xbase-util 0.7.3__tar.gz → 0.7.4__tar.gz
Sign up to get free protection for your applications and to get access to all the features.
- {xbase_util-0.7.3 → xbase_util-0.7.4}/PKG-INFO +1 -1
- {xbase_util-0.7.3 → xbase_util-0.7.4}/setup.py +1 -1
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/packet_util.py +2 -33
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/segment.py +6 -4
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.7.3 → xbase_util-0.7.4}/README.md +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/setup.cfg +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/__init__.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/esreq.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.7.3 → xbase_util-0.7.4}/xbase_util_assets/arkimeparse.js +0 -0
|
@@ -70,37 +70,6 @@ http_req_method = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]*
|
|
|
70
70
|
http_req_path = re.compile(r"(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH)\s+(\/[^\s]*)\s+HTTP\/\d\.\d")
|
|
71
71
|
res_status_code_pattern = re.compile(r"HTTP\/\d\.\d\s+(\d{3})\s+.*")
|
|
72
72
|
|
|
73
|
-
|
|
74
|
-
# def get_all_packets_by_reg(packets):
|
|
75
|
-
# http_Req_Raw = {}
|
|
76
|
-
# http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
|
|
77
|
-
# for packet in packets:
|
|
78
|
-
# if TCP in packet and Raw in packet:
|
|
79
|
-
# data = packet[Raw].load
|
|
80
|
-
# ack = packet[TCP].ack
|
|
81
|
-
# next_ack = packet[TCP].seq + len(data)
|
|
82
|
-
# if ack not in http_Req_Raw:
|
|
83
|
-
# http_Req_Raw[ack] = {"time": [float(packet.time)], "data": data, "next_ack": next_ack}
|
|
84
|
-
# else:
|
|
85
|
-
# http_Req_Raw[ack]["time"].append(float(packet.time))
|
|
86
|
-
# http_Req_Raw[ack]["data"] += data
|
|
87
|
-
# http_Req_Raw[ack]["next_ack"] = next_ack
|
|
88
|
-
# packet_list = [
|
|
89
|
-
# {
|
|
90
|
-
# 'req_data': item['data'],
|
|
91
|
-
# 'res_data': http_Req_Raw[item['next_ack']]['data'],
|
|
92
|
-
# 'req_text': filter_visible_chars(item['data']),
|
|
93
|
-
# 'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
|
|
94
|
-
# 'req_time': item['time'],
|
|
95
|
-
# 'res_time': http_Req_Raw[item['next_ack']]['time']
|
|
96
|
-
# }
|
|
97
|
-
# for ack, item in http_Req_Raw.items()
|
|
98
|
-
# if item['next_ack'] in http_Req_Raw # 检查 next_ack 是否存在
|
|
99
|
-
# and any(method in filter_visible_chars(item['data']) for method in http_methods)
|
|
100
|
-
# ]
|
|
101
|
-
# return packet_list
|
|
102
|
-
|
|
103
|
-
|
|
104
73
|
def get_header_value(header_set, value):
|
|
105
74
|
result = [item for item in header_set if value in item]
|
|
106
75
|
if len(result) != 0:
|
|
@@ -139,9 +108,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
|
|
|
139
108
|
res_field['plain_body_src'] = ""
|
|
140
109
|
res_field['plain_body_dst'] = ""
|
|
141
110
|
if content_type_is_plain(req_header):
|
|
142
|
-
res_field['plain_body_src'] =
|
|
111
|
+
res_field['plain_body_src'] = req_body
|
|
143
112
|
if content_type_is_plain(res_header):
|
|
144
|
-
res_field['plain_body_dst'] =
|
|
113
|
+
res_field['plain_body_dst'] = res_body
|
|
145
114
|
|
|
146
115
|
http_server_version_res = http_version.findall(res_header)
|
|
147
116
|
res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
|
|
@@ -8,6 +8,8 @@ import numpy as np
|
|
|
8
8
|
from scapy.all import *
|
|
9
9
|
from scapy.layers.inet import TCP
|
|
10
10
|
|
|
11
|
+
from xbase_util.packet_util import filter_visible_chars
|
|
12
|
+
|
|
11
13
|
REQUEST_LINE_RE = re.compile(rb"^(GET|POST|PUT|DELETE|OPTIONS|HEAD|PATCH)\s[^\r\n]+\r\n", re.MULTILINE)
|
|
12
14
|
RESPONSE_LINE_RE = re.compile(rb"^HTTP/\d\.\d\s+\d{3}\s?[^\r\n]*", re.IGNORECASE)
|
|
13
15
|
|
|
@@ -104,13 +106,13 @@ def parse_req_or_res(data, pkts):
|
|
|
104
106
|
|
|
105
107
|
decompressed = gzip.decompress(result_body)
|
|
106
108
|
result_body_str = "\n".join(
|
|
107
|
-
[line.strip() for line in decompressed
|
|
109
|
+
[line.strip() for line in filter_visible_chars(decompressed).splitlines() if
|
|
108
110
|
line.strip() != ""])
|
|
109
111
|
except Exception as e:
|
|
110
|
-
result_body_str = result_body
|
|
112
|
+
result_body_str = filter_visible_chars(result_body)
|
|
111
113
|
else:
|
|
112
|
-
result_body_str = result_body
|
|
113
|
-
return header
|
|
114
|
+
result_body_str = filter_visible_chars(result_body)
|
|
115
|
+
return filter_visible_chars(header), result_body_str, [float(pkt.time) for pkt in pkts]
|
|
114
116
|
|
|
115
117
|
|
|
116
118
|
def get_all_packets_by_segment(packets):
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|