Add test scripts

author: Mike Crute <mcrute@gmail.com> 2013-09-19 00:25:39 -0400
committer: Mike Crute <mcrute@gmail.com> 2013-09-19 00:25:39 -0400
commit: 302dfb895aa3a1566a5a722353dffd1f5487f6d5 (patch)
tree: 739aa97ccbba9ac5ab0a888341edfc8ab5b1c37e
parent: da6d833f8a2d09104dda88925fbf07476159f54f (diff)
download: ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.tar.bz2
ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.tar.xz
ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.zip
2 files changed, 85 insertions, 0 deletions
diff --git a/parse_dumped_bodies.py b/parse_dumped_bodies.py
new file mode 100644
index 0000000..2bb16a2
--- /dev/null
+++ b/parse_dumped_bodies.py
@@ -0,0 +1,24 @@
+import os
+import json
+from keystore import KEYSTORE
+from cStringIO import StringIO
+from inform import InformSerializer, Cryptor
+PATH = "/Users/mcrute/Desktop/test"
+for file in os.listdir(PATH):
+    ser = InformSerializer()
+    with open(os.path.join(PATH, file)) as fp:
+        packet = ser.parse(fp)
+    ser.key = KEYSTORE[packet.formatted_mac_addr]
+    ser._decrypt_payload(packet)
+    payload = packet.payload
+    print json.dumps(payload, sort_keys=True, indent=4)
diff --git a/parse_pcap.py b/parse_pcap.py
new file mode 100644
index 0000000..3214f15
--- /dev/null
+++ b/parse_pcap.py
@@ -0,0 +1,61 @@
+import dpkt
+import binascii
+from keystore import KEYSTORE
+from cStringIO import StringIO
+from inform import InformSerializer, Cryptor
+def add_colons_to_mac(mac_addr):
+    mac_addr = binascii.hexlify(mac_addr)
+    return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower()
+for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
+    eth = dpkt.ethernet.Ethernet(buf)
+    data = eth.data.tcp.data.split("\r\n")
+    header, data = data[0], data[-1]
+    keys = [
+        KEYSTORE.get(add_colons_to_mac(eth.src)),
+        KEYSTORE.get(add_colons_to_mac(eth.dst)),
+        KEYSTORE.get("00:00:00:00:00:00")
+    ]
+    if not data.startswith("TNBU"):
+        continue
+    for key in keys:
+        if key is None:
+            continue
+        ser = InformSerializer(key)
+        try:
+            packet = ser.parse(StringIO(data))
+            ser._decrypt_payload(packet)
+            if not packet.raw_payload.startswith("{"):
+                continue
+            else:
+                break
+        except ValueError as err:
+            if '16' in err.message:
+                #to_add = 16 - (len(data[40:]) % 16)
+                #decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
+                continue
+            else:
+                raise
+        packet = None
+        if not packet:
+            print "Bad Packet"
+            continue
+        else:
+            print packet.raw_payload
+        #type = packet.payload.get('_type', None)
+        #if type and (not type == 'noop'):
+        #    print packet.raw_payload
author	Mike Crute <mcrute@gmail.com>	2013-09-19 00:25:39 -0400
committer	Mike Crute <mcrute@gmail.com>	2013-09-19 00:25:39 -0400
commit	302dfb895aa3a1566a5a722353dffd1f5487f6d5 (patch)
tree	739aa97ccbba9ac5ab0a888341edfc8ab5b1c37e
parent	da6d833f8a2d09104dda88925fbf07476159f54f (diff)
download	ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.tar.bz2 ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.tar.xz ubntmfi-302dfb895aa3a1566a5a722353dffd1f5487f6d5.zip

diff --git a/parse_dumped_bodies.py b/parse_dumped_bodies.py new file mode 100644 index 0000000..2bb16a2 --- /dev/null +++ b/parse_dumped_bodies.py
@@ -0,0 +1,24 @@
	1	import os
	2	import json
	3	from keystore import KEYSTORE
	4	from cStringIO import StringIO
	5	from inform import InformSerializer, Cryptor
	6
	7
	8	PATH = "/Users/mcrute/Desktop/test"
	9
	10
	11	for file in os.listdir(PATH):
	12	ser = InformSerializer()
	13
	14	with open(os.path.join(PATH, file)) as fp:
	15	packet = ser.parse(fp)
	16
	17	ser.key = KEYSTORE[packet.formatted_mac_addr]
	18
	19	ser._decrypt_payload(packet)
	20
	21
	22	payload = packet.payload
	23
	24	print json.dumps(payload, sort_keys=True, indent=4)


diff --git a/parse_pcap.py b/parse_pcap.py new file mode 100644 index 0000000..3214f15 --- /dev/null +++ b/parse_pcap.py
@@ -0,0 +1,61 @@
	1	import dpkt
	2	import binascii
	3	from keystore import KEYSTORE
	4	from cStringIO import StringIO
	5	from inform import InformSerializer, Cryptor
	6
	7
	8	def add_colons_to_mac(mac_addr):
	9	mac_addr = binascii.hexlify(mac_addr)
	10	return ":".join([mac_addr[i2:i2+2] for i in range(12/2)]).lower()
	11
	12
	13	for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
	14	eth = dpkt.ethernet.Ethernet(buf)
	15	data = eth.data.tcp.data.split("\r\n")
	16	header, data = data[0], data[-1]
	17
	18	keys = [
	19	KEYSTORE.get(add_colons_to_mac(eth.src)),
	20	KEYSTORE.get(add_colons_to_mac(eth.dst)),
	21	KEYSTORE.get("00:00:00:00:00:00")
	22	]
	23
	24	if not data.startswith("TNBU"):
	25	continue
	26
	27	for key in keys:
	28	if key is None:
	29	continue
	30
	31	ser = InformSerializer(key)
	32
	33	try:
	34	packet = ser.parse(StringIO(data))
	35	ser._decrypt_payload(packet)
	36
	37	if not packet.raw_payload.startswith("{"):
	38	continue
	39	else:
	40	break
	41	except ValueError as err:
	42	if '16' in err.message:
	43	#to_add = 16 - (len(data[40:]) % 16)
	44	#decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
	45	continue
	46	else:
	47	raise
	48
	49	packet = None
	50
	51
	52	if not packet:
	53	print "Bad Packet"
	54	continue
	55	else:
	56	print packet.raw_payload
	57
	58	#type = packet.payload.get('_type', None)
	59
	60	#if type and (not type == 'noop'):
	61	# print packet.raw_payload