bugs fixes

dissector.py

@@ -1,5 +1,6 @@
-from scapy.all import Packet, rdpcap, ConditionalField, Emph, conf
+import json
 import binascii # this class to handle the hex/ascii converting
+from scapy.all import Packet, rdpcap, ConditionalField, Emph, conf
 '''
 imported files from Scapy library
 '''
@@ -367,10 +368,24 @@ def dissect_pkts(self, pcapfile):
                             if isinstance(fields[0], str) and\
                             fields[0].startswith("smtp"):
                                 recognized = True
-                                if fields[j][1].startswith("'") and fields[j][1].endswith("'"):
-                                    entry[fields[j][0]] = self.clean_out(fields[j][1][1:-1])
+                                if fields[j][0].startswith("data") and fields[j][0].endswith("data"):
+                                    #result = self.clean_out(fields[j][1][1:-1])
+                                    entry[fields[j][0]] = fields[j][1]
+                                elif fields[j][0].startswith("response") and fields[j][0].endswith("response"):
+                                    result = fields[j][1]
+                                    result = "[" + result[1:-1].replace("'", '"') + "]"
+                                    result = json.loads(result)
+                                    entry[fields[j][0]] = result
+                                elif fields[j][0].startswith("command") and fields[j][0].endswith("command"):
+                                    #result = self.clean_out(fields[j][1][1:-1])
+                                    entry[fields[j][0]] = fields[j][1][1:-1]
+                                elif fields[j][0].startswith("argument") and fields[j][0].endswith("argument"):
+                                    #result = self.clean_out(fields[j][1][1:-1])
+                                    entry[fields[j][0]] = fields[j][1][1:-1]
                                 else:
-                                    entry[fields[j][0]] = self.clean_out(self.clean_out(fields[j][1]))
+                                    ss = fields[j][1]
+                                    entry[fields[j][0]] = ss
+                                    ss = self.clean_out(self.clean_out(fields[j][1]))
 
 
                             if isinstance(fields[0], str) and\
@@ -389,7 +404,7 @@ def dissect_pkts(self, pcapfile):
                             if isinstance(fields[0], str) and\
 							 fields[0].startswith("irc"):
                                 recognized = True
-                                entry = fields[j][1]
+                                entry = fields[j][1][1:-1]
 
                             if isinstance(fields[0], str) and\
                              fields[0].startswith("telnet"):

ftp.py

@@ -295,7 +295,7 @@ class for dissecting the ftp data
     @attention: it inherets Packet class from Scapy library
     """
     name = "ftp"
-    fields_desc = [FTPDataField("FTP Data", "")]
+    fields_desc = [FTPDataField("data", "")]
 
 
 class FTPResponse(Packet):

irc.py

@@ -30,10 +30,10 @@ def getfield(self, pkt, s):
             return "", value
         elif length > 1:
                 value = ""
-                value = value + "Response: " + ls[0]
+                value = value + "response: " + ls[0]
                 i = 1
                 while i < length - 1:
-                    value = value + " Response: " + ls[i]
+                    value = value + " response: " + ls[i]
                     if i < length - 2:
                         value = value + " | "
                     i = i + 1
@@ -78,7 +78,7 @@ def getfield(self, pkt, s):
         ls = s.split()
         length = len(ls)
         if length > 1:
-            value = "Request Command: " + ls[0] + ","
+            value = "command: " + ls[0] + ","
             if length == 2:
                 remain = ls[1]
                 value = value + " Parameters: " + remain
@@ -117,7 +117,7 @@ class for handling irc responses
     @attention: it inherets Packet from Scapy library
     """
     name = "irc"
-    fields_desc = [IRCResField("Response", "", "H")]
+    fields_desc = [IRCResField("response", "", "H")]
 
 
 class IRCReq(Packet):
@@ -126,7 +126,7 @@ class for handling irc requests
     @attention: it inherets Packet from Scapy library
     """
     name = "irc"
-    fields_desc = [IRCReqField("Request Command", "", "H")]
+    fields_desc = [IRCReqField("command", "", "H")]
 
 bind_layers(TCP, IRCReq, dport=6660)
 bind_layers(TCP, IRCReq, dport=6661)

smtp.py

@@ -176,7 +176,7 @@ def getfield(self, pkt, s):
                  self.get_code_msg(res[0][:3]) + " " + res[0][3:]
             else:
                 value = "(" + res[0] + ") " + self.get_code_msg(res[0])
-            return arguments, value
+            return arguments[:-1], [value]
 
         if length > 1:
             reponses = []
@@ -191,10 +191,10 @@ def getfield(self, pkt, s):
                 if "-" in element[0]:
                     reponses.append(["(" + element[0][:3] + ") " +
                                       self.get_code_msg(element[0][:3]) +
-                                       " " + element[0][3:], arguments])
+                                       " " + element[0][3:], arguments[:-1]])
                 else:
                     reponses.append(["(" + element[0] + ") " +
-                                      self.get_code_msg(element[0]),
+                                      self.get_code_msg(element[0][:-1]),
                                        arguments])
             return "", reponses
         return "", ""
@@ -258,7 +258,7 @@ def getfield(self, pkt, s):
                 while i < length:
                     remain = remain + ls[i] + ' '
                     i = i + 1
-                return remain, value
+                return remain[:-1], value
         else:
             return "", ls[0]
 
@@ -282,7 +282,7 @@ class for handling the smtp data
     @attention: this class inherets Packet
     """
     name = "smtp"
-    fields_desc = [SMTPDataField("SMTP Data", "")]
+    fields_desc = [SMTPDataField("data", "")]
 
 
 class SMTPResponse(Packet):

ssh.py

@@ -1286,7 +1286,7 @@ class for handling the ssh packets
     @attention: this class inherets Packet
     """
     name = "ssh"
-    fields_desc = [SSHField("SSHPayload", "")]
+    fields_desc = [SSHField("sshpayload", "")]
 
 bind_layers(TCP, SSH, dport=22)
 bind_layers(TCP, SSH, sport=22)

test.py

@@ -55,7 +55,16 @@
 print(myl)
 print(ssssss[2])
 print(24 & 8)
-
+oo = []
+oo.append("hello")
+fff = "['hello']"
+rep = fff.replace("'", '"')
+print(["HHHHHHHHHH"])
+print rep
+print(json.loads('[["(220) <domain> Service ready -xc90.websitewelcome.com", "ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500  "], ["(220) <domain> Service ready -We", "do not authorize the use of this system to transport unsolicited,  "], ["(220) <domain> Service ready", "and/or bulk e-mail. "]]'))
+#fff2 = json.loads(fff, encoding="ascii")
+#fff2 = json.loads('["foo", {"bar":["baz", null, 1.0, 2]}]')
+#print(fff2[0])
 pkts = rdpcap("/root/Desktop/http.cap")
 f = open("/root/Desktop/file.txt", "w")
 i = 0

usedissector.py

@@ -11,18 +11,19 @@
 dissector = Dissector()
 
 # sending the pcap file to be dissected
-pkts = dissector.dissect_pkts("/root/Desktop/http.cap")
+pkts = dissector.dissect_pkts("/root/Desktop/irc.cap")
 
 # iterating the dissected packets
 for pkt in pkts :
     print(pkt)
-print(pkts["http"])
+print(pkts["irc"])
 #print(json.dumps(pkts["http"], indent=4))
 f = open("/root/Desktop/file.txt", "w")
 #AAAAA = pkts["http"][17]
 #print(pkts["http"][17]["message-body"])
 
-#f.write(json.dumps(pkts, indent=4))
+f.write(json.dumps(pkts["irc"], indent=4))
+
 #f.write(pkts[26])
 #print(pkts["http"][17])
 # print (pkts["http"])