diff options
Diffstat (limited to 'parse_pcap.py')
-rw-r--r-- | parse_pcap.py | 74 |
1 files changed, 26 insertions, 48 deletions
diff --git a/parse_pcap.py b/parse_pcap.py index 3214f15..bcc3e69 100644 --- a/parse_pcap.py +++ b/parse_pcap.py | |||
@@ -1,61 +1,39 @@ | |||
1 | import dpkt | 1 | import dpkt |
2 | import json | ||
2 | import binascii | 3 | import binascii |
3 | from keystore import KEYSTORE | ||
4 | from cStringIO import StringIO | 4 | from cStringIO import StringIO |
5 | from inform import InformSerializer, Cryptor | 5 | from inform import InformSerializer, Cryptor |
6 | 6 | ||
7 | 7 | ||
8 | d = json.load(open("devices.json")) | ||
9 | KEYSTORE = { i['mac']: i['x_authkey'] for i in d } | ||
10 | |||
11 | |||
8 | def add_colons_to_mac(mac_addr): | 12 | def add_colons_to_mac(mac_addr): |
9 | mac_addr = binascii.hexlify(mac_addr) | 13 | mac_addr = binascii.hexlify(mac_addr) |
10 | return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower() | 14 | return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower() |
11 | 15 | ||
12 | 16 | ||
13 | for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")): | 17 | records = [] |
14 | eth = dpkt.ethernet.Ethernet(buf) | 18 | buffer = StringIO() |
15 | data = eth.data.tcp.data.split("\r\n") | ||
16 | header, data = data[0], data[-1] | ||
17 | |||
18 | keys = [ | ||
19 | KEYSTORE.get(add_colons_to_mac(eth.src)), | ||
20 | KEYSTORE.get(add_colons_to_mac(eth.dst)), | ||
21 | KEYSTORE.get("00:00:00:00:00:00") | ||
22 | ] | ||
23 | 19 | ||
24 | if not data.startswith("TNBU"): | 20 | for ts, buf in dpkt.pcap.Reader(open("mfi.out")): |
21 | eth = dpkt.ethernet.Ethernet(buf) | ||
22 | data = eth.data.tcp.data.split("\r\n")[-1] | ||
23 | |||
24 | if data.startswith("TNBU") and buffer.tell() != 0: | ||
25 | records.append(buffer.getvalue()) | ||
26 | buffer.seek(0) | ||
27 | buffer.write(data) | ||
28 | else: | ||
29 | buffer.write(data) | ||
30 | |||
31 | |||
32 | ser = InformSerializer("", KEYSTORE) | ||
33 | for data in records: | ||
34 | try: | ||
35 | packet = ser.parse(StringIO(data)) | ||
36 | print packet.raw_payload | ||
37 | except: | ||
38 | print "BAD" | ||
25 | continue | 39 | continue |
26 | |||
27 | for key in keys: | ||
28 | if key is None: | ||
29 | continue | ||
30 | |||
31 | ser = InformSerializer(key) | ||
32 | |||
33 | try: | ||
34 | packet = ser.parse(StringIO(data)) | ||
35 | ser._decrypt_payload(packet) | ||
36 | |||
37 | if not packet.raw_payload.startswith("{"): | ||
38 | continue | ||
39 | else: | ||
40 | break | ||
41 | except ValueError as err: | ||
42 | if '16' in err.message: | ||
43 | #to_add = 16 - (len(data[40:]) % 16) | ||
44 | #decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add)) | ||
45 | continue | ||
46 | else: | ||
47 | raise | ||
48 | |||
49 | packet = None | ||
50 | |||
51 | |||
52 | if not packet: | ||
53 | print "Bad Packet" | ||
54 | continue | ||
55 | else: | ||
56 | print packet.raw_payload | ||
57 | |||
58 | #type = packet.payload.get('_type', None) | ||
59 | |||
60 | #if type and (not type == 'noop'): | ||
61 | # print packet.raw_payload | ||