/// <summary>
///
/// </summary>
/// <param name="session"></param>
/// <param name="message"></param>
private void ProcessFiles(Session session, Message message)
{
byte[] header1 = woanware.IO.ReadFileHeader(message.Response.TempFile, 4);
if (header1 == null)
{
return;
}
byte[] header2 = null;
if (message.Response.TempFileSize > 520)
{
header2 = woanware.IO.ReadFileHeader(message.Response.TempFile, 6, 512);
}
if (header2 == null)
{
return;
}
foreach (FileSig sig in this.fileSigs)
{
// Do we have a match on file type
if (ByteArrayCompare(sig.Sig, header1) == false)
{
continue;
}
if (sig.OffsetSubHeader > 0)
{
// Do we have a match on file type
if (ByteArrayCompare(sig.SigSubHeader, header2) == false)
{
continue;
}
}
// Now extract the contents
string dir = session.SrcIpText + "." + session.SourcePort + "-" + session.DstIpText + "." + session.DestinationPort;
if (System.IO.Directory.Exists(System.IO.Path.Combine(this.outputDirectory, dir)) == false)
{
IO.CreateDirectory(System.IO.Path.Combine(this.outputDirectory, dir));
}
string fileName = message.Response.GetContentDispositionFileName;
// Cannot determine a file name from the Content
// Disposition HTTP header so lets make one up
if (fileName.Length == 0)
{
fileName = Guid.NewGuid().ToString() + "." + sig.Extension + ".safe";
}
else
{
fileName += ".safe";
}
File.Copy(message.Response.TempFile, System.IO.Path.Combine(this.outputDirectory, dir, fileName), true);
DownloadDetails downloadDetails = new DownloadDetails();
downloadDetails.SrcIp = session.SrcIpText;
downloadDetails.SrcPort = session.SourcePort;
downloadDetails.DstIp = session.DstIpText;
downloadDetails.DstPort = session.DestinationPort;
downloadDetails.File = fileName;
try
{
// Not sure if BufferedStream should be wrapped in using block
using (var stream = new BufferedStream(File.OpenRead(System.IO.Path.Combine(this.outputDirectory, dir, fileName)), 1200000))
{
MD5 md5 = new MD5CryptoServiceProvider();
byte[] hashMd5 = md5.ComputeHash(stream);
downloadDetails.Md5 = woanware.Text.ConvertByteArrayToHexString(hashMd5);
}
}
catch (Exception) { }
downloadDetails.Save(System.IO.Path.Combine(this.outputDirectory, dir, "Download.Details." + fileName + ".xml"));
break;
}
}
/// <summary>
///
/// </summary>
/// <param name="dataDirectory"></param>
/// <param name="outputDirectory"></param>
public void PostProcess(string dataDirectory,
string outputDirectory)
{
CsvConfiguration csvConfiguration = new CsvConfiguration();
csvConfiguration.QuoteAllFields = true;
using (FileStream fileStream = new FileStream(System.IO.Path.Combine(outputDirectory, "File.Hashes.csv"), FileMode.Append, FileAccess.Write, FileShare.Read))
using (StreamWriter streamWriter = new StreamWriter(fileStream))
using (CsvHelper.CsvWriter csvWriter = new CsvHelper.CsvWriter(streamWriter, csvConfiguration))
{
// Now MD5 the files
foreach (string file in System.IO.Directory.EnumerateFiles(outputDirectory,
"*.xml",
SearchOption.AllDirectories))
{
string fileName = System.IO.Path.GetFileName(file);
if (fileName.StartsWith("Download.Details.") == false)
{
continue;
}
DownloadDetails downloadDetails = new DownloadDetails();
string ret = downloadDetails.Load(file);
if (ret.Length == 0)
{
csvWriter.WriteField(downloadDetails.Md5);
csvWriter.WriteField(downloadDetails.File);
csvWriter.WriteField(downloadDetails.SrcIp);
csvWriter.WriteField(downloadDetails.SrcPort);
csvWriter.WriteField(downloadDetails.DstIp);
csvWriter.WriteField(downloadDetails.DstPort);
csvWriter.NextRecord();
}
}
}
}