diff options
author | Mike Crute <mcrute@gmail.com> | 2013-09-19 00:25:39 -0400 |
---|---|---|
committer | Mike Crute <mcrute@gmail.com> | 2013-09-19 00:25:39 -0400 |
commit | 302dfb895aa3a1566a5a722353dffd1f5487f6d5 (patch) | |
tree | 739aa97ccbba9ac5ab0a888341edfc8ab5b1c37e | |
parent | da6d833f8a2d09104dda88925fbf07476159f54f (diff) | |
download | ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.tar.bz2 ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.tar.xz ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.zip |
Add test scripts
-rw-r--r-- | parse_dumped_bodies.py | 24 | ||||
-rw-r--r-- | parse_pcap.py | 61 |
2 files changed, 85 insertions, 0 deletions
diff --git a/parse_dumped_bodies.py b/parse_dumped_bodies.py new file mode 100644 index 0000000..2bb16a2 --- /dev/null +++ b/parse_dumped_bodies.py | |||
@@ -0,0 +1,24 @@ | |||
1 | import os | ||
2 | import json | ||
3 | from keystore import KEYSTORE | ||
4 | from cStringIO import StringIO | ||
5 | from inform import InformSerializer, Cryptor | ||
6 | |||
7 | |||
8 | PATH = "/Users/mcrute/Desktop/test" | ||
9 | |||
10 | |||
11 | for file in os.listdir(PATH): | ||
12 | ser = InformSerializer() | ||
13 | |||
14 | with open(os.path.join(PATH, file)) as fp: | ||
15 | packet = ser.parse(fp) | ||
16 | |||
17 | ser.key = KEYSTORE[packet.formatted_mac_addr] | ||
18 | |||
19 | ser._decrypt_payload(packet) | ||
20 | |||
21 | |||
22 | payload = packet.payload | ||
23 | |||
24 | print json.dumps(payload, sort_keys=True, indent=4) | ||
diff --git a/parse_pcap.py b/parse_pcap.py new file mode 100644 index 0000000..3214f15 --- /dev/null +++ b/parse_pcap.py | |||
@@ -0,0 +1,61 @@ | |||
1 | import dpkt | ||
2 | import binascii | ||
3 | from keystore import KEYSTORE | ||
4 | from cStringIO import StringIO | ||
5 | from inform import InformSerializer, Cryptor | ||
6 | |||
7 | |||
8 | def add_colons_to_mac(mac_addr): | ||
9 | mac_addr = binascii.hexlify(mac_addr) | ||
10 | return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower() | ||
11 | |||
12 | |||
13 | for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")): | ||
14 | eth = dpkt.ethernet.Ethernet(buf) | ||
15 | data = eth.data.tcp.data.split("\r\n") | ||
16 | header, data = data[0], data[-1] | ||
17 | |||
18 | keys = [ | ||
19 | KEYSTORE.get(add_colons_to_mac(eth.src)), | ||
20 | KEYSTORE.get(add_colons_to_mac(eth.dst)), | ||
21 | KEYSTORE.get("00:00:00:00:00:00") | ||
22 | ] | ||
23 | |||
24 | if not data.startswith("TNBU"): | ||
25 | continue | ||
26 | |||
27 | for key in keys: | ||
28 | if key is None: | ||
29 | continue | ||
30 | |||
31 | ser = InformSerializer(key) | ||
32 | |||
33 | try: | ||
34 | packet = ser.parse(StringIO(data)) | ||
35 | ser._decrypt_payload(packet) | ||
36 | |||
37 | if not packet.raw_payload.startswith("{"): | ||
38 | continue | ||
39 | else: | ||
40 | break | ||
41 | except ValueError as err: | ||
42 | if '16' in err.message: | ||
43 | #to_add = 16 - (len(data[40:]) % 16) | ||
44 | #decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add)) | ||
45 | continue | ||
46 | else: | ||
47 | raise | ||
48 | |||
49 | packet = None | ||
50 | |||
51 | |||
52 | if not packet: | ||
53 | print "Bad Packet" | ||
54 | continue | ||
55 | else: | ||
56 | print packet.raw_payload | ||
57 | |||
58 | #type = packet.payload.get('_type', None) | ||
59 | |||
60 | #if type and (not type == 'noop'): | ||
61 | # print packet.raw_payload | ||