blob: 3214f15c0b31ec27b8eff502d7ebdce3c5284f98 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
import dpkt
import binascii
from keystore import KEYSTORE
from cStringIO import StringIO
from inform import InformSerializer, Cryptor
def add_colons_to_mac(mac_addr):
mac_addr = binascii.hexlify(mac_addr)
return ":".join([mac_addr[i*2:i*2+2] for i in range(12/2)]).lower()
for ts, buf in dpkt.pcap.Reader(open("/Users/mcrute/Desktop/http_fast.pcap")):
eth = dpkt.ethernet.Ethernet(buf)
data = eth.data.tcp.data.split("\r\n")
header, data = data[0], data[-1]
keys = [
KEYSTORE.get(add_colons_to_mac(eth.src)),
KEYSTORE.get(add_colons_to_mac(eth.dst)),
KEYSTORE.get("00:00:00:00:00:00")
]
if not data.startswith("TNBU"):
continue
for key in keys:
if key is None:
continue
ser = InformSerializer(key)
try:
packet = ser.parse(StringIO(data))
ser._decrypt_payload(packet)
if not packet.raw_payload.startswith("{"):
continue
else:
break
except ValueError as err:
if '16' in err.message:
#to_add = 16 - (len(data[40:]) % 16)
#decrypted = Cryptor(KEY, packet.iv).decrypt(data[40:] + ("\x00" * to_add))
continue
else:
raise
packet = None
if not packet:
print "Bad Packet"
continue
else:
print packet.raw_payload
#type = packet.payload.get('_type', None)
#if type and (not type == 'noop'):
# print packet.raw_payload
|
