xbase-util 0.8.9__tar.gz → 0.9.1__tar.gz

{xbase_util-0.8.9 → xbase_util-0.9.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase_util
-Version: 0.8.9
+Version: 0.9.1
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.8.9 → xbase_util-0.9.1}/setup.py

@@ -3,7 +3,7 @@ from distutils.core import setup
 from setuptools import find_packages
 
 setup(name="xbase_util",
-      version="0.8.9",
+      version="0.9.1",
       description="网络安全基础工具",
       long_description="包含提取，预测，训练的基础工具",
       author="xyt",

{xbase_util-0.8.9 → xbase_util-0.9.1}/xbase_util/common_util.py

@@ -3,6 +3,7 @@ import json
 import logging
 import os
 import re
+import traceback
 from collections import Counter
 from datetime import datetime
 from logging.handlers import TimedRotatingFileHandler
@@ -25,7 +26,7 @@ def filter_visible_chars(data):
     return ''.join(chr(b) for b in data if 32 <= b <= 126 or b in (9, 10, 13))
 
 
-def parse_chunked_body(data: bytes, need_un_gzip=False,session_id="none") -> bytes:
+def parse_chunked_body(data: bytes,session_id="none",skey='') -> bytes:
     try:
         body = b''
         while True:
@@ -40,16 +41,17 @@ def parse_chunked_body(data: bytes, need_un_gzip=False,session_id="none") -> byt
             chunk_end = chunk_start + chunk_size
             body += data[chunk_start:chunk_end]
             data = data[chunk_end + 2:]
-        if need_un_gzip:
-            try:
-                return gzip.decompress(body)
-            except gzip.BadGzipFile:
-                print("解压错误")
-                return body
-        else:
+        # if need_un_gzip:
+        #     try:
+        #         return gzip.decompress(body)
+        #     except gzip.BadGzipFile:
+        #         print(f"解压错误:{session_id}")
+        #         return body
+        # else:
             return body
     except Exception as e:
-        print(f"parse_chunked_body:session:{session_id}")
+        traceback.print_exc()
+        print(f"其他错误:session:{skey}  {session_id}")
         return b''
 
 

{xbase_util-0.8.9 → xbase_util-0.9.1}/xbase_util/pcap_util.py

@@ -274,7 +274,7 @@ def process_session_id_disk_simple(id, node, packet_pos, esdb, pcap_path_prefix)
     return get_file_and_read_pos(id, file, pos_list)
 
 
-def parse_body(data,session_id='none'):
+def parse_body(data,skey='',session_id='none'):
     if data.find(b"\r\n\r\n") != -1:
         res = data.split(b"\r\n\r\n", 1)
         header = res[0]
@@ -284,33 +284,25 @@ def parse_body(data,session_id='none'):
         body = b''
     chunked_pattern = pattern_chuncked.search(header)
     gzip_pattern = pattern_gzip.search(header)
-    need_gzip = gzip_pattern and b'gzip' in gzip_pattern.group()
     if chunked_pattern and b'chunked' in chunked_pattern.group():
-        body = parse_chunked_body(body, need_un_gzip=need_gzip,session_id=session_id)
-    elif need_gzip:
+        body = parse_chunked_body(body,session_id=session_id,skey=skey)
+    if gzip_pattern and b'gzip' in gzip_pattern.group():
         try:
             body = gzip.decompress(body)
         except:
-            print("解压失败")
-            pass
-    result_body_str = filter_visible_chars(body)
-    return filter_visible_chars(header), result_body_str
+            print(f"解压失败:{skey} {session_id}")
+    return filter_visible_chars(header), filter_visible_chars(body)
 
 
 def reassemble_session_pcap(reassemble_tcp_res, skey, session_id='none'):
     my_map = None  # 初始化为 None
     packet_list = []
-
     for packet in reassemble_tcp_res:
-        header, body = parse_body(packet['data'], session_id=session_id)
-
+        header, body = parse_body(packet['data'],skey=skey, session_id=session_id)
         # 如果当前数据包是请求
         if packet['key'] == skey:
-            # 如果 my_map 已经存在（即已经有一个未完成的请求-响应对），先将其添加到 packet_list
             if my_map is not None:
                 packet_list.append(copy.deepcopy(my_map))
-
-            # 初始化一个新的 my_map，并填充请求数据
             my_map = {
                 'key': packet['key'],
                 'req_header': header,
@@ -322,19 +314,14 @@ def reassemble_session_pcap(reassemble_tcp_res, skey, session_id='none'):
                 'res_time': 0,
                 'res_size': 0,
             }
-        # 如果当前数据包是响应
         else:
-            # 如果 my_map 存在（即已经有一个请求），则填充响应数据
             if my_map is not None:
                 my_map['res_header'] = header
                 my_map['res_body'] = body
                 my_map['res_time'] = packet['ts']
                 my_map['res_size'] = len(packet['data'])
-
-                # 将完整的请求-响应对添加到 packet_list
                 packet_list.append(copy.deepcopy(my_map))
-                my_map = None  # 重置 my_map
-    # 如果最后一个 my_map 未完成（只有请求没有响应），也将其添加到 packet_list
+                my_map = None
     if my_map is not None:
         packet_list.append(copy.deepcopy(my_map))
     return packet_list

{xbase_util-0.8.9 → xbase_util-0.9.1}/xbase_util/test.py

@@ -1,11 +1,9 @@
-from scapy.packet import Raw
 from scapy.utils import rdpcap
 
 from xbase_util.pcap_util import reassemble_tcp_pcap, reassemble_session_pcap
 
 if __name__ == '__main__':
     packets_scapy = reassemble_tcp_pcap(rdpcap("test.pcap"))
-    skey = '10.28.7.1:57266'
+    skey = '10.28.7.6:53867'
     all_packets = reassemble_session_pcap(packets_scapy, skey=skey,session_id='enn')
-
     print(all_packets)

{xbase_util-0.8.9 → xbase_util-0.9.1}/xbase_util.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase-util
-Version: 0.8.9
+Version: 0.9.1
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt