xbase-util 0.7.2__tar.gz → 0.7.3__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {xbase_util-0.7.2 → xbase_util-0.7.3}/PKG-INFO +1 -1
- {xbase_util-0.7.2 → xbase_util-0.7.3}/setup.py +1 -1
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/packet_util.py +2 -2
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/segment.py +8 -3
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.7.2 → xbase_util-0.7.3}/README.md +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/setup.cfg +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/__init__.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/esreq.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.7.2 → xbase_util-0.7.3}/xbase_util_assets/arkimeparse.js +0 -0
@@ -139,9 +139,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
|
|
139
139
|
res_field['plain_body_src'] = ""
|
140
140
|
res_field['plain_body_dst'] = ""
|
141
141
|
if content_type_is_plain(req_header):
|
142
|
-
res_field['plain_body_src'] = f
|
142
|
+
res_field['plain_body_src'] = filter_visible_chars(f'{req_body}')
|
143
143
|
if content_type_is_plain(res_header):
|
144
|
-
res_field['plain_body_dst'] = f
|
144
|
+
res_field['plain_body_dst'] = filter_visible_chars(f'{res_body}')
|
145
145
|
|
146
146
|
http_server_version_res = http_version.findall(res_header)
|
147
147
|
res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
|
@@ -1,5 +1,8 @@
|
|
1
1
|
import copy
|
2
|
+
import gzip
|
2
3
|
import re
|
4
|
+
import zlib
|
5
|
+
from io import BytesIO
|
3
6
|
|
4
7
|
import numpy as np
|
5
8
|
from scapy.all import *
|
@@ -50,7 +53,8 @@ def read_packets(packets):
|
|
50
53
|
tmp_packets.clear()
|
51
54
|
return packet_list
|
52
55
|
|
53
|
-
|
56
|
+
pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
|
57
|
+
pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
|
54
58
|
def parse_req_or_res(data, pkts):
|
55
59
|
if data.find(b"\r\n\r\n") != -1:
|
56
60
|
res = data.split(b"\r\n\r\n", 1)
|
@@ -59,8 +63,6 @@ def parse_req_or_res(data, pkts):
|
|
59
63
|
else:
|
60
64
|
header = data
|
61
65
|
body = b''
|
62
|
-
pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
|
63
|
-
pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
|
64
66
|
chuncked_pattern = pattern_chuncked.search(header)
|
65
67
|
gzip_pattern = pattern_gzip.search(header)
|
66
68
|
if chuncked_pattern and b'chunked' in chuncked_pattern.group():
|
@@ -99,6 +101,7 @@ def parse_req_or_res(data, pkts):
|
|
99
101
|
result_body = body
|
100
102
|
if gzip_pattern and b'gzip' in gzip_pattern.group():
|
101
103
|
try:
|
104
|
+
|
102
105
|
decompressed = gzip.decompress(result_body)
|
103
106
|
result_body_str = "\n".join(
|
104
107
|
[line.strip() for line in decompressed.decode("utf-8", errors="replace").splitlines() if
|
@@ -126,6 +129,8 @@ def get_all_packets_by_segment(packets):
|
|
126
129
|
response = [item for item in response_packets if item['first_seq'] == ack]
|
127
130
|
# print(f"找到对应的响应:{len(response)}")
|
128
131
|
# print(f"请求:{request['data'].decode('utf-8', errors='replace')}")
|
132
|
+
# gzip.decompress(response[0]['data'].split(b'\r\n\r\n')[1])
|
133
|
+
# decompressed_data = zlib.decompress((response[0]['data'].split(b'\r\n\r\n')[1])[10:], wbits=zlib.MAX_WBITS | 16)
|
129
134
|
if len(response) > 0:
|
130
135
|
res_header, res_body, res_times = parse_req_or_res(response[0]['data'], response[0]['pkts'])
|
131
136
|
req_header, req_body, req_times = parse_req_or_res(request['data'], request['pkts'])
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|