Skip to content

Check for postParams with single null value #116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 2, 2020
Merged

Check for postParams with single null value #116

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c142644
Check for postParams with single null value
Feb 11, 2020
86aaf7f
Add SOA
Feb 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 19 additions & 7 deletions decoders/dns/dns.py
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,13 @@ def decode_q(self, dns):
queried = ""
if dns.qd[0].type == dpkt.dns.DNS_A:
queried = queried + "A? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_CNAME:
elif dns.qd[0].type == dpkt.dns.DNS_CNAME:
queried = queried + "CNAME? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_AAAA:
elif dns.qd[0].type == dpkt.dns.DNS_AAAA:
queried = queried + "AAAA? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_PTR:
elif dns.qd[0].type == dpkt.dns.DNS_SOA:
queried = queried + "SOA? %s" % (dns.qd[0].name)
elif dns.qd[0].type == dpkt.dns.DNS_PTR:
if dns.qd[0].name.endswith('.in-addr.arpa'):
query_name = '.'.join(
reversed(dns.qd[0].name.split('.in-addr.arpa')[0].split('.')))
Expand All @@ -39,11 +41,11 @@ def decode_q(self, dns):

if dns.qd[0].type == dpkt.dns.DNS_NS:
queried = queried + "NS? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_MX:
elif dns.qd[0].type == dpkt.dns.DNS_MX:
queried = queried + "MX? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_TXT:
elif dns.qd[0].type == dpkt.dns.DNS_TXT:
queried = queried + "TXT? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_SRV:
elif dns.qd[0].type == dpkt.dns.DNS_SRV:
queried = queried + "SRV? %s" % (dns.qd[0].name)

return queried
Expand All @@ -65,7 +67,7 @@ def DNSHandler(self, conn, request, response, **kwargs):
conn.info(query=self.decode_q(dns))

# DNS Answer with data and no errors
elif (dns.qr == dpkt.dns.DNS_A and dns.rcode == dpkt.dns.DNS_RCODE_NOERR and len(dns.an) > 0):
elif (dns.rcode == dpkt.dns.DNS_RCODE_NOERR and len(dns.an) > 0):

queried = self.decode_q(dns)

Expand Down Expand Up @@ -108,6 +110,16 @@ def DNSHandler(self, conn, request, response, **kwargs):
if queried != '':
anstext = 'NXDOMAIN'

#SOA response
elif dns.qd[0].type == dpkt.dns.DNS_SOA and len(dns.ns):
queried = self.decode_q(dns)
answers = []
for ns in dns.ns:
if ns.type == dpkt.dns.DNS_SOA:
answers.append('SOA: '+ ns.mname)
anstext = ", ".join(answers)


# did we get an answer?
if anstext and not self.only_noanswer and not self.only_norequest:
self.alert(
Expand Down
3 changes: 3 additions & 0 deletions decoders/http/httpdump.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@ def HTTPHandler(self, conn, request, response, requesttime, responsetime):
request.method, response.status, host, uri_location, util.getHeader(response, 'content-type'))
urlParams = util.URLDataToParameterDict(uri_data)
postParams = util.URLDataToParameterDict(request.body)
# If URLData parser only returns a single element with null value, it's probably an eroneous evaluation. Most likely base64 encoded payload ending in an '=' character.
if len(postParams)==1 and postParams[postParams.keys()[0]] == '\x00':
postParams = None

clientCookies = self._parseCookies(util.getHeader(request, 'cookie'))
serverCookies = self._parseCookies(
Expand Down