[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [ooni-probe/master] Add a pcap parsing function.
commit b9b80c43e84bd37c95037a7a73dad0c29d74c3fe
Author: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Thu Jul 12 18:26:27 2012 +0200
Add a pcap parsing function.
---
ooni/protocols/b0wser.py | 61 ++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 61 insertions(+), 0 deletions(-)
diff --git a/ooni/protocols/b0wser.py b/ooni/protocols/b0wser.py
index ae6b002..ed82781 100644
--- a/ooni/protocols/b0wser.py
+++ b/ooni/protocols/b0wser.py
@@ -1,5 +1,66 @@
from ooni.utils import log
+import sys
+from scapy.all import * # XXX recommended way of importing scapy?
+import yaml
+
+def get_b0wser_dictionary_from_pcap(filename):
+ """
+ @param filename: Filesystem path to the pcap.
+
+ Returns:
+ [{"sender": "client", "data": "\x17\x52\x15"}, {"sender": "server", "data": "\x17\x15\x13"}]
+ """
+ packets = rdpcap(filename)
+
+ checking_first_packet = True
+ client_ip_addr = None
+ server_ip_addr = None
+
+ ssl_packets = []
+ messages = []
+
+ """
+ pcap assumptions:
+
+ pcap only contains packets exchanged between a Tor client and a Tor
+ server. (This assumption makes sure that there are only two IP
+ addresses in the pcap file)
+
+ The first packet of the pcap is sent from the client to the server.
+ (This assumption is used to get the IP address of the client.)
+
+ All captured packets are TLS packets: that is TCP session
+ establishment/teardown packets should be filtered out (no SYN/SYN+ACK)
+ """
+
+ """Minimally validate the pcap and also find out what's the client
+ and server IP addresses."""
+ for packet in packets:
+ if checking_first_packet:
+ client_ip_addr = packet[IP].src
+ checking_first_packet = False
+ else:
+ if packet[IP].src != client_ip_addr:
+ server_ip_addr = packet[IP].src
+
+ try:
+ if (packet[Raw]):
+ ssl_packets.append(packet)
+ except IndexError:
+ pass
+
+ """Form our list."""
+ for packet in ssl_packets:
+ if packet[IP].src == client_ip_addr:
+ messages.append({"sender": "client", "data": str(packet[Raw])})
+ elif packet[IP].src == server_ip_addr:
+ messages.append({"sender": "server", "data": str(packet[Raw])})
+ else:
+ raise("Detected third IP address! pcap is corrupted.")
+
+ return yaml.dump(messages)
+
class Mutator:
idx = 0
step = 0
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits