commit b9b80c43e84bd37c95037a7a73dad0c29d74c3fe Author: George Kadianakis desnacked@riseup.net Date: Thu Jul 12 18:26:27 2012 +0200
Add a pcap parsing function. --- ooni/protocols/b0wser.py | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 61 insertions(+), 0 deletions(-)
diff --git a/ooni/protocols/b0wser.py b/ooni/protocols/b0wser.py index ae6b002..ed82781 100644 --- a/ooni/protocols/b0wser.py +++ b/ooni/protocols/b0wser.py @@ -1,5 +1,66 @@ from ooni.utils import log
+import sys +from scapy.all import * # XXX recommended way of importing scapy? +import yaml + +def get_b0wser_dictionary_from_pcap(filename): + """ + @param filename: Filesystem path to the pcap. + + Returns: + [{"sender": "client", "data": "\x17\x52\x15"}, {"sender": "server", "data": "\x17\x15\x13"}] + """ + packets = rdpcap(filename) + + checking_first_packet = True + client_ip_addr = None + server_ip_addr = None + + ssl_packets = [] + messages = [] + + """ + pcap assumptions: + + pcap only contains packets exchanged between a Tor client and a Tor + server. (This assumption makes sure that there are only two IP + addresses in the pcap file) + + The first packet of the pcap is sent from the client to the server. + (This assumption is used to get the IP address of the client.) + + All captured packets are TLS packets: that is TCP session + establishment/teardown packets should be filtered out (no SYN/SYN+ACK) + """ + + """Minimally validate the pcap and also find out what's the client + and server IP addresses.""" + for packet in packets: + if checking_first_packet: + client_ip_addr = packet[IP].src + checking_first_packet = False + else: + if packet[IP].src != client_ip_addr: + server_ip_addr = packet[IP].src + + try: + if (packet[Raw]): + ssl_packets.append(packet) + except IndexError: + pass + + """Form our list.""" + for packet in ssl_packets: + if packet[IP].src == client_ip_addr: + messages.append({"sender": "client", "data": str(packet[Raw])}) + elif packet[IP].src == server_ip_addr: + messages.append({"sender": "server", "data": str(packet[Raw])}) + else: + raise("Detected third IP address! pcap is corrupted.") + + return yaml.dump(messages) + class Mutator: idx = 0 step = 0