#!/usr/bin/python
#coding=utf-8
import dpkt
import datetime
import socket
import os
from dpkt.compat import compat_ord
from dpkt.compat import BytesIO, iteritems
import ConfigParser
import codecs
import sys
import zlib
from dpkt.gzip import Gzip
import getopt
import gzip, binascii
from cStringIO import StringIO
global inIp
global inUrl
global inKeyword
default_encoding="utf-8"
if(default_encoding!=sys.getdefaultencoding()):
reload(sys)
sys.setdefaultencoding(default_encoding)
class CResult:
def __init__(self, seq=0, ack = 0, three = 0, gets=0, regets=0, oks=0,rsts=0, bands=0, allblock=0,keys=0,str1='',gzipflag=0, block=0, url='', get_seq=0, fszip=0):
self.seq = seq
self.ack = ack
self.three = three
self.url = url
self.gets = gets
self.regets = regets
self.block = block
self.allblock = allblock
self.str1 = str1
self.gzipflag = gzipflag
self.oks = oks
self.keys = keys
self.rsts = rsts
self.bands = bands
self.get_seq = get_seq
self.fszip = fszip
def readConfig():
cp = ConfigParser.SafeConfigParser()
with codecs.open('myapp.conf', 'r', 'utf-8') as f:
cp.readfp(f)
return cp
def inet_to_str(inet):
# First try ipv4 and then ipv6
return socket.inet_ntoa(inet)
def gzdecode(c_data):
buf = StringIO(c_data)
f = gzip.GzipFile(mode = 'rb', fileobj = buf)
try:
r_data = f.read()
finally:
f.close()
return r_data
def printResult(dic, urlSet):
gets=0
regets=0
three=0
oks=0
fins=0
rsts=0
bands=0
allblock = 0
flownum=0
keys = 0
zipfalsenum = 0
global inIp
global inUrl
global inKeyword
url = inUrl
if url.startswith("http://"):
url = url[7:]
ipconf = inIp
keyword = inKeyword
if( len(keyword) > 0 ):
keyword_utf8=keyword.encode('utf-8')
keyutflen=len(keyword_utf8)
key_gbk=keyword.encode('gbk')
keygbklen=len(key_gbk)
print u"TCP流条数: ",len(dic)
if(len(url) == 0):
if(len(urlSet) == 0):
print u"未发现url"
for tmpurl in urlSet:
for val in dic.values():
if val.url == tmpurl:
gets = gets + val.gets
regets = regets + val.regets
if val.three == 7:
three = three + 1
oks = oks + val.oks
rsts = rsts + val.rsts
bands = bands + val.bands
allblock = allblock + val.allblock
flownum = flownum + 1
print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
print u"URL: " + tmpurl
if(flownum > three):
print "+++ ", u"三步握手丢失".ljust(30) + str(flownum-three)
elif three == 0:
print "+++ ", u"0次三步握手".ljust(30)
else:
print "+++ ",u"三步握手全"
print "+++ ", u"流条数:".ljust(30) + str(flownum)
print "+++ ", u"GET包数量:".ljust(30) + str(gets)
print "+++ ", u"重传GETS包数量:".ljust(28) + str(regets)
print "+++ ",u"FIN/RST包数量:".ljust(30) + str(rsts)
print "+++ ",u"200 OK包数量:".ljust(30) + str(oks)
print "+++ ",u"有效封堵包发送个数:".ljust(26) + str(bands)
print "+++ ",u"封堵包发送个数:".ljust(28) + str(allblock)
print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
gets=0
regets=0
three=0
oks=0
fins=0
rsts=0
bands=0
allblock = 0
flownum=0
keys = 0
zipfalsenum = 0
else:
for val in dic.values():
if val.url == url:
gets = gets + val.gets
regets = regets + val.regets
if val.three == 7:
three = three + 1
oks = oks + val.oks
rsts = rsts + val.rsts
bands = bands + val.bands
allblock = allblock + val.allblock
flownum = flownum + 1
keys = keys + val.keys
#print "--------------------------res------------------------"
if(len(keyword) > 0 and len(val.str1) > 1):
#print toHex(val.str1)
try:
#b = zlib.decompress(val.str1, zlib.MAX_WBITS|32)
b = gzdecode(val.str1)
except Exception,e:
#print "^&*^*&^*&^*&^&*^",e
zipfalsenum = zipfalsenum + 1
continue
if(b.find(key_gbk) >= 0):
keys = keys + 1
if(b.find(keyword_utf8) >=0):
keys = keys + 1
if(flownum == 0):
print u"没有一条流命中该URL,请确认URL是否正确:" + url
else:
print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
if(flownum == three and flownum == gets and flownum == rsts and flownum == oks):
if (len(keyword) > 0 and flownum != keys):
print "+++ ", u"统计结果: pcap数据包数量完全,关键字命中次数缺少".ljust(30)
else:
print "+++ ", u"统计结果: pcap数据包数据完整,关键字命中次数完整".ljust(30)
else:
print "+++ ", u"统计结果: pcap数据包数据不完整".ljust(30)
if(flownum > three):
print "+++ ", u"三步握手丢失".ljust(30) + str(flownum-three)
elif three == 0:
print "+++ ", u"0次三步握手".ljust(30)
else:
print "+++ ",u"三步握手全"
print "+++ ", u"流条数:".ljust(30) + str(flownum)
print "+++ ",u"GET包数量:".ljust(30) + str(gets)
print "+++ ",u"重传GETS包数量:".ljust(28) + str(regets)
if (flownum == rsts):
print "+++ ",u"FIN/RST包数量:".ljust(30) + str(rsts)
print "+++ ",u"200 OK包数量:".ljust(30) + str(oks)
print "+++ ",u"有效封堵包发送个数:".ljust(26) + str(bands)
print "+++ ",u"封堵包发送个数:".ljust(28) + str(allblock)
if len(keyword) > 0 :
print "+++ ",u"关键字命中次数:".ljust(28) + str(keys)
if(zipfalsenum):
print "+++ ",u"压缩包,gzip方式解压失败次数:".ljust(28) + str(zipfalsenum)
print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
def mencode(s):
return ' '.join([bin(ord(c)).replace('0b', '') for c in s])
def toHex(s):
if len(s) == 0:
return
lst = []
for ch in s:
hv = hex(ord(ch)).replace('0x', '')
if len(hv) == 1:
hv = '0'+hv
lst.append(hv)
return reduce(lambda x,y:x+y, lst)
def paserPcap(pcap):
eth = None
redict = {}
urlSet= set()
global inIp
global inKeyword
ipconf = inIp
keyword = inKeyword
id = 0
if(len(keyword) > 0):
keyword_utf8=keyword.encode('utf-8')
keyutflen=len(keyword_utf8)
key_gbk=keyword.encode("gbk")
keygbklen=len(key_gbk)
for timestamp, buf in pcap:
try:
eth = dpkt.ethernet.Ethernet(buf)
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
continue
if not isinstance(eth.data,