet_util.py +2 -2
  4. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/segment.py +8 -3
  5. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/PKG-INFO +1 -1
  6. {xbase_util-0.7.2 → xbase_util-0.7.3}/README.md +0 -0
  7. {xbase_util-0.7.2 → xbase_util-0.7.3}/setup.cfg +0 -0
  8. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/__init__.py +0 -0
  9. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/add_column_util.py +0 -0
  10. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/dangerous_util.py +0 -0
  11. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/__init__.py +0 -0
  12. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/ConfigBean.py +0 -0
  13. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
  14. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/FlowBean.py +0 -0
  15. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
  16. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/__init__.py +0 -0
  17. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/ConfigDao.py +0 -0
  18. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
  19. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/FlowDao.py +0 -0
  20. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
  21. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/__init__.py +0 -0
  22. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/initsqlite3.py +0 -0
  23. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/es_db_util.py +0 -0
  24. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/esreq.py +0 -0
  25. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/geo_util.py +0 -0
  26. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/handle_features_util.py +0 -0
  27. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/pcap_util.py +0 -0
  28. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/xbase_constant.py +0 -0
  29. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/xbase_util.py +0 -0
  30. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/SOURCES.txt +0 -0
  31. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/dependency_links.txt +0 -0
  32. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/not-zip-safe +0 -0
  33. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/top_level.txt +0 -0
  34. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  35. {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util_assets/arkimeparse.js +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.7.2
3
+ Version: 0.7.3
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.7.2",
6
+ version="0.7.3",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
@@ -139,9 +139,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
139
139
  res_field['plain_body_src'] = ""
140
140
  res_field['plain_body_dst'] = ""
141
141
  if content_type_is_plain(req_header):
142
- res_field['plain_body_src'] = f"{req_body}"
142
+ res_field['plain_body_src'] = filter_visible_chars(f'{req_body}')
143
143
  if content_type_is_plain(res_header):
144
- res_field['plain_body_dst'] = f"{res_body}"
144
+ res_field['plain_body_dst'] = filter_visible_chars(f'{res_body}')
145
145
 
146
146
  http_server_version_res = http_version.findall(res_header)
147
147
  res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
@@ -1,5 +1,8 @@
1
1
  import copy
2
+ import gzip
2
3
  import re
4
+ import zlib
5
+ from io import BytesIO
3
6
 
4
7
  import numpy as np
5
8
  from scapy.all import *
@@ -50,7 +53,8 @@ def read_packets(packets):
50
53
  tmp_packets.clear()
51
54
  return packet_list
52
55
 
53
-
56
+ pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
57
+ pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
54
58
  def parse_req_or_res(data, pkts):
55
59
  if data.find(b"\r\n\r\n") != -1:
56
60
  res = data.split(b"\r\n\r\n", 1)
@@ -59,8 +63,6 @@ def parse_req_or_res(data, pkts):
59
63
  else:
60
64
  header = data
61
65
  body = b''
62
- pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
63
- pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
64
66
  chuncked_pattern = pattern_chuncked.search(header)
65
67
  gzip_pattern = pattern_gzip.search(header)
66
68
  if chuncked_pattern and b'chunked' in chuncked_pattern.group():
@@ -99,6 +101,7 @@ def parse_req_or_res(data, pkts):
99
101
  result_body = body
100
102
  if gzip_pattern and b'gzip' in gzip_pattern.group():
101
103
  try:
104
+
102
105
  decompressed = gzip.decompress(result_body)
103
106
  result_body_str = "\n".join(
104
107
  [line.strip() for line in decompressed.decode("utf-8", errors="replace").splitlines() if
@@ -126,6 +129,8 @@ def get_all_packets_by_segment(packets):
126
129
  response = [item for item in response_packets if item['first_seq'] == ack]
127
130
  # print(f"找到对应的响应:{len(response)}")
128
131
  # print(f"请求:{request['data'].decode('utf-8', errors='replace')}")
132
+ # gzip.decompress(response[0]['data'].split(b'\r\n\r\n')[1])
133
+ # decompressed_data = zlib.decompress((response[0]['data'].split(b'\r\n\r\n')[1])[10:], wbits=zlib.MAX_WBITS | 16)
129
134
  if len(response) > 0:
130
135
  res_header, res_body, res_times = parse_req_or_res(response[0]['data'], response[0]['pkts'])
131
136
  req_header, req_body, req_times = parse_req_or_res(request['data'], request['pkts'])
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.7.2
3
+ Version: 0.7.3
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
File without changes
File without changes