1 files changed, 61 insertions, 0 deletions
diff --git a/parse_pcap.py b/parse_pcap.py
new file mode 100644
index 0000000..3214f15
--- /dev/null
+++ b/parse_pcap.py
@@ -0,0 +1,61 @@
+import dpkt
+import binascii
+from keystore import KEYSTORE
+from cStringIO import StringIO
+from inform import InformSerializer, Cryptor
+def add_colons_to_mac(mac_addr):
+    mac_addr = binascii.hexlify(mac_addr)
+    return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower()
+for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
+    eth = dpkt.ethernet.Ethernet(buf)
+    data = eth.data.tcp.data.split("\r\n")
+    header, data = data[0], data[-1]
+    keys = [
+        KEYSTORE.get(add_colons_to_mac(eth.src)),
+        KEYSTORE.get(add_colons_to_mac(eth.dst)),
+        KEYSTORE.get("00:00:00:00:00:00")
+    ]
+    if not data.startswith("TNBU"):
+        continue
+    for key in keys:
+        if key is None:
+            continue
+        ser = InformSerializer(key)
+        try:
+            packet = ser.parse(StringIO(data))
+            ser._decrypt_payload(packet)
+            if not packet.raw_payload.startswith("{"):
+                continue
+            else:
+                break
+        except ValueError as err:
+            if '16' in err.message:
+                #to_add = 16 - (len(data[40:]) % 16)
+                #decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
+                continue
+            else:
+                raise
+        packet = None
+        if not packet:
+            print "Bad Packet"
+            continue
+        else:
+            print packet.raw_payload
+        #type = packet.payload.get('_type', None)
+        #if type and (not type == 'noop'):
+        #    print packet.raw_payload

diff --git a/parse_pcap.py b/parse_pcap.py new file mode 100644 index 0000000..3214f15 --- /dev/null +++ b/parse_pcap.py
@@ -0,0 +1,61 @@
	1	import dpkt
	2	import binascii
	3	from keystore import KEYSTORE
	4	from cStringIO import StringIO
	5	from inform import InformSerializer, Cryptor
	6
	7
	8	def add_colons_to_mac(mac_addr):
	9	mac_addr = binascii.hexlify(mac_addr)
	10	return ":".join([mac_addr[i2:i2+2] for i in range(12/2)]).lower()
	11
	12
	13	for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
	14	eth = dpkt.ethernet.Ethernet(buf)
	15	data = eth.data.tcp.data.split("\r\n")
	16	header, data = data[0], data[-1]
	17
	18	keys = [
	19	KEYSTORE.get(add_colons_to_mac(eth.src)),
	20	KEYSTORE.get(add_colons_to_mac(eth.dst)),
	21	KEYSTORE.get("00:00:00:00:00:00")
	22	]
	23
	24	if not data.startswith("TNBU"):
	25	continue
	26
	27	for key in keys:
	28	if key is None:
	29	continue
	30
	31	ser = InformSerializer(key)
	32
	33	try:
	34	packet = ser.parse(StringIO(data))
	35	ser._decrypt_payload(packet)
	36
	37	if not packet.raw_payload.startswith("{"):
	38	continue
	39	else:
	40	break
	41	except ValueError as err:
	42	if '16' in err.message:
	43	#to_add = 16 - (len(data[40:]) % 16)
	44	#decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
	45	continue
	46	else:
	47	raise
	48
	49	packet = None
	50
	51
	52	if not packet:
	53	print "Bad Packet"
	54	continue
	55	else:
	56	print packet.raw_payload
	57
	58	#type = packet.payload.get('_type', None)
	59
	60	#if type and (not type == 'noop'):
	61	# print packet.raw_payload