ctf-2011
old assets from capture-the-flag ictf 2011
git clone https://9o.is/git/ctf-2011.git
pcap-analyzer.py~
(6431B)
1 #!/usr/bin/env python
2 from scapy.all import *
3 import sys
4 import re
5 import os
6 from streams import *
7 import json
8 from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
9 from datetime import datetime
10 from threading import Thread
11 from SocketServer import ThreadingMixIn
12 import time
13
14 flag_regex = r'[A-Fa-f0-9]{40}'
15 #rwthctf
16 #flag_regex = r'[A-Fa-f0-9]{40}'
17 #flag_regex = r'HTTP'
18
19 class AnalyzedTraffic():
20 def __init__(self, myself=None):
21 self.myself = myself
22 self.streams = Streams(myself=myself)
23 self.seen_flags = []
24
25 def add_package(self, pkt):
26 # Let the TCP stream parser do its work...
27 s = self.streams.parse(pkt)
28 # if packet contains a flag, put a reference in seen_flags
29 mg = None
30 if hasattr(pkt, 'load'):
31 print 'Has is'
32 mg = re.search(flag_regex, pkt.load)
33 if mg:
34 flag = mg.group(0)
35 print 'Has ik'
36 direction = 'unknown'
37 if pkt.haslayer(IP):
38 if pkt.getlayer(IP).src == self.myself:
39 print 'Has ip'
40 direction = 'out'
41 elif pkt.getlayer(IP).dst == self.myself:
42 direction = 'in'
43 print 'has ip'
44 if direction == 'unknown':
45 return
46
47 # either a reference to the packet or to the whole stream
48 if s:
49 s.contains_flag = True
50 self.seen_flags.append((datetime.now(), flag, direction, s))
51 else:
52 self.seen_flags.append((datetime.now(), flag, direction, pkt))
53
54 def get_latest_flags(self,foo=None):
55 r = []
56 for e in list(enumerate(self.seen_flags))[-50:]:
57 id = e[0]
58 f = e[1]
59
60 time = str(f[0].time())
61 info = f[3].summary()
62
63 if isinstance(f[3], Stream):
64 r.insert(0, (time,id,f[1],f[2],'stream', info))
65 else:
66 r.insert(0, (time,id,f[1],f[2],'packet', info))
67
68 return r
69
70 def get_stream(self, path):
71 try:
72 i = int(path.split('/')[-1])
73 packets = map(lambda x: x.__repr__(), self.seen_flags[i][3].packets)
74
75 return {'packets': packets, 'payload': self.seen_flags[i][3].content}
76 except:
77 return None
78
79 def get_packet(self, path):
80 try:
81 i = int(path.split('/')[-1])
82 return {'packets': [self.seen_flags[i][3].__repr__()],
83 'payload': None}
84 except:
85 return None
86
87 class CallbackHTTPServer(ThreadingMixIn, HTTPServer):
88 def __init__(self, server_address, RequestHandlerClass, bind_and_activate=True, funcmap={}):
89 self.funcmap = funcmap
90 HTTPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate)
91
92 def add_callback(self, path, func):
93 self.funcmap[path] = func
94
95 class CallbackHTTPRequestHandler(BaseHTTPRequestHandler):
96 def do_GET(self):
97 #try:
98 if len(self.path):
99 if self.server.funcmap.has_key(self.path):
100 self.send_response(200)
101 self.send_header('content-type', 'application/json')
102 self.end_headers()
103
104 data = json.dumps(self.server.funcmap[self.path](self.path))
105 self.wfile.write(data)
106 return
107 else:
108 for k,v in self.server.funcmap.items():
109 if self.path.startswith(k):
110 self.send_response(200)
111 self.send_header('content-type', 'application/json')
112 self.end_headers()
113
114 data = json.dumps(v(self.path[len(k):]))
115 self.wfile.write(data)
116 return
117 #except:
118 # self.send_error(300, 'We have some problem here.')
119 req_file = os.path.abspath(os.curdir+self.path)
120 curdir = os.path.abspath(os.curdir)
121 if req_file.startswith(curdir) and os.path.isfile(req_file):
122 self.send_response(200)
123 if req_file.endswith('.js'):
124 self.send_header('content-type', 'application/javascript')
125 elif req_file.endswith('.css'):
126 self.send_header('content-type', 'text/css')
127 else:
128 self.send_header('content-type', 'text/html')
129 self.end_headers()
130
131 f = open(req_file)
132 self.wfile.write(f.read())
133 f.close()
134 return
135
136 self.send_error(404, 'File Not Found: %s' % self.path)
137
138 def serve(host="",port=80, handler=CallbackHTTPRequestHandler):
139 server = CallbackHTTPServer(('', port), CallbackHTTPRequestHandler)
140
141 server.add_callback('/get/flags', at.get_latest_flags)
142 server.add_callback('/get/stream/', at.get_stream)
143 server.add_callback('/get/packet/', at.get_packet)
144
145 #try:
146 # os.setuid(65534) # nobody
147 #except:
148 # print 'Could not drop privileges'
149
150 server.serve_forever()
151
152 #class ThreadedSniffer(Thread):
153 # def __init__(self, iface, filter, prn):
154 # Thread.__init__(self)
155 # self.iface = iface
156 # self.filter = filter
157 # self.prn = prn
158 #
159 # def run(self):
160
161 if __name__ == '__main__':
162 if len(sys.argv) < 2:
163 print 'Usage:', sys.argv[0], ' interface myself'
164 print 'Usage:', sys.argv[0], ' pcap_file'
165 sys.exit(1)
166
167 # Get HTML colors
168 conf.color_theme = scapy.themes.HTMLTheme2()
169
170 if len(sys.argv) == 2:
171 pcap_file = sys.argv[1]
172 pkts = rdpcap(pcap_file)
173
174 at = AnalyzedTraffic()
175
176 for p in pkts:
177 at.add_package(p)
178
179 try:
180 serve(port=8080)
181 except KeyboardInterrupt:
182 sys.exit(0)
183 else:
184 interface = sys.argv[1]
185 myself = sys.argv[2]
186
187 at = AnalyzedTraffic(myself)
188
189 try:
190 #ThreadedSniffer(iface=interface, prn=at.add_package, filter='host '+myself).start()
191 #time.sleep(2)
192 Thread(target=serve, args=["", 8080]).start()
193 sniff(iface=interface, prn=at.add_package)#, filter='host '+myself)
194
195 except KeyboardInterrupt:
196 sys.exit(0)
197
198