public void HandlePacket(IPacketProducer source, Packet packet)
{
IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
var msg = new StringBuilder();
msg.Append(packet.Timestamp.ToString("hh:mm:ss.fff"));
msg.Append(" (").Append(packet.Length).Append(") ");
if (tcp.IsValid)
{
msg.Append(ip.Source).Append(":").Append(tcp.SourcePort).Append(" -> ");
msg.Append(ip.Destination).Append(":").Append(tcp.DestinationPort).Append(' ');
if (tcp.Http.IsRequest && ((HttpRequestDatagram)tcp.Http).Method != null)
{
var http = (HttpRequestDatagram)tcp.Http;
msg.Append(http.Method?.Method ?? "???").Append(' ').Append(http.Uri).Append(' ').Append(http.Version);
}
else if (tcp.Http.IsResponse)
{
var http = (HttpResponseDatagram)tcp.Http;
msg.Append(http.StatusCode).Append(' ').Append(http.ReasonPhrase);
}
}
else
{
msg.Append(ip.Source).Append(" -> ").Append(ip.Destination);
}
Console.WriteLine(msg);
}
public void HandlePacket(IPacketProducer source, Packet packet)
{
HttpDatagram http = packet.Ethernet.IpV4.Tcp.Http;
if (http.IsValid && http.IsRequest)
{
var req = (HttpRequestDatagram)http;
if (req.Method?.KnownMethod == HttpRequestKnownMethod.Get)
{
// Compulsory fields for establishing a WebSocket connection
string host = null;
string upgrade = null;
string connection = null;
string secWebsocketKey = null;
string secWebsocketVersion = null;
foreach (HttpField field in req.Header)
{
if (field.Name.Equals("Host", StringComparison.OrdinalIgnoreCase))
{
host = field.ValueString;
}
if (field.Name.Equals("Upgrade", StringComparison.OrdinalIgnoreCase))
{
upgrade = field.ValueString;
}
if (field.Name.Equals("Connection", StringComparison.OrdinalIgnoreCase))
{
connection = field.ValueString;
}
if (field.Name.Equals("Sec-WebSocket-Key", StringComparison.OrdinalIgnoreCase))
{
secWebsocketKey = field.ValueString;
}
if (field.Name.Equals("Sec-WebSocket-Version", StringComparison.OrdinalIgnoreCase))
{
secWebsocketVersion = field.ValueString;
}
//Console.WriteLine($"{field.Name}: {field.ValueString}");
}
if (host != null && upgrade != null && connection != null && secWebsocketKey != null && secWebsocketVersion != null)
{
Console.WriteLine("Starting Recording");
var recorder = new WebSocketRecorder(packet.Ethernet.IpV4);
recorder.HandlePacket(source, packet);
source.AddConsumer(recorder);
}
//WriteLine($"Http Get Detected {host} {upgrade} {connection} {secWebsocketKey} {secWebsocketVersion}");
}
}
}
public void HandlePacket(IPacketProducer source, Packet packet)
{
// Ignore any packets that are not TCP packets on the same stream
IpV4Datagram ip = packet.Ethernet.IpV4;
if (!ip.IsValid)
{
return;
}
TcpDatagram tcp = ip.Tcp;
if (!tcp.IsValid)
{
return;
}
if (ip.Source != _srcIp && ip.Source != _dstIp)
{
return;
}
if (ip.Source == _srcIp && (ip.Destination != _dstIp || tcp.SourcePort != _srcPort || tcp.DestinationPort != _dstPort))
{
return;
}
if (ip.Source == _dstIp && (ip.Destination != _srcIp || tcp.SourcePort != _dstPort || tcp.DestinationPort != _srcPort))
{
return;
}
// Correct stream, save the packet
_packets.Add(packet);
string dir = ip.Source == _srcIp ? "->" : "<-";
Console.Write($"WebSocketRecorder on stream: {_srcIp}:{_srcPort} {dir} {_dstIp}:{_dstPort} ({_packets.Count}) :: ");
if (tcp.Http.IsValid)
{
if (tcp.Http.IsRequest && ((HttpRequestDatagram)tcp.Http).Method?.KnownMethod == HttpRequestKnownMethod.Get)
{
Console.WriteLine("HTTP Upgrade Requested");
return;
}
if (tcp.Http.IsResponse && ((HttpResponseDatagram)tcp.Http).StatusCode == 101)
{
Console.WriteLine("HTTP Upgrade Confirmed");
return;
}
}
// Http.IsValid isn't terribly reliable, if none of the above matches just assume its websocket even if it
// is reporting as valid http
var ws = new WebSocketDatagram(tcp.Payload);
if (ws.IsValid)
{
Console.Write($"Final: {ws.IsFinal}, Masked: {ws.IsMasked}, Opcode: {ws.Opcode}, PayloadLength: {ws.PayloadLength}");
if (ws.Opcode == WebSocketDatagram.OpcodeType.TextFrame)
{
Console.Write(Encoding.UTF8.GetString(ws.UnmaskedPayload));
}
else if (ws.Opcode == WebSocketDatagram.OpcodeType.Close)
{
source.RemoveConsumer(this);
WritePcapFile();
}
Console.WriteLine();
}
else if (tcp.Payload.Length >= 2) // 0 or 1 bytes is a TCP - Keep-Alive packet
{
Console.WriteLine($"Invalid WebSocket packet: {tcp.Payload.Length}");
}
}