Processor, PcapProcessor C# (CSharp) Code-Beispiele

Beispiel #1

0

Datei anzeigen

Datei: PcapProcessorTest.cs Projekt: tchigher/BruteShark

        public void PcapProcessor_identifyPcapFileFormat()
        {
            var processor = new PcapProcessor.Processor();

            Assert.AreEqual(true, processor.IsPcapFile(this.HttpSmallFilePath));
            Assert.AreEqual(false, processor.IsPcapFile(this.PcapNGFile));
        }

Beispiel #2

0

Datei anzeigen

Datei: SingleCommandRunner.cs Projekt: xj84684/BruteShark

        public SingleCommandRunner(Analyzer analyzer, Processor processor, Sniffer sniffer, string[] args)
        {
            _sniffer   = sniffer;
            _analyzer  = analyzer;
            _processor = processor;
            _files     = new List <string>();

            _hashes         = new HashSet <PcapAnalyzer.NetworkHash>();
            _connections    = new HashSet <PcapAnalyzer.NetworkConnection>();
            _passwords      = new HashSet <NetworkPassword>();
            _extractedFiles = new HashSet <NetworkFile>();
            _voipCalls      = new HashSet <CommonUi.VoipCall>();
            _dnsMappings    = new HashSet <PcapAnalyzer.DnsNameMapping>();


            _analyzer.ParsedItemDetected           += OnParsedItemDetected;
            _analyzer.UpdatedItemProprertyDetected += UpdatedPropertyInItemDetected;

            _processor.ProcessingFinished          += (s, e) => this.ExportResults();
            _processor.FileProcessingStatusChanged += (s, e) => this.PrintFileStatusUpdate(s, e);

            // This is done to catch Ctrl + C key press by the user.
            Console.CancelKeyPress += (s, e) => { this.ExportResults(); Environment.Exit(0); };

            // Parse user arguments.
            CommandLine.Parser.Default.ParseArguments <SingleCommandFlags>(args).WithParsed <SingleCommandFlags>((cliFlags) => _cliFlags = cliFlags);
        }

Beispiel #3

0

Datei anzeigen

Datei: CliShell.cs Projekt: ziqi521/BruteShark

        public CliShell(PcapAnalyzer.Analyzer analyzer, PcapProcessor.Processor processor, Sniffer sniffer, string seperator = ">")
        {
            _sniffer          = sniffer;
            _tcpPacketsCount  = 0;
            _udpPacketsCount  = 0;
            _udpStreamsCount  = 0;
            _tcpSessionsCount = 0;
            liveCapture       = false;
            this.Seperator    = seperator;
            _printingLock     = new object();
            _files            = new List <string>();
            _networkDevice    = null;
            _processor        = processor;
            _analyzer         = analyzer;

            _analyzer.ParsedItemDetected += OnParsedItemDetected;
            _processor.TcpPacketArived   += (s, e) => this.UpdateTcpPacketsCount();
            _processor.UdpPacketArived   += (s, e) => this.UpdateUdpPacketsCount();
            _processor.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount();
            _processor.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount();

            sniffer.TcpPacketArived   += (s, e) => this.UpdateTcpPacketsCount();
            sniffer.UdpPacketArived   += (s, e) => this.UpdateUdpPacketsCount();
            sniffer.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount();
            sniffer.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount();

            _hashes      = new HashSet <PcapAnalyzer.NetworkHash>();
            _passwords   = new HashSet <PcapAnalyzer.NetworkPassword>();
            _connections = new HashSet <PcapAnalyzer.NetworkConnection>();

            this._commands = new List <CliShellCommand>();
            AddCommand(new CliShellCommand("add-file", p => AddFile(p), "Add file to analyze. Usage: add-file <FILE-PATH>"));
            AddCommand(new CliShellCommand("start", p => StartAnalyzing(), "Start analyzing"));
            AddCommand(new CliShellCommand("show-passwords", p => PrintPasswords(), "Print passwords."));
            AddCommand(new CliShellCommand("show-modules", p => PrintModules(), "Print modules."));
            AddCommand(new CliShellCommand("show-hashes", p => PrintHashes(), "Print Hashes"));
            AddCommand(new CliShellCommand("show-networkmap", p => PrintNetworkMap(), "Prints the network map as a json string. Usage: show-networkmap"));
            AddCommand(new CliShellCommand("export-hashes", p => Utilities.ExportHashes(p, _hashes), "Export all Hashes to Hascat format input files. Usage: export-hashes <OUTPUT-DIRECTORY>"));
            AddCommand(new CliShellCommand("capture-from-device", p => InitLiveCapture(p), "Capture live traffic from a network device, Usage: capture-from-device <device-name>"));
            AddCommand(new CliShellCommand("capture-promiscious-mode", p => sniffer.PromisciousMode = true, "Capture live traffic from a network device on promiscious mode (requires superuser privileges, default is normal mode)"));
            AddCommand(new CliShellCommand("set-captrue-filter", p => VerifyFilter(p), "Set a capture filter to the live traffic capture(filters must be bpf syntax filters)"));
            AddCommand(new CliShellCommand("show-network-devices", p => PrintNetworkDevices(), "Show the available network devices for live capture"));
            AddCommand(new CliShellCommand("export-networkmap", p => CommonUi.Exporting.ExportNetworkMap(p, _connections), "Export network map to a json file for neo4j. Usage: export-networkmap <OUTPUT-file>"));

            // Add the help command
            this.AddCommand(new CliShellCommand(
                                "help",
                                param => this.PrintCommandsWithDescription(),
                                "Print help menu"));

            // Add the exit command
            this.AddCommand(new CliShellCommand(
                                "exit",
                                param => this._exit = true,
                                "Exit CLI"));

            LoadModules(_analyzer.AvailableModulesNames);
        }

Beispiel #4

0

Datei anzeigen

Datei: MainForm.cs Projekt: xj84684/BruteShark

        public MainForm()
        {
            InitializeComponent();

            _files       = new HashSet <string>();
            _cts         = new CancellationTokenSource();
            _connections = new HashSet <PcapAnalyzer.NetworkConnection>();

            // Create the DAL and BLL objects.
            _processor = new PcapProcessor.Processor();
            _sniffer   = new PcapProcessor.Sniffer();
            _analyzer  = new PcapAnalyzer.Analyzer();
            _processor.BuildTcpSessions = true;
            _processor.BuildUdpSessions = true;

            // Create the user controls.
            _networkMapUserControl            = new NetworkMapUserControl();
            _networkMapUserControl.Dock       = DockStyle.Fill;
            _sessionsExplorerUserControl      = new SessionsExplorerUserControl();
            _sessionsExplorerUserControl.Dock = DockStyle.Fill;
            _hashesUserControl           = new HashesUserControl();
            _hashesUserControl.Dock      = DockStyle.Fill;
            _passwordsUserControl        = new GenericTableUserControl();
            _passwordsUserControl.Dock   = DockStyle.Fill;
            _filesUserControl            = new FilesUserControl();
            _filesUserControl.Dock       = DockStyle.Fill;
            _dnsResponseUserControl      = new DnsResponseUserControl();
            _dnsResponseUserControl.Dock = DockStyle.Fill;
            _voipCallsUserControl        = new VoipCallsUserControl();
            _voipCallsUserControl.Dock   = DockStyle.Fill;

            // Contract the events.
            _sniffer.UdpPacketArived               += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
            _sniffer.TcpPacketArived               += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
            _sniffer.TcpSessionArrived             += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
            _sniffer.TcpSessionArrived             += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorTcpSessionToBruteSharkDesktopTcpSession(e.TcpSession)));
            _sniffer.UdpSessionArrived             += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorUdpSessionToBruteSharkDesktopUdpSession(e.UdpSession)));
            _processor.UdpPacketArived             += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
            _processor.TcpPacketArived             += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
            _processor.TcpSessionArrived           += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
            _processor.TcpSessionArrived           += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorTcpSessionToBruteSharkDesktopTcpSession(e.TcpSession)));
            _processor.UdpSessionArrived           += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorUdpSessionToBruteSharkDesktopUdpSession(e.UdpSession)));
            _processor.FileProcessingStatusChanged += (s, e) => SwitchToMainThreadContext(() => OnFileProcessingStatusChanged(s, e));
            _processor.ProcessingPrecentsChanged   += (s, e) => SwitchToMainThreadContext(() => OnProcessingPrecentsChanged(s, e));
            _processor.ProcessingFinished          += (s, e) => SwitchToMainThreadContext(() => OnProcessingFinished(s, e));
            _analyzer.ParsedItemDetected           += (s, e) => SwitchToMainThreadContext(() => OnParsedItemDetected(s, e));
            _analyzer.UpdatedItemProprertyDetected += (s, e) => SwitchToMainThreadContext(() => OnUpdatedItemProprertyDetected(s, e));

            InitilizeFilesIconsList();
            InitilizeModulesCheckedListBox();
            InitilizeInterfacesComboBox();
            this.modulesTreeView.ExpandAll();
        }

Beispiel #5

0

Datei anzeigen

Datei: PcapProcessorTest.cs Projekt: zhouzu/BruteShark

        public void PcapProcessor_ReadTcpPackets_ReadSuccess()
        {
            // Arrange.
            var recievedPackets = new List <PcapProcessor.TcpPacket>();
            var processor       = new PcapProcessor.Processor();

            processor.TcpPacketArived +=
                (object sender, TcpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet);

            // Act.
            processor.ProcessPcap(this.TcpFivePacketsFilePath);

            // Assert.
            Assert.AreEqual(5, recievedPackets.Count);
        }

Beispiel #6

0

Datei anzeigen

Datei: PcapProcessorTest.cs Projekt: zhouzu/BruteShark

        public void PcapProcessor_ReadUdpPackets_ReadSuccess()
        {
            // Arrange.
            var recievedPackets = new List <PcapProcessor.UdpPacket>();
            var processor       = new PcapProcessor.Processor();

            processor.UdpPacketArived +=
                (object sender, UdpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet);

            // Act.
            processor.ProcessPcap(this.UdpFilePath);

            // Assert (the file has 32 packets).
            Assert.AreEqual(32, recievedPackets.Count);
        }

Beispiel #7

0

Datei anzeigen

        public BruteSharkCli(string[] args)
        {
            _args      = args;
            _processor = new PcapProcessor.Processor();
            _analyzer  = new PcapAnalyzer.Analyzer();

            // TODO: create command for this.
            _processor.BuildTcpSessions = true;
            _processor.BuildUdpSessions = true;

            // Contract the events.
            _processor.UdpPacketArived   += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
            _processor.TcpPacketArived   += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
            _processor.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
            _processor.UdpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpStreamToAnalyzerUdpStream(e.UdpSession));
        }

Beispiel #8

0

Datei anzeigen

Datei: SingleCommandRunner.cs Projekt: mlynchcogent/BruteShark

        public SingleCommandRunner(Analyzer analyzer, Processor processor, string[] args)
        {
            _analyzer  = analyzer;
            _processor = processor;
            _files     = new List <string>();

            _hashes         = new HashSet <NetworkHash>();
            _connections    = new HashSet <PcapAnalyzer.NetworkConnection>();
            _passwords      = new HashSet <NetworkPassword>();
            _extractedFiles = new HashSet <NetworkFile>();

            _analyzer.ParsedItemDetected           += OnParsedItemDetected;
            _processor.ProcessingFinished          += (s, e) => this.ExportResults();
            _processor.FileProcessingStatusChanged += (s, e) => this.PrintFileStatusUpdate(s, e);

            // Parse user arguments.
            CommandLine.Parser.Default.ParseArguments <SingleCommandFlags>(args).WithParsed <SingleCommandFlags>((cliFlags) => _cliFlags = cliFlags);
        }

Beispiel #9

0

Datei anzeigen

Datei: PcapProcessorTest.cs Projekt: zhouzu/BruteShark

        public void PcapProcessor_ReadTcpPacketsMultipleFiles_ReadSuccess()
        {
            // Arrange.
            var recievedPackets = new List <PcapProcessor.TcpPacket>();
            var processor       = new PcapProcessor.Processor();

            processor.TcpPacketArived +=
                (object sender, TcpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet);

            // Act.
            processor.ProcessPcaps(new List <string>()
            {
                this.HttpSmallFilePath,
                this.TcpFivePacketsFilePath
            });

            // Assert.
            Assert.AreEqual(46, recievedPackets.Count);
        }

Beispiel #10

0

Datei anzeigen

        public MainForm()
        {
            InitializeComponent();

            _files          = new HashSet <string>();
            _cts            = new CancellationTokenSource();
            _networkContext = new CommonUi.NetworkContext();

            // Create the DAL and BLL objects.
            _processor = new PcapProcessor.Processor();
            _sniffer   = new PcapProcessor.Sniffer();
            _analyzer  = new PcapAnalyzer.Analyzer();
            _processor.BuildTcpSessions = true;
            _processor.BuildUdpSessions = true;

            // Contract the events.
            _sniffer.UdpPacketArived               += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
            _sniffer.TcpPacketArived               += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
            _sniffer.TcpSessionArrived             += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
            _sniffer.TcpSessionArrived             += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.TcpSession));
            _sniffer.UdpSessionArrived             += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.UdpSession));
            _processor.UdpPacketArived             += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
            _processor.TcpPacketArived             += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
            _processor.TcpSessionArrived           += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
            _processor.TcpSessionArrived           += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.TcpSession));
            _processor.UdpSessionArrived           += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.UdpSession));
            _processor.FileProcessingStatusChanged += (s, e) => SwitchToMainThreadContext(() => OnFileProcessingStatusChanged(s, e));
            _processor.ProcessingPrecentsChanged   += (s, e) => SwitchToMainThreadContext(() => OnProcessingPrecentsChanged(s, e));
            _processor.ProcessingFinished          += (s, e) => SwitchToMainThreadContext(() => OnProcessingFinished(s, e));
            _analyzer.ParsedItemDetected           += (s, e) => SwitchToMainThreadContext(() => OnParsedItemDetected(s, e));
            _analyzer.UpdatedItemProprertyDetected += (s, e) => SwitchToMainThreadContext(() => OnUpdatedItemProprertyDetected(s, e));

            InitilizeModulesUserControls();
            InitilizeFilesIconsList();
            InitilizeModulesCheckedListBox();
            InitilizeInterfacesComboBox();
            this.modulesTreeView.ExpandAll();
            CheckForUpdates();
        }

C# (CSharp) PcapProcessor Processor Beispiele