public void HandlePacket(IPacketProducer source, Packet packet) { IpV4Datagram ip = packet.Ethernet.IpV4; TcpDatagram tcp = ip.Tcp; var msg = new StringBuilder(); msg.Append(packet.Timestamp.ToString("hh:mm:ss.fff")); msg.Append(" (").Append(packet.Length).Append(") "); if (tcp.IsValid) { msg.Append(ip.Source).Append(":").Append(tcp.SourcePort).Append(" -> "); msg.Append(ip.Destination).Append(":").Append(tcp.DestinationPort).Append(' '); if (tcp.Http.IsRequest && ((HttpRequestDatagram)tcp.Http).Method != null) { var http = (HttpRequestDatagram)tcp.Http; msg.Append(http.Method?.Method ?? "???").Append(' ').Append(http.Uri).Append(' ').Append(http.Version); } else if (tcp.Http.IsResponse) { var http = (HttpResponseDatagram)tcp.Http; msg.Append(http.StatusCode).Append(' ').Append(http.ReasonPhrase); } } else { msg.Append(ip.Source).Append(" -> ").Append(ip.Destination); } Console.WriteLine(msg); }
public void HandlePacket(IPacketProducer source, Packet packet) { HttpDatagram http = packet.Ethernet.IpV4.Tcp.Http; if (http.IsValid && http.IsRequest) { var req = (HttpRequestDatagram)http; if (req.Method?.KnownMethod == HttpRequestKnownMethod.Get) { // Compulsory fields for establishing a WebSocket connection string host = null; string upgrade = null; string connection = null; string secWebsocketKey = null; string secWebsocketVersion = null; foreach (HttpField field in req.Header) { if (field.Name.Equals("Host", StringComparison.OrdinalIgnoreCase)) { host = field.ValueString; } if (field.Name.Equals("Upgrade", StringComparison.OrdinalIgnoreCase)) { upgrade = field.ValueString; } if (field.Name.Equals("Connection", StringComparison.OrdinalIgnoreCase)) { connection = field.ValueString; } if (field.Name.Equals("Sec-WebSocket-Key", StringComparison.OrdinalIgnoreCase)) { secWebsocketKey = field.ValueString; } if (field.Name.Equals("Sec-WebSocket-Version", StringComparison.OrdinalIgnoreCase)) { secWebsocketVersion = field.ValueString; } //Console.WriteLine($"{field.Name}: {field.ValueString}"); } if (host != null && upgrade != null && connection != null && secWebsocketKey != null && secWebsocketVersion != null) { Console.WriteLine("Starting Recording"); var recorder = new WebSocketRecorder(packet.Ethernet.IpV4); recorder.HandlePacket(source, packet); source.AddConsumer(recorder); } //WriteLine($"Http Get Detected {host} {upgrade} {connection} {secWebsocketKey} {secWebsocketVersion}"); } } }
public void HandlePacket(IPacketProducer source, Packet packet) { // Ignore any packets that are not TCP packets on the same stream IpV4Datagram ip = packet.Ethernet.IpV4; if (!ip.IsValid) { return; } TcpDatagram tcp = ip.Tcp; if (!tcp.IsValid) { return; } if (ip.Source != _srcIp && ip.Source != _dstIp) { return; } if (ip.Source == _srcIp && (ip.Destination != _dstIp || tcp.SourcePort != _srcPort || tcp.DestinationPort != _dstPort)) { return; } if (ip.Source == _dstIp && (ip.Destination != _srcIp || tcp.SourcePort != _dstPort || tcp.DestinationPort != _srcPort)) { return; } // Correct stream, save the packet _packets.Add(packet); string dir = ip.Source == _srcIp ? "->" : "<-"; Console.Write($"WebSocketRecorder on stream: {_srcIp}:{_srcPort} {dir} {_dstIp}:{_dstPort} ({_packets.Count}) :: "); if (tcp.Http.IsValid) { if (tcp.Http.IsRequest && ((HttpRequestDatagram)tcp.Http).Method?.KnownMethod == HttpRequestKnownMethod.Get) { Console.WriteLine("HTTP Upgrade Requested"); return; } if (tcp.Http.IsResponse && ((HttpResponseDatagram)tcp.Http).StatusCode == 101) { Console.WriteLine("HTTP Upgrade Confirmed"); return; } } // Http.IsValid isn't terribly reliable, if none of the above matches just assume its websocket even if it // is reporting as valid http var ws = new WebSocketDatagram(tcp.Payload); if (ws.IsValid) { Console.Write($"Final: {ws.IsFinal}, Masked: {ws.IsMasked}, Opcode: {ws.Opcode}, PayloadLength: {ws.PayloadLength}"); if (ws.Opcode == WebSocketDatagram.OpcodeType.TextFrame) { Console.Write(Encoding.UTF8.GetString(ws.UnmaskedPayload)); } else if (ws.Opcode == WebSocketDatagram.OpcodeType.Close) { source.RemoveConsumer(this); WritePcapFile(); } Console.WriteLine(); } else if (tcp.Payload.Length >= 2) // 0 or 1 bytes is a TCP - Keep-Alive packet { Console.WriteLine($"Invalid WebSocket packet: {tcp.Payload.Length}"); } }