Beispiel #1
0
        public override bool HandleSession(IPSession session) {
            //List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()];
            //foreach(Configuration.Setting setting in settings)
            //    logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value);
            PacketStream stream = session.GetNextStreamDirection();
            if (session.RemoteEndpoint != null && ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort))) {
                //we're either connected to the standard Oracle port or the redirected port
            }else
                return false;
            while (true) {
                try {
                    TransactionNode transaction = new TransactionNode("OracleTransaction");
                    transaction.Description = transaction.Name;
                    TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT);
                    if(tnsNode != null)
                        transaction.AddChild(tnsNode);  
                    //response stream
                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() != 0) {
                        tnsNode = ExtractTNSData(stream, StreamDirection.IN);

                        if(tnsNode != null)
                            transaction.AddChild(tnsNode);
                    }
                    if(transaction.Children.Count > 0)
                        session.AddNode(transaction);
                    //request stream (if exists)
                    stream = session.GetNextStreamDirection();

                    if(stream.GetBytesAvailable() == 0)
                        break;
                } catch (EndOfStreamException) {
                    break;
                }

            }
            return true;
        }
Beispiel #2
0
        private bool HandleSwitchboardSession(IPSession session)
        {
            List<PacketSlice> slices = new List<PacketSlice>(1);

            logger.AddMessage(String.Format("\r\n\r\nparsing session with remote endpoint: {0}\r\n", session.RemoteEndpoint));

            while (true)
            {
                PacketStream stream = session.GetNextStreamDirection();

                if (stream.GetBytesAvailable() == 0)
                {
                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() == 0)
                    {
                        break;
                    }
                }

                IPPacket pkt = stream.CurPacket;
                PacketDirection direction = pkt.Direction;
                
                try
                {
                    string line = stream.PeekLineUTF8();

                    // Split the line up into CMD and the rest (being arguments, if any)
                    string[] tokens = line.Split(new char[] { ' ' }, 2);

                    logger.AddMessage(String.Format("{0} parsing command '{1}' (line: {2})",
                        (direction == PacketDirection.PACKET_DIRECTION_INCOMING) ? "<<" : ">>",
                        tokens[0], line));

                    // Set cmd and create an array of arguments if present
                    string cmd = tokens[0];
                    string[] arguments = new string[0];
                    if (tokens.Length > 1)
                    {
                        arguments = tokens[1].Split(new char[] { ' ' });
                    }

                    // Create command node
                    TransactionNode node = new TransactionNode("MSNSBCommand");
                    node.Description = cmd;

                    // Command field
                    stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
                    node.AddField("Command", tokens[0], "Switchboard command.", slices);

                    if (arguments.Length > 0)
                    {
                        // Skip space between command and arguments
                        stream.ReadByte();

                        stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);

                        // Arguments fields
                        node.AddField("Arguments", tokens[1], "Arguments to command.", slices);
                    }

                    // Skip CRLF
                    stream.ReadBytes(2);

                    // Is there a payload?
                    bool hasPayload = false;
                    if (arguments.Length > 0)
                    {
                        List<string> payloadCommands =
                            (direction == PacketDirection.PACKET_DIRECTION_OUTGOING) ? payloadCommandsFromClient : payloadCommandsFromServer;

                        hasPayload = payloadCommands.Contains(cmd);
                    }

                    if (hasPayload)
                    {
                        int payloadLength = -1;

                        try
                        {
                            payloadLength = (int)Convert.ToUInt32(arguments[arguments.Length - 1]);
                        }
                        catch (FormatException)
                        {
                        }

                        if (payloadLength > 0)
                        {
                            TransactionNode payloadNode = new TransactionNode(node, "Payload");

                            logger.AddMessage(String.Format("Parsing {0} bytes of payload", payloadLength));

                            PayloadFormat format = PayloadFormat.TEXT;

                            string cmdUpper = cmd.ToUpper();
                            if (payloadCommandFormats.ContainsKey(cmdUpper))
                                format = payloadCommandFormats[cmdUpper];

                            if (format == PayloadFormat.MESSAGE)
                            {
                                SBParseMSG(stream, payloadNode, payloadLength);
                            }
                            else
                            {
                                string body = stream.ReadStringUTF8(payloadLength, slices);

                                switch (format)
                                {
                                    case PayloadFormat.SLP:
                                        payloadNode.AddTextField("MSNSLP", body, "MSNSLP data.", slices);
                                        break;
                                    case PayloadFormat.XML:
                                        payloadNode.AddXMLField("XML", body, "XML data.", slices);
                                        break;
                                    default:
                                        payloadNode.AddTextField("Text", body, "Text.", slices);
                                        break;
                                }
                            }
                        }
                    }

                    session.AddNode(node);
                }
                catch (EndOfStreamException e)
                {
                    logger.AddMessage(String.Format("MSNSwitchboard: EOS at {0} ({1})", stream.Position, e));
                    break;
                }
            }

            logger.AddMessage("done with session\r\n\r\n");

            return true;
        }
Beispiel #3
0
        public override bool HandleSession(IPSession session)
        {
            logger.AddMessage(String.Format("session.LocalEndpoint={0}, session.RemoteEndpoint={1}",
                session.LocalEndpoint, session.RemoteEndpoint));
            if (session.RemoteEndpoint != null && session.RemoteEndpoint.Port == MSN_SB_PORT)
                return HandleSwitchboardSession(session);

            PacketStream stream = session.GetNextStreamDirection();

            if (stream.GetBytesAvailable() < 8)
                return false;

            List<PacketSlice> lenSlices = new List<PacketSlice>(1);
            UInt32 len = stream.ReadU32LE(lenSlices);
            if (len != 4)
                return false;

            List<PacketSlice> contentSlices = new List<PacketSlice>(1);
            string str = stream.ReadCStringASCII((int) len, contentSlices);
            if (str != "foo")
                return false;

            TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic");
            magicNode.Description = magicNode.Name;

            magicNode.AddField("Length", len, "Magic length.", lenSlices);
            magicNode.AddField("Magic", str, "Magic string.", contentSlices);

            TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request");

            stream = session.GetNextStreamDirection();
            TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response");

            TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake");
            handshakeNode.Description = handshakeNode.Name;
            handshakeNode.AddChild(requestNode);
            handshakeNode.AddChild(responseNode);

            session.AddNode(magicNode);
            session.AddNode(handshakeNode);

            ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
            ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());

            return true;
        }
Beispiel #4
0
 private void ReadAllP2PDirectMessages(IPSession session, PacketStream stream)
 {
     while (stream.GetBytesAvailable() > 0)
     {
         try
         {
             TransactionNode node = ReadNextP2PDirectMessage(stream, "MSNP2PDirectMessage");
             session.AddNode(node);
         }
         catch (EndOfStreamException e)
         {
             logger.AddMessage(String.Format("MSNP2PDirect: EOS at {0} ({1})", stream.Position, e));
             break;
         }
     }
 }
Beispiel #5
0
        public override bool HandleSession(IPSession session)
        {
            PacketStream stream = session.GetNextStreamDirection();
            string line;

            try
            {
                line = stream.PeekLineUTF8();
            }
            catch (EndOfStreamException)
            {
                return false;
            }

            string[] tokens = line.Split(new char[] { ' ' });
            if (!tokens[tokens.Length - 1].StartsWith("HTTP/1."))
            {
                return false;
            }

            // At this point it should be safe enough to assume we're
            // dealing with an HTTP session.

            while (true)
            {
                try
                {
                    TransactionNode transaction = new TransactionNode("HTTPTransaction");

                    TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST);
                    transaction.AddChild(request);

                    string desc = request.Description;

                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() != 0)
                    {
                        TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE);
                        transaction.AddChild(response);

                        if (response.Fields.ContainsKey("Result") &&
                            ((string)response.Fields["Result"]).StartsWith("100 "))
                        {
                            response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2");
                            transaction.AddChild(response);
                        }

                        desc += " => " + response.Description;
                    }

                    transaction.Description = desc;

                    session.AddNode(transaction);

                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() == 0)
                        break;
                }
                catch (EndOfStreamException)
                {
                    logger.AddMessage("HTTP premature EOF");
                    break;
                }
                catch (ProtocolError)
                {
                    logger.AddMessage("HTTP protocol error");
                    break;
                }
            }

            return true;
        }