From 302dfb895aa3a1566a5a722353dffd1f5487f6d5 Mon Sep 17 00:00:00 2001
From: Mike Crute <mcrute@gmail.com>
Date: Thu, 19 Sep 2013 00:25:39 -0400
Subject: Add test scripts

---
 parse_dumped_bodies.py | 24 ++++++++++++++++++++
 parse_pcap.py          | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+)
 create mode 100644 parse_dumped_bodies.py
 create mode 100644 parse_pcap.py

diff --git a/parse_dumped_bodies.py b/parse_dumped_bodies.py
new file mode 100644
index 0000000..2bb16a2
--- /dev/null
+++ b/parse_dumped_bodies.py
@@ -0,0 +1,24 @@
+import os
+import json
+from keystore import KEYSTORE
+from cStringIO import StringIO
+from inform import InformSerializer, Cryptor
+
+
+PATH = "/Users/mcrute/Desktop/test"
+
+
+for file in os.listdir(PATH):
+    ser = InformSerializer()
+
+    with open(os.path.join(PATH, file)) as fp:
+        packet = ser.parse(fp)
+
+    ser.key = KEYSTORE[packet.formatted_mac_addr]
+
+    ser._decrypt_payload(packet)
+
+
+    payload = packet.payload
+
+    print json.dumps(payload, sort_keys=True, indent=4)
diff --git a/parse_pcap.py b/parse_pcap.py
new file mode 100644
index 0000000..3214f15
--- /dev/null
+++ b/parse_pcap.py
@@ -0,0 +1,61 @@
+import dpkt
+import binascii
+from keystore import KEYSTORE
+from cStringIO import StringIO
+from inform import InformSerializer, Cryptor
+
+
+def add_colons_to_mac(mac_addr):
+    mac_addr = binascii.hexlify(mac_addr)
+    return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower()
+
+
+for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
+    eth = dpkt.ethernet.Ethernet(buf)
+    data = eth.data.tcp.data.split("\r\n")
+    header, data = data[0], data[-1]
+
+    keys = [
+        KEYSTORE.get(add_colons_to_mac(eth.src)),
+        KEYSTORE.get(add_colons_to_mac(eth.dst)),
+        KEYSTORE.get("00:00:00:00:00:00")
+    ]
+
+    if not data.startswith("TNBU"):
+        continue
+
+    for key in keys:
+        if key is None:
+            continue
+
+        ser = InformSerializer(key)
+
+        try:
+            packet = ser.parse(StringIO(data))
+            ser._decrypt_payload(packet)
+
+            if not packet.raw_payload.startswith("{"):
+                continue
+            else:
+                break
+        except ValueError as err:
+            if '16' in err.message:
+                #to_add = 16 - (len(data[40:]) % 16)
+                #decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
+                continue
+            else:
+                raise
+
+        packet = None
+
+
+        if not packet:
+            print "Bad Packet"
+            continue
+        else:
+            print packet.raw_payload
+
+        #type = packet.payload.get('_type', None)
+
+        #if type and (not type == 'noop'):
+        #    print packet.raw_payload
-- 
cgit v1.2.3