Add flow capture parsing

2 files changed, 39 insertions, 0 deletions

diff --git a/reversing_tools/parse_mitm.py b/reversing_tools/parse_mitm.py
new file mode 100755
index 0000000..ef61298
--- /dev/null
+++ b/reversing_tools/parse_mitm.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+import sys, os
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'python'))
+
+import json
+from cStringIO import StringIO
+from libmproxy.flow import FlowReader
+from inform import InformSerializer
+
+
+def make_serializer(from_file):
+    with open(from_file) as fp:
+        keystore = { i['mac']: i['x_authkey'] for i in json.load(fp) }
+
+    return InformSerializer("", keystore)
+
+
+def dumps_pretty(obj):
+    return json.dumps(obj, sort_keys=True, indent=4, separators=(',', ': '))
+
+
+if __name__ == "__main__":
+    ser = make_serializer("data/devices.json")
+
+    with open('data/mitm/reboot.txt', 'rb') as fp, open('test.out', 'w') as fp2:
+        read = FlowReader(fp)
+
+        for rec in read.stream():
+            res = ser.parse(StringIO(rec.response.content))
+            req = ser.parse(StringIO(rec.request.content))
+
+            print dumps_pretty(req.payload)
+            print dumps_pretty(res.payload)
+            print
+            print
diff --git a/reversing_tools/parse_pcap.py b/reversing_tools/parse_pcap.py
index c29c1d2..ed6f465 100755
--- a/reversing_tools/parse_pcap.py
+++ b/reversing_tools/parse_pcap.py
@@ -1,5 +1,8 @@
 #!/usr/bin/env python
 
+import sys, os
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'python'))
+
 import dpkt
 import json
 from cStringIO import StringIO