Example #1
0
        private void HttpRecon(string saveDir, Collection <ExtractConstrain> coll)
        {
            if (!fileLoaded)
            {
                throw new InvalidOperationException("No file has been loaded");
            }

            ReportProgress(ProgressSource.HttpReconstruct, 0, "分析中...");
            using (TcpReassemble tcpre = new TcpReassemble())
            {
                // Reconstruct http files
                HttpReconstructor httpRecon = new HttpReconstructor();
                // Save result to files
                HttpConstrainExtract htf = new HttpConstrainExtract(saveDir);
                if (coll != null)
                {
                    foreach (var cons in coll)
                    {
                        htf.ConstrainCollection.Add(cons);
                    }
                }

                tcpre.ConnectionFinished += (o, e) =>
                {
                    httpRecon.OnConnectionFinished(e.Connection);
                    foreach (var rpy in httpRecon.ResponseList)
                    {
                        htf.OutputContent(rpy);
                    }
                };

                int cnt = 0;
                // Read all packets from file until EOF
                using (PacketCommunicator communicator = dev.Open())
                {
                    communicator.SetFilter("tcp");
                    communicator.ReceivePackets(0, p =>
                    {
                        tcpre.AddPacket(p.Ethernet.IpV4);
                        ReportProgress(ProgressSource.HttpReconstruct,
                                       (int)((double)cnt / plist.Count),
                                       string.Format("分析中...{0}/{1}", ++cnt, plist.Count));
                    });
                }

                ReportProgress(ProgressSource.HttpReconstruct, 100, "完成...打开文件夹...");
            }

            // Open folder
            System.Diagnostics.Process.Start(new System.Diagnostics.ProcessStartInfo()
            {
                UseShellExecute = true,
                FileName        = saveDir,
                Verb            = "open"
            });
        }
Example #2
0
        // Long time operation
        public void TcpStreamReassemble(string saveDir)
        {
            if (!fileLoaded)
            {
                throw new InvalidOperationException("No file has been loaded");
            }


            ReportProgress(ProgressSource.TCPReassemble, 0, "分析中...");
            using (TcpReassemble tcpre = new TcpReassemble())
            {
                // Save complete connections to files
                ConnectionToFile ctf = new ConnectionToFile(saveDir);
                tcpre.ConnectionFinished += (o, e) => ctf.Save(e.Connection);

                int cnt = 0;
                // Read all packets from file until EOF
                using (PacketCommunicator communicator = dev.Open())
                {
                    communicator.SetFilter("tcp");
                    communicator.ReceivePackets(0, p =>
                    {
                        tcpre.AddPacket(p.Ethernet.IpV4);
                        ReportProgress(ProgressSource.TCPReassemble,
                                       (int)((double)cnt / plist.Count),
                                       string.Format("分析中...{0}/{1}", ++cnt, plist.Count));
                    });
                }
            }

            ReportProgress(ProgressSource.TCPReassemble, 100, "完成...打开文件夹...");

            // Open folder
            System.Diagnostics.Process.Start(new System.Diagnostics.ProcessStartInfo()
            {
                UseShellExecute = true,
                FileName        = saveDir,
                Verb            = "open"
            });
        }