Skip to content

Commit

Permalink
cleaned up http parser + better sniffer structure
Browse files Browse the repository at this point in the history
  • Loading branch information
@samatt
samatt committed Jan 23, 2017
1 parent dcc6bcf commit dadb8d6
Show file tree
Hide file tree
Showing 3 changed files with 112 additions and 57 deletions.
38 changes: 29 additions & 9 deletions app/components/tools/Sniffer.vue
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,27 @@
<template>
<div>
<SnifferPayload class="sniff-payload" v-bind:packet="selectedPacket">
</SnifferPayload>
<SnifferPayload class="sniff-payload " v-bind:packet="selectedPacket"> </SnifferPayload>
<div class="sniff-table">
<table class="table test">
<thead>
<tr>
<th>Timestamp</th>
<th class="oh">Timestamp</th>
<th class="hh">Host</th>
<th>Source IP</th>
<th>Destination IP</th>
<th>Source Port</th>
<th>Destination Port</th>
</tr>
</thead>
</table>
<table class="table">
<table class="table padded sniff-body">
<tbody>
<tr :id="'p-idx-'+index"
:class="[index == hoverIndex ? hoverClass : '']"
v-for="(packet, index) in packets"
@click="updateCurrent(packet, index)">
<td class="selectable-text"> {{ packet.ts | prettifyTs}}</td>
<td class="selectable-text oh"> {{ packet.ts | prettifyTs}}</td>
<td class="selectable-text hh">{{packet.payload.host }}</td>
<td class="selectable-text">{{packet.ip.saddr | stringifyIp}}</td>
<td class="selectable-text">{{packet.ip.daddr | stringifyIp}}</td>
<td class="selectable-text">{{packet.tcp.sport }}</td>
Expand Down Expand Up @@ -73,17 +74,21 @@ export default {
this.hoverIndex = index;
},
keyup (e) {
// console.log(e)
//DOWN
if((e.keyCode || e.which) === 40 ){
if(this.hoverIndex < this.packets.length){
if(this.hoverIndex < this.packets.length-1){
this.hoverIndex += 1;
}
if(document.getElementsByClassName('hovered')){
const cur = document.getElementsByClassName('hovered')[0];
if(cur){
const id = cur.id.split('-')
const index =id.pop()
this.selectedPacket = this.packets[index];
this.selectedPacket = this.packets[this.hoverIndex];
console.log(this.hoverIndex, index,'down', this.packets.length)
// cur.scrollIntoViewIfNeeded({block: "end", behavior: "smooth"});
cur.scrollIntoViewIfNeeded({block: "end", behavior: "smooth"});
}
}
Expand All @@ -98,10 +103,10 @@ export default {
if(cur){
const id = cur.id.split('-')
const index =id.pop()
this.selectedPacket = this.packets[index];
this.selectedPacket = this.packets[this.hoverIndex];
console.log(this.hoverIndex, index,'up', this.packets.length)
cur.scrollIntoViewIfNeeded({block: "end", behavior: "smooth"});
}
}
}
else if((e.keyCode || e.which) === 13 ){
Expand All @@ -125,7 +130,12 @@ export default {
max-height: 226px;
overflow: scroll;
}
.sniff-body{
margin-top: 12px;
}
.sniff-payload{
border-width: 1px;
border-style: solid;
height: 132px;
overflow: scroll;
}
Expand All @@ -141,4 +151,14 @@ export default {
position: fixed;
width: 100%;
}
.oh{
overflow: hidden;
max-width: 45px;
}
.hh{
overflow: hidden;
max-width: 100px;
}
</style>
45 changes: 26 additions & 19 deletions app/components/tools/SnifferPayload.vue
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,28 @@
<template>
<div>
<span v-if="!packet"> Click a packet to see its payload information. You can use the up and down keys to navigate</span>
<div v-else v-for="p in packet.payload">
{{p}}
</div>
<span v-if="!packet"> Click a packet to see its payload information. You can use the up and down keys to navigate</span>
<template v-else>
<template v-if="packet.payload.type !== 'https'">

<template v-if="packet.payload.type === 'request'">
<div><strong>Type</strong> : Request</div>
<div><strong>Method</strong> : {{packet.payload.method}}</div>
<div><strong>Url</strong>: {{packet.payload.host}}{{packet.payload.url}}</div>
</template>

<template v-else>
<div><strong>Type</strong> : Response</div>
<div><strong>Response Code</strong> : {{packet.payload.code}} {{packet.payload.status}}</div>
</template>

</template>
<div v-else>
This is an encrypted HTTPS packet for {{packet.payload.host}}
</div>
<div v-for="p in packet.payload.headers">
<strong>{{p[0]}}:</strong> {{p[1]}}
</div>
</template>
</div>
</template>

Expand All @@ -14,23 +32,12 @@ import {mapGetters, mapActions} from 'vuex'
export default {
name: 'snifferPayload',
props: ['packet'],
created () {
},
computed: mapGetters({
toolRunning: 'toolRunning',
packets: 'packets'
}),
components:{
},
filters:{
},
methods: {
}
props: ['packet']
}
</script>

<style scoped>
.group-overflow{
overflow: scroll;
}
</style>
86 changes: 57 additions & 29 deletions network-scripts/PcapSniffer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,57 +142,38 @@ class PcapSniffer {
const eth = packet.payload
const ip = eth.payload
const tcp = ip.payload
// console.log(ip.saddr, ip.daddr)

if( tcp.sport === 8443 ||
tcp.sport === 443 ||
tcp.dport === 443 ||
tcp.dport === 8443 ){
// console.log(tcp.data)
if(tlsClientHello(raw.buf)){
console.log('found 1!')
}
if(tlsClientHello(ip)){
console.log('found 2!')
}

if(tcp.data){
if(tlsClientHello(tcp.data)){
return { ts: ts, eth: eth, ip: ip, tcp: tcp, payload: [`https host name: ${sni(tcp.data)}`]}
return { ts: ts, eth: eth, ip: ip, tcp: tcp, payload: {type:'https', host:sni(tcp.data)}}
}
}


return false
return false
}

if(!tcp.data){
return false;
}

let r = tcp.data.toString('utf-8')
if(r.indexOf('Content-Length') === -1 &&
r.indexOf('Host') === -1 &&
r.indexOf('Content-Type') === -1 ){
return false;
}

let httpr = r.split('\r\n')
let httpHeaders = httpr.filter(function (o) {
if( (o.indexOf(':') > -1 ||
o.indexOf('HTTP') > -1 ||
o.indexOf('GET') > -1 ||
o.indexOf('POST') > -1 ) )
{
return true;
}
else{
return false
}
})

if(httpHeaders.length < 1){
try{
return { ts: ts, eth: eth, ip: ip, tcp: tcp, payload: this.parseHTTP(httpr)}
}
catch(err){
this.error(err)
return false
}

return { ts: ts, eth: eth, ip: ip, tcp: tcp, payload: httpHeaders}
}

mac_to_arr(macAddr) {
Expand All @@ -213,6 +194,53 @@ class PcapSniffer {
}
return ip_arr;
}

parseHTTP(headers){
let packet = {}
packet.http = true
packet.host = ''
let firstline = headers.shift()
if( firstline.indexOf('GET') > -1 ||
firstline.indexOf('POST') > -1 ||
firstline.indexOf('PUT') > -1){
let [verb, url, version] = firstline.split(' ')
packet.type = 'request'
packet.method = verb
packet.url = url
packet.version = version
}
else{
let [version, code, status] = firstline.split(' ')
packet.type = 'response '
packet.code = code
packet.status = status
packet.version = version
}

packet.headers = []

for (var i = 0; i < headers.length; i++) {
if(headers[i] === ''){
break;
}

let header = headers[i].split(': ')
if(header.length <2 ){
continue
}
else{
if(header[0].indexOf('Host') > -1){
packet.host = header[1]
}
packet.headers.push([header[0], header[1]])
}
}

let lastline = headers.pop()
packet.payload = lastline
return packet
}

}

module.exports = PcapSniffer
Expand Down

0 comments on commit dadb8d6

Please sign in to comment.