Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

bugs fixes

  • Loading branch information...
commit b1ec7b8c21f74e9e43bc76bd03d920bb5f319c5b 1 parent 187a102
root authored
View
25 dissector.py
@@ -1,5 +1,6 @@
-from scapy.all import Packet, rdpcap, ConditionalField, Emph, conf
+import json
import binascii # this class to handle the hex/ascii converting
+from scapy.all import Packet, rdpcap, ConditionalField, Emph, conf
'''
imported files from Scapy library
'''
@@ -367,10 +368,24 @@ def dissect_pkts(self, pcapfile):
if isinstance(fields[0], str) and\
fields[0].startswith("smtp"):
recognized = True
- if fields[j][1].startswith("'") and fields[j][1].endswith("'"):
- entry[fields[j][0]] = self.clean_out(fields[j][1][1:-1])
+ if fields[j][0].startswith("data") and fields[j][0].endswith("data"):
+ #result = self.clean_out(fields[j][1][1:-1])
+ entry[fields[j][0]] = fields[j][1]
+ elif fields[j][0].startswith("response") and fields[j][0].endswith("response"):
+ result = fields[j][1]
+ result = "[" + result[1:-1].replace("'", '"') + "]"
+ result = json.loads(result)
+ entry[fields[j][0]] = result
+ elif fields[j][0].startswith("command") and fields[j][0].endswith("command"):
+ #result = self.clean_out(fields[j][1][1:-1])
+ entry[fields[j][0]] = fields[j][1][1:-1]
+ elif fields[j][0].startswith("argument") and fields[j][0].endswith("argument"):
+ #result = self.clean_out(fields[j][1][1:-1])
+ entry[fields[j][0]] = fields[j][1][1:-1]
else:
- entry[fields[j][0]] = self.clean_out(self.clean_out(fields[j][1]))
+ ss = fields[j][1]
+ entry[fields[j][0]] = ss
+ ss = self.clean_out(self.clean_out(fields[j][1]))
if isinstance(fields[0], str) and\
@@ -389,7 +404,7 @@ def dissect_pkts(self, pcapfile):
if isinstance(fields[0], str) and\
fields[0].startswith("irc"):
recognized = True
- entry = fields[j][1]
+ entry = fields[j][1][1:-1]
if isinstance(fields[0], str) and\
fields[0].startswith("telnet"):
View
2  ftp.py
@@ -295,7 +295,7 @@ class for dissecting the ftp data
@attention: it inherets Packet class from Scapy library
"""
name = "ftp"
- fields_desc = [FTPDataField("FTP Data", "")]
+ fields_desc = [FTPDataField("data", "")]
class FTPResponse(Packet):
View
10 irc.py
@@ -30,10 +30,10 @@ def getfield(self, pkt, s):
return "", value
elif length > 1:
value = ""
- value = value + "Response: " + ls[0]
+ value = value + "response: " + ls[0]
i = 1
while i < length - 1:
- value = value + " Response: " + ls[i]
+ value = value + " response: " + ls[i]
if i < length - 2:
value = value + " | "
i = i + 1
@@ -78,7 +78,7 @@ def getfield(self, pkt, s):
ls = s.split()
length = len(ls)
if length > 1:
- value = "Request Command: " + ls[0] + ","
+ value = "command: " + ls[0] + ","
if length == 2:
remain = ls[1]
value = value + " Parameters: " + remain
@@ -117,7 +117,7 @@ class for handling irc responses
@attention: it inherets Packet from Scapy library
"""
name = "irc"
- fields_desc = [IRCResField("Response", "", "H")]
+ fields_desc = [IRCResField("response", "", "H")]
class IRCReq(Packet):
@@ -126,7 +126,7 @@ class for handling irc requests
@attention: it inherets Packet from Scapy library
"""
name = "irc"
- fields_desc = [IRCReqField("Request Command", "", "H")]
+ fields_desc = [IRCReqField("command", "", "H")]
bind_layers(TCP, IRCReq, dport=6660)
bind_layers(TCP, IRCReq, dport=6661)
View
10 smtp.py
@@ -176,7 +176,7 @@ def getfield(self, pkt, s):
self.get_code_msg(res[0][:3]) + " " + res[0][3:]
else:
value = "(" + res[0] + ") " + self.get_code_msg(res[0])
- return arguments, value
+ return arguments[:-1], [value]
if length > 1:
reponses = []
@@ -191,10 +191,10 @@ def getfield(self, pkt, s):
if "-" in element[0]:
reponses.append(["(" + element[0][:3] + ") " +
self.get_code_msg(element[0][:3]) +
- " " + element[0][3:], arguments])
+ " " + element[0][3:], arguments[:-1]])
else:
reponses.append(["(" + element[0] + ") " +
- self.get_code_msg(element[0]),
+ self.get_code_msg(element[0][:-1]),
arguments])
return "", reponses
return "", ""
@@ -258,7 +258,7 @@ def getfield(self, pkt, s):
while i < length:
remain = remain + ls[i] + ' '
i = i + 1
- return remain, value
+ return remain[:-1], value
else:
return "", ls[0]
@@ -282,7 +282,7 @@ class for handling the smtp data
@attention: this class inherets Packet
"""
name = "smtp"
- fields_desc = [SMTPDataField("SMTP Data", "")]
+ fields_desc = [SMTPDataField("data", "")]
class SMTPResponse(Packet):
View
2  ssh.py
@@ -1286,7 +1286,7 @@ class for handling the ssh packets
@attention: this class inherets Packet
"""
name = "ssh"
- fields_desc = [SSHField("SSHPayload", "")]
+ fields_desc = [SSHField("sshpayload", "")]
bind_layers(TCP, SSH, dport=22)
bind_layers(TCP, SSH, sport=22)
View
11 test.py
@@ -55,7 +55,16 @@
print(myl)
print(ssssss[2])
print(24 & 8)
-
+oo = []
+oo.append("hello")
+fff = "['hello']"
+rep = fff.replace("'", '"')
+print(["HHHHHHHHHH"])
+print rep
+print(json.loads('[["(220) <domain> Service ready -xc90.websitewelcome.com", "ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 "], ["(220) <domain> Service ready -We", "do not authorize the use of this system to transport unsolicited, "], ["(220) <domain> Service ready", "and/or bulk e-mail. "]]'))
+#fff2 = json.loads(fff, encoding="ascii")
+#fff2 = json.loads('["foo", {"bar":["baz", null, 1.0, 2]}]')
+#print(fff2[0])
pkts = rdpcap("/root/Desktop/http.cap")
f = open("/root/Desktop/file.txt", "w")
i = 0
View
7 usedissector.py
@@ -11,18 +11,19 @@
dissector = Dissector()
# sending the pcap file to be dissected
-pkts = dissector.dissect_pkts("/root/Desktop/http.cap")
+pkts = dissector.dissect_pkts("/root/Desktop/irc.cap")
# iterating the dissected packets
for pkt in pkts :
print(pkt)
-print(pkts["http"])
+print(pkts["irc"])
#print(json.dumps(pkts["http"], indent=4))
f = open("/root/Desktop/file.txt", "w")
#AAAAA = pkts["http"][17]
#print(pkts["http"][17]["message-body"])
-#f.write(json.dumps(pkts, indent=4))
+f.write(json.dumps(pkts["irc"], indent=4))
+
#f.write(pkts[26])
#print(pkts["http"][17])
# print (pkts["http"])
Please sign in to comment.
Something went wrong with that request. Please try again.