Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
C
clientbot
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
aleajactaest
clientbot
Commits
da985311
Commit
da985311
authored
Dec 01, 2020
by
aleajactaest
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update output for spykhanat
parent
30f648d0
Changes
3
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
203 additions
and
294 deletions
+203
-294
spykhanat.py
spykhanat.py
+28
-4
tools/DecodeDatabase.py
tools/DecodeDatabase.py
+91
-287
tools/Impulse.py
tools/Impulse.py
+84
-3
No files found.
spykhanat.py
View file @
da985311
...
...
@@ -415,6 +415,7 @@ class SpyPcap():
return
actions
,
impulses
def
decode_client_message
(
self
,
msgin
,
clientid
,
dst
,
sequenceid
,
name
,
Parent
,
Source
):
importantinfo
=
{}
target
=
"%s_%s"
%
(
Source
,
Parent
[
7
:])
CurrentReceivedNumber
=
msgin
.
readSint32
(
'CurrentReceivedNumber'
)
SystemMode
=
msgin
.
readBool
(
'SystemMode'
)
...
...
@@ -489,7 +490,7 @@ class SpyPcap():
else
:
logging
.
getLogger
(
LOGGER
).
info
(
"[Client -> Server] System Mode:%s (%d) {CurrentReceivedNumber:%d, src:%s, dst:%s}"
%
(
typeMessage
,
message
,
CurrentReceivedNumber
,
clientid
,
dst
))
logging
.
getLogger
(
LOGGER
).
debug
(
"[Client -> Server] msg:%s"
%
msgin
.
showAllData
())
return
actions
,
impulses
,
databases
return
actions
,
impulses
,
databases
,
importantinfo
def
decode_khanat_message
(
self
,
msgin
,
src
,
dst
,
sequenceid
,
clientname
,
Parent
,
Source
):
target
=
"%s_%s"
%
(
Source
,
Parent
[
7
:])
...
...
@@ -497,6 +498,7 @@ class SpyPcap():
properties
=
[]
impulses
=
[]
databases
=
[]
importantinfo
=
{}
CurrentSendNumber
=
msgin
.
readSint32
(
'CurrentSendNumber'
)
logging
.
getLogger
(
LOGGER
).
debug
(
"[Server -> Client] {CurrentSendNumber:%d, src:%s, dst:%s}"
%
(
CurrentSendNumber
,
src
,
dst
))
SystemMode
=
msgin
.
readBool
(
'SystemMode'
)
...
...
@@ -691,7 +693,7 @@ class SpyPcap():
#cActionFactory.unpack(msgin)
logging
.
getLogger
(
LOGGER
).
debug
(
"[Server -> Client] msg:%s"
%
msgin
.
showAllData
())
#logging.getLogger(LOGGER).info("impulses:%s" % str(impulses))
return
actions
,
impulses
,
databases
,
properties
return
actions
,
impulses
,
databases
,
properties
,
importantinfo
def
read
(
self
):
logging
.
getLogger
(
LOGGER
).
info
(
"Conversion => Start"
)
...
...
@@ -765,11 +767,11 @@ class SpyPcap():
if
(
self
.
khanat_host_service
and
self
.
khanat_host_service
.
match
(
src
))
or
(
not
self
.
khanat_host_service
and
khanat_host
==
src
):
_provenance
=
'Server -> Client'
logging
.
getLogger
(
LOGGER
).
debug
(
"[%s] (message received) [%s] %s"
%
(
_provenance
,
datetime
.
fromtimestamp
(
pkt
.
timestamp
).
strftime
(
"%Y/%m/%d %H:%M:%S"
),
msgin
.
showAllData
()))
actions_servers
,
impulses_servers
,
databases_servers
,
properties_servers
=
self
.
decode_khanat_message
(
msgin
,
src
,
dst
,
sequenceid
,
list_host
[
dst
],
Reference
,
list_host
[
src
])
actions_servers
,
impulses_servers
,
databases_servers
,
properties_servers
,
importantinfo
=
self
.
decode_khanat_message
(
msgin
,
src
,
dst
,
sequenceid
,
list_host
[
dst
],
Reference
,
list_host
[
src
])
else
:
_provenance
=
'Client -> Server'
logging
.
getLogger
(
LOGGER
).
debug
(
"[%s] (message received) [%s] %s"
%
(
_provenance
,
datetime
.
fromtimestamp
(
pkt
.
timestamp
).
strftime
(
"%Y/%m/%d %H:%M:%S"
),
msgin
.
showAllData
()))
actions_clients
,
impulses_clients
,
databases_clients
=
self
.
decode_client_message
(
msgin
,
src
,
dst
,
sequenceid
,
list_host
[
dst
],
Reference
,
list_host
[
src
])
actions_clients
,
impulses_clients
,
databases_clients
,
importantinfo
=
self
.
decode_client_message
(
msgin
,
src
,
dst
,
sequenceid
,
list_host
[
dst
],
Reference
,
list_host
[
src
])
if
not
msgin
.
checkOnlyZeroAtEnd
():
# msgin.needRead() > 7:
moredata
=
"message partially decoded"
fullconverted
=
False
...
...
@@ -777,6 +779,26 @@ class SpyPcap():
moredata
=
'message decoded'
if
self
.
show_message_decoded
:
logging
.
getLogger
(
LOGGER
).
debug
(
"[%s] (%s) %s"
%
(
_provenance
,
moredata
,
msgin
.
showAllData
()))
if
importantinfo
:
havedata
=
True
else
:
havedata
=
False
if
not
havedata
:
for
impulse_data
in
impulses_servers
:
if
impulse_data
.
get_notice
():
havedata
=
True
break
if
havedata
:
print
(
datetime
.
fromtimestamp
(
pkt
.
timestamp
).
strftime
(
"%Y/%m/%d %H:%M:%S"
),
_provenance
,
"("
,
list_host
[
src
],
"=>"
,
list_host
[
dst
],
") ["
,
Reference
,
"] "
)
if
importantinfo
:
for
key
in
importantinfo
:
print
(
" "
*
3
,
key
,
":"
,
importantinfo
[
key
])
if
impulses_servers
:
for
impulse_data
in
impulses_servers
:
data
=
impulse_data
.
get_notice
()
for
key
in
data
:
print
(
" "
*
3
,
key
,
":"
,
data
[
key
])
if
self
.
outyaml
:
self
.
outyaml
.
write
(
"
\n
%s:
\n
sequence: %d
\n
time: %s
\n
source: %s
\n
destination: %s
\n
function: %s
\n
adress_source: %s
\n
adress_destination: %s
\n
state: %s
\n
message:
\n
"
%
(
Reference
,
...
...
@@ -852,9 +874,11 @@ class SpyPcap():
id
=
0
#print("-"*30)
#print(impulses_servers)
#print(impulses_servers)
for
impulse_data
in
impulses_servers
:
#print("-"*80)
#print(Impulse)
#print(impulse_data)
params
=
impulse_data
.
get_parameter
()
self
.
outyaml
.
write
(
" %s:
\n
"
%
(
impulse_data
.
get_name
()))
for
key
in
params
:
...
...
tools/DecodeDatabase.py
View file @
da985311
This diff is collapsed.
Click to expand it.
tools/Impulse.py
View file @
da985311
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment