public override VisualTransaction[] GetTransactions(IPSession session) { List <HTTPMessage> messages = new List <HTTPMessage>(); foreach (TransactionNode node in session.Nodes) { if (node.Name == "HTTPTransaction") { TransactionNode subNode; subNode = node.FindChild("Request", false); if (subNode != null) { messages.Add(ParseNode(subNode, true)); } subNode = node.FindChild("Response", false); if (subNode != null) { messages.Add(ParseNode(subNode, false)); } subNode = node.FindChild("Response2", false); if (subNode != null) { messages.Add(ParseNode(subNode, false)); } } } return(messages.ToArray()); }
public override bool HandleSession(IPSession session) { logger.AddMessage(String.Format("session.LocalEndpoint.Port={0}, session.RemoteEndpoint.Port={1}", session.LocalEndpoint.Port, session.RemoteEndpoint.Port)); if (session.RemoteEndpoint.Port == MSN_SB_PORT) { return(HandleSwitchboardSession(session)); } PacketStream stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() < 8) { return(false); } List <PacketSlice> lenSlices = new List <PacketSlice>(1); UInt32 len = stream.ReadU32LE(lenSlices); if (len != 4) { return(false); } List <PacketSlice> contentSlices = new List <PacketSlice>(1); string str = stream.ReadCStringASCII((int)len, contentSlices); if (str != "foo") { return(false); } TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic"); magicNode.Description = magicNode.Name; magicNode.AddField("Length", len, "Magic length.", lenSlices); magicNode.AddField("Magic", str, "Magic string.", contentSlices); TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request"); stream = session.GetNextStreamDirection(); TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response"); TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake"); handshakeNode.Description = handshakeNode.Name; handshakeNode.AddChild(requestNode); handshakeNode.AddChild(responseNode); session.AddNode(magicNode); session.AddNode(handshakeNode); ReadAllP2PDirectMessages(session, session.GetNextStreamDirection()); ReadAllP2PDirectMessages(session, session.GetNextStreamDirection()); return(true); }
public override VisualTransaction[] GetTransactions(IPSession session) { List <VisualTransaction> transactions = new List <VisualTransaction>(); session.ResetState(); PacketStream stream1 = session.GetNextStreamDirection(); PacketStream stream2 = session.GetNextStreamDirection(); List <IPPacket> packets = new List <IPPacket>(stream1.Packets.Count + stream2.Packets.Count); packets.AddRange(stream1.Packets); packets.AddRange(stream2.Packets); packets.Sort(); VisualTransaction transaction = null; MemoryStream previewData = new MemoryStream(); int transferred = 0; foreach (IPPacket packet in packets) { if (transaction == null || (transaction != null && packet.Direction != transaction.Direction)) { if (transaction != null) { transaction.AddHeaderField("Size", transferred); byte[] bytes = previewData.ToArray(); transaction.SetBodyFromPreviewData(bytes, bytes.Length); } transaction = new VisualTransaction(packet.Index, packet.Direction, packet.Timestamp); transaction.AddHeaderField("Direction", packet.Direction); transaction.HeaderRowsPerCol = 1; transactions.Add(transaction); previewData.SetLength(0); transferred = 0; } transaction.EndTime = packet.Timestamp; previewData.Write(packet.Bytes, 0, packet.Bytes.Length); transferred += packet.Bytes.Length; } if (transaction != null) { transaction.AddHeaderField("Size", transferred); byte[] bytes = previewData.ToArray(); transaction.SetBodyFromTruncatedPreviewData(bytes, transferred - bytes.Length); } return(transactions.ToArray()); }
public override bool HandleSession(IPSession session) { //List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()]; //foreach(Configuration.Setting setting in settings) // logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value); PacketStream stream = session.GetNextStreamDirection(); if ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort)) { //we're either connected to the standard Oracle port or the redirected port } else { return(false); } while (true) { try { TransactionNode transaction = new TransactionNode("OracleTransaction"); transaction.Description = transaction.Name; TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT); if (tnsNode != null) { transaction.AddChild(tnsNode); } //response stream stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() != 0) { tnsNode = ExtractTNSData(stream, StreamDirection.IN); if (tnsNode != null) { transaction.AddChild(tnsNode); } } if (transaction.Children.Count > 0) { session.AddNode(transaction); } //request stream (if exists) stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() == 0) { break; } } catch (EndOfStreamException) { break; } } return(true); }
public override VisualTransaction[] GetTransactions(IPSession session) { List <VisualTransaction> transactions = new List <VisualTransaction>(session.Events.Count); foreach (TCPEvent ev in session.Events) { VisualTransaction transaction = new VisualTransaction(0, ev.Timestamp); transaction.HeadlineText = ev.ToString(); transactions.Add(transaction); } return(transactions.ToArray()); }
private void ReadAllP2PDirectMessages(IPSession session, PacketStream stream) { while (stream.GetBytesAvailable() > 0) { try { TransactionNode node = ReadNextP2PDirectMessage(stream, "MSNP2PDirectMessage"); session.AddNode(node); } catch (EndOfStreamException e) { logger.AddMessage(String.Format("MSNP2PDirect: EOS at {0} ({1})", stream.Position, e)); break; } } }
public override bool HandleSession(IPSession session) { if (session.RemoteEndpoint == null || session.RemoteEndpoint.Port != XMPP_PORT) { return(false); } PacketStream stream = session.GetNextStreamDirection(); if (stream.PeekStringUTF8(8) != "<stream") { return(false); } // FIXME return(false); }
private List <ScreenItem> CountAllComponents(IEnumerable <IMyInventory> inventories, out bool complete) { List <ScreenItem> items = new List <ScreenItem>(); complete = true; IPSession ipSession = IPSession.Instance; foreach (KeyValuePair <MyDefinitionId, int> c in comps) { MyDefinitionId id = c.Key; int required = c.Value; int need = (int)CountComponents(inventories, id, required); if (need > 0) { complete = false; } items.Add(new ScreenItem(ipSession.GetComponentName(id), required, required - need)); } return(items); }
public override bool HandleSession(IPSession session) { if (session.LocalEndpoint == null || session.LocalEndpoint.Port != 990) { return(false); } this.session = session; stream = session.GetNextStreamDirection(); // The device should send the first DWORD of the handshake if (stream.CurPacket.Direction == PacketDirection.PACKET_DIRECTION_INCOMING) { HandleRapiHandshake(); } if (stream.GetBytesAvailable() >= 4) { HandleRapiSession(); } return(true); }
public abstract bool HandleSession(IPSession session);
// TCP & UDP functions // =================== public static List<IPSession> GetIPSessions() { List<IPSession> sessions = new List<IPSession>(); // IPv4 int dwSize = 0; ERROR error = GetExtendedTcpTable(IntPtr.Zero, ref dwSize, false, FAMILY.AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (error == ERROR.ERROR_INSUFFICIENT_BUFFER) { IntPtr pTcpTable = Marshal.AllocHGlobal(dwSize); error = GetExtendedTcpTable(pTcpTable, ref dwSize, false, FAMILY.AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (error == ERROR.ERROR_SUCCESS) { Table table = (Table)Marshal.PtrToStructure(pTcpTable, typeof(Table)); IntPtr pRow = pTcpTable + Marshal.SizeOf(table.dwNumEntries); for (int i = 0; i < table.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID row = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(pRow, typeof(MIB_TCPROW_OWNER_PID)); IPSession session = new IPSession(); session.SocketID = new IP.SocketID(); session.SocketID.LocalEP = new IPEndPoint(new IPAddress(row.dwLocalAddr), BitConverter.ToUInt16(BitConverter.GetBytes(row.dwLocalPort).Reverse().Skip(2).Take(2).ToArray(), 0)); session.SocketID.RemoteEP = new IPEndPoint(new IPAddress(row.dwRemoteAddr), BitConverter.ToUInt16(BitConverter.GetBytes(row.dwRemotePort).Reverse().Skip(2).Take(2).ToArray(), 0)); session.SocketID.Protocol = IP.ProtocolFamily.TCP; session.State = GetDescription(row.dwState); session.OwningPid = row.dwOwningPid; sessions.Add(session); pRow += Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)); } } Marshal.FreeHGlobal(pTcpTable); } dwSize = 0; error = GetExtendedUdpTable(IntPtr.Zero, ref dwSize, false, FAMILY.AF_INET, UDP_TABLE_CLASS.UDP_TABLE_OWNER_PID, 0); if (error == ERROR.ERROR_INSUFFICIENT_BUFFER) { IntPtr pUdpTable = Marshal.AllocHGlobal(dwSize); error = GetExtendedUdpTable(pUdpTable, ref dwSize, false, FAMILY.AF_INET, UDP_TABLE_CLASS.UDP_TABLE_OWNER_PID, 0); if (error == ERROR.ERROR_SUCCESS) { Table table = (Table)Marshal.PtrToStructure(pUdpTable, typeof(Table)); IntPtr pRow = pUdpTable + Marshal.SizeOf(table.dwNumEntries); for (int i = 0; i < table.dwNumEntries; i++) { MIB_UDPROW_OWNER_PID row = (MIB_UDPROW_OWNER_PID)Marshal.PtrToStructure(pRow, typeof(MIB_UDPROW_OWNER_PID)); IPSession session = new IPSession(); session.SocketID = new IP.SocketID(); session.SocketID.LocalEP = new IPEndPoint(new IPAddress(row.dwLocalAddr), BitConverter.ToUInt16(BitConverter.GetBytes(row.dwLocalPort).Reverse().Skip(2).Take(2).ToArray(), 0)); session.SocketID.RemoteEP = new IPEndPoint(IPAddress.Parse("0.0.0.0"), 0); session.SocketID.Protocol = IP.ProtocolFamily.UDP; session.State = ""; session.OwningPid = row.dwOwningPid; sessions.Add(session); pRow += Marshal.SizeOf(typeof(MIB_UDPROW_OWNER_PID)); } } Marshal.FreeHGlobal(pUdpTable); } // IPv6 dwSize = 0; error = GetExtendedTcpTable(IntPtr.Zero, ref dwSize, false, FAMILY.AF_INET6, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (error == ERROR.ERROR_INSUFFICIENT_BUFFER) { IntPtr pTcpTable = Marshal.AllocHGlobal(dwSize); error = GetExtendedTcpTable(pTcpTable, ref dwSize, false, FAMILY.AF_INET6, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (error == ERROR.ERROR_SUCCESS) { Table table = (Table)Marshal.PtrToStructure(pTcpTable, typeof(Table)); IntPtr pRow = pTcpTable + Marshal.SizeOf(table.dwNumEntries); for (int i = 0; i < table.dwNumEntries; i++) { MIB_TCP6ROW_OWNER_PID row = (MIB_TCP6ROW_OWNER_PID)Marshal.PtrToStructure(pRow, typeof(MIB_TCP6ROW_OWNER_PID)); IPSession session = new IPSession(); session.SocketID = new IP.SocketID(); session.SocketID.LocalEP = new IPEndPoint(new IPAddress(row.ucLocalAddr), BitConverter.ToUInt16(BitConverter.GetBytes(row.dwLocalPort).Reverse().Skip(2).Take(2).ToArray(), 0)); session.SocketID.RemoteEP = new IPEndPoint(new IPAddress(row.ucRemoteAddr), BitConverter.ToUInt16(BitConverter.GetBytes(row.dwRemotePort).Reverse().Skip(2).Take(2).ToArray(), 0)); session.SocketID.Protocol = IP.ProtocolFamily.TCP; session.State = GetDescription(row.dwState); session.OwningPid = row.dwOwningPid; sessions.Add(session); pRow += Marshal.SizeOf(typeof(MIB_TCP6ROW_OWNER_PID)); } } Marshal.FreeHGlobal(pTcpTable); } dwSize = 0; error = GetExtendedUdpTable(IntPtr.Zero, ref dwSize, false, FAMILY.AF_INET6, UDP_TABLE_CLASS.UDP_TABLE_OWNER_PID, 0); if (error == ERROR.ERROR_INSUFFICIENT_BUFFER) { IntPtr pUdpTable = Marshal.AllocHGlobal(dwSize); error = GetExtendedUdpTable(pUdpTable, ref dwSize, false, FAMILY.AF_INET6, UDP_TABLE_CLASS.UDP_TABLE_OWNER_PID, 0); if (error == ERROR.ERROR_SUCCESS) { Table table = (Table)Marshal.PtrToStructure(pUdpTable, typeof(Table)); IntPtr pRow = pUdpTable + Marshal.SizeOf(table.dwNumEntries); for (int i = 0; i < table.dwNumEntries; i++) { MIB_UDP6ROW_OWNER_PID row = (MIB_UDP6ROW_OWNER_PID)Marshal.PtrToStructure(pRow, typeof(MIB_UDP6ROW_OWNER_PID)); IPSession session = new IPSession(); session.SocketID = new IP.SocketID(); session.SocketID.LocalEP = new IPEndPoint(new IPAddress(row.ucLocalAddr), BitConverter.ToUInt16(BitConverter.GetBytes(row.dwLocalPort).Reverse().Skip(2).Take(2).ToArray(), 0)); session.SocketID.RemoteEP = new IPEndPoint(IPAddress.Parse("::"), 0); session.SocketID.Protocol = IP.ProtocolFamily.UDP; session.State = ""; session.OwningPid = row.dwOwningPid; sessions.Add(session); pRow += Marshal.SizeOf(typeof(MIB_UDP6ROW_OWNER_PID)); } } Marshal.FreeHGlobal(pUdpTable); } return sessions; }
public abstract VisualTransaction[] GetTransactions(IPSession session);
public VisualSession(IPSession session) { localEndpoint = session.LocalEndpoint; remoteEndpoint = session.RemoteEndpoint; transactions = new List <VisualTransaction>(); }
public override VisualTransaction[] GetTransactions(IPSession session) { List <VisualTransaction> messages = new List <VisualTransaction>(); char[] bodyTrimChars = new char[] { '\r', '\n' }; foreach (TransactionNode node in session.Nodes) { if (node.Name == "MSNSBCommand") { IPPacket pkt = node.Slices[0].Packet; VisualTransaction vt = new VisualTransaction(node.Index, pkt.Direction, pkt.Timestamp); string headline = (string)node["Command"]; if (node.Fields.ContainsKey("Arguments")) { headline += " " + (string)node["Arguments"]; } vt.HeadlineText = headline; XmlHighlighter highlighter = null; TransactionNode payloadNode = node.FindChild("Payload", false); if (payloadNode != null) { string body = ""; if (payloadNode.Fields.ContainsKey("XML")) { highlighter = new XmlHighlighter(XmlHighlightColorScheme.VisualizationScheme); XmlUtils.PrettyPrint((string)payloadNode["XML"], out body, highlighter); } else if (payloadNode.Fields.ContainsKey("Text")) { body = (string)payloadNode["Text"]; } else if (payloadNode.Fields.ContainsKey("MSNSLP")) { body = (string)payloadNode["MSNSLP"]; } else if (payloadNode.FindChild("Headers") != null) { TransactionNode headersNode = payloadNode.FindChild("Headers"); vt.HeaderRowsPerCol = Int32.MaxValue; foreach (string name in headersNode.Fields.Keys) { vt.AddHeaderField(name, headersNode.Fields[name].ToString()); } TransactionNode bodyNode = payloadNode.FindChild("Body"); if (bodyNode != null) { body = bodyNode.Fields[bodyNode.FieldNames[0]].ToString(); body = body.TrimEnd(bodyTrimChars); } } else { body = String.Format("Unhandled payload format: {0}", (payloadNode.FieldNames.Count > 0) ? payloadNode.FieldNames[0] : payloadNode.Children[0].Name); } vt.BodyText = body; if (highlighter != null) { highlighter.HighlightRichTextBox(vt.BodyBox); } } messages.Add(vt); } } return(messages.ToArray()); }
public override VisualTransaction[] GetTransactions(IPSession session) { List <MSNSessionMessage> messages = new List <MSNSessionMessage>(); Dictionary <UInt32, MSNP2PMessage> messageFromId = new Dictionary <UInt32, MSNP2PMessage>(); foreach (TransactionNode node in session.Nodes) { if (node.Name.StartsWith("MSN")) { TransactionNode chunk = node.FindChild("MSNP2PMessageChunk"); if (chunk != null) { MSNP2PMessage msg; TransactionNode headers = chunk.FindChild("Headers"); UInt32 msgID = (UInt32)headers.Fields["MessageID"]; UInt32 chunkSize = (UInt32)headers.Fields["ChunkSize"]; if (messageFromId.ContainsKey(msgID)) { msg = messageFromId[msgID]; } else { PacketDirection direction = headers.GetSlicesForFieldPath("SessionID")[0].Packet.Direction; UInt32 sessionID = (UInt32)headers.Fields["SessionID"]; UInt32 flags = (UInt32)headers.Fields["Flags"]; UInt64 dataOffset = (UInt64)headers.Fields["DataOffset"]; UInt64 dataSize = (UInt64)headers.Fields["DataSize"]; UInt32 ackedMsgID = (UInt32)headers.Fields["AckedMsgID"]; UInt32 prevAckedMsgID = (UInt32)headers.Fields["PrevAckedMsgID"]; UInt64 ackedDataSize = (UInt64)headers.Fields["AckedDataSize"]; msg = new MSNP2PMessage(chunk.Index, direction, chunk.StartTime, msgID, sessionID, flags, dataOffset, dataSize, ackedMsgID, prevAckedMsgID, ackedDataSize); messages.Add(msg); messageFromId[msgID] = msg; } int maxPreview = 4096; if (msg.Flags == 0x20) { maxPreview = 131072; } if (chunkSize > 0 && msg.Transferred < (ulong)maxPreview) { TransactionNode content = chunk.FindChild("Content"); //string fieldName = (msg.SessionID != 0) ? "Raw" : "MSNSLP"; byte[] bytes = (byte[])content.Fields[content.FieldNames[0]]; int n = bytes.Length; int max = maxPreview - (int)msg.Transferred; if (n > max) { n = max; } msg.PreviewData.Write(bytes, 0, bytes.Length); } msg.EndTime = chunk.EndTime; msg.Transferred += chunkSize; } else { TransactionNode bodyNode = node.FindChild("Payload"); if (bodyNode != null && bodyNode.Fields.ContainsKey("MSNSLP")) { MSNSLPMessage msg = new MSNSLPMessage(bodyNode.Index, bodyNode.GetSlicesForFieldPath("MSNSLP")[0].Packet.Direction, bodyNode.StartTime, (string)bodyNode["MSNSLP"]); messages.Add(msg); } } } } return(messages.ToArray()); }
private bool HandleSwitchboardSession(IPSession session) { List <PacketSlice> slices = new List <PacketSlice>(1); logger.AddMessage(String.Format("\r\n\r\nparsing session with remote endpoint: {0}\r\n", session.RemoteEndpoint)); while (true) { PacketStream stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() == 0) { stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() == 0) { break; } } IPPacket pkt = stream.CurPacket; PacketDirection direction = pkt.Direction; try { string line = stream.PeekLineUTF8(); // Split the line up into CMD and the rest (being arguments, if any) string[] tokens = line.Split(new char[] { ' ' }, 2); logger.AddMessage(String.Format("{0} parsing command '{1}' (line: {2})", (direction == PacketDirection.PACKET_DIRECTION_INCOMING) ? "<<" : ">>", tokens[0], line)); // Set cmd and create an array of arguments if present string cmd = tokens[0]; string[] arguments = new string[0]; if (tokens.Length > 1) { arguments = tokens[1].Split(new char[] { ' ' }); } // Create command node TransactionNode node = new TransactionNode("MSNSBCommand"); node.Description = cmd; // Command field stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices); node.AddField("Command", tokens[0], "Switchboard command.", slices); if (arguments.Length > 0) { // Skip space between command and arguments stream.ReadByte(); stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices); // Arguments fields node.AddField("Arguments", tokens[1], "Arguments to command.", slices); } // Skip CRLF stream.ReadBytes(2); // Is there a payload? bool hasPayload = false; if (arguments.Length > 0) { List <string> payloadCommands = (direction == PacketDirection.PACKET_DIRECTION_OUTGOING) ? payloadCommandsFromClient : payloadCommandsFromServer; hasPayload = payloadCommands.Contains(cmd); } if (hasPayload) { int payloadLength = -1; try { payloadLength = (int)Convert.ToUInt32(arguments[arguments.Length - 1]); } catch (FormatException) { } if (payloadLength > 0) { TransactionNode payloadNode = new TransactionNode(node, "Payload"); logger.AddMessage(String.Format("Parsing {0} bytes of payload", payloadLength)); PayloadFormat format = PayloadFormat.TEXT; string cmdUpper = cmd.ToUpper(); if (payloadCommandFormats.ContainsKey(cmdUpper)) { format = payloadCommandFormats[cmdUpper]; } if (format == PayloadFormat.MESSAGE) { SBParseMSG(stream, payloadNode, payloadLength); } else { string body = stream.ReadStringUTF8(payloadLength, slices); switch (format) { case PayloadFormat.SLP: payloadNode.AddTextField("MSNSLP", body, "MSNSLP data.", slices); break; case PayloadFormat.XML: payloadNode.AddXMLField("XML", body, "XML data.", slices); break; default: payloadNode.AddTextField("Text", body, "Text.", slices); break; } } } } session.AddNode(node); } catch (EndOfStreamException e) { logger.AddMessage(String.Format("MSNSwitchboard: EOS at {0} ({1})", stream.Position, e)); break; } } logger.AddMessage("done with session\r\n\r\n"); return(true); }
public override bool HandleSession(IPSession session) { PacketStream stream = session.GetNextStreamDirection(); string line; try { line = stream.PeekLineUTF8(); } catch (EndOfStreamException) { return(false); } string[] tokens = line.Split(new char[] { ' ' }); if (!tokens[tokens.Length - 1].StartsWith("HTTP/1.")) { return(false); } // At this point it should be safe enough to assume we're // dealing with an HTTP session. while (true) { try { TransactionNode transaction = new TransactionNode("HTTPTransaction"); TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST); transaction.AddChild(request); string desc = request.Description; stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() != 0) { TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE); transaction.AddChild(response); if (response.Fields.ContainsKey("Result") && ((string)response.Fields["Result"]).StartsWith("100 ")) { response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2"); transaction.AddChild(response); } desc += " => " + response.Description; } transaction.Description = desc; session.AddNode(transaction); stream = session.GetNextStreamDirection(); if (stream.GetBytesAvailable() == 0) { break; } } catch (EndOfStreamException) { logger.AddMessage("HTTP premature EOF"); break; } catch (ProtocolError) { logger.AddMessage("HTTP protocol error"); break; } } return(true); }