public void PcapProcessor_identifyPcapFileFormat() { var processor = new PcapProcessor.Processor(); Assert.AreEqual(true, processor.IsPcapFile(this.HttpSmallFilePath)); Assert.AreEqual(false, processor.IsPcapFile(this.PcapNGFile)); }
public SingleCommandRunner(Analyzer analyzer, Processor processor, Sniffer sniffer, string[] args) { _sniffer = sniffer; _analyzer = analyzer; _processor = processor; _files = new List <string>(); _hashes = new HashSet <PcapAnalyzer.NetworkHash>(); _connections = new HashSet <PcapAnalyzer.NetworkConnection>(); _passwords = new HashSet <NetworkPassword>(); _extractedFiles = new HashSet <NetworkFile>(); _voipCalls = new HashSet <CommonUi.VoipCall>(); _dnsMappings = new HashSet <PcapAnalyzer.DnsNameMapping>(); _analyzer.ParsedItemDetected += OnParsedItemDetected; _analyzer.UpdatedItemProprertyDetected += UpdatedPropertyInItemDetected; _processor.ProcessingFinished += (s, e) => this.ExportResults(); _processor.FileProcessingStatusChanged += (s, e) => this.PrintFileStatusUpdate(s, e); // This is done to catch Ctrl + C key press by the user. Console.CancelKeyPress += (s, e) => { this.ExportResults(); Environment.Exit(0); }; // Parse user arguments. CommandLine.Parser.Default.ParseArguments <SingleCommandFlags>(args).WithParsed <SingleCommandFlags>((cliFlags) => _cliFlags = cliFlags); }
public CliShell(PcapAnalyzer.Analyzer analyzer, PcapProcessor.Processor processor, Sniffer sniffer, string seperator = ">") { _sniffer = sniffer; _tcpPacketsCount = 0; _udpPacketsCount = 0; _udpStreamsCount = 0; _tcpSessionsCount = 0; liveCapture = false; this.Seperator = seperator; _printingLock = new object(); _files = new List <string>(); _networkDevice = null; _processor = processor; _analyzer = analyzer; _analyzer.ParsedItemDetected += OnParsedItemDetected; _processor.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount(); _processor.UdpPacketArived += (s, e) => this.UpdateUdpPacketsCount(); _processor.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount(); _processor.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount(); sniffer.TcpPacketArived += (s, e) => this.UpdateTcpPacketsCount(); sniffer.UdpPacketArived += (s, e) => this.UpdateUdpPacketsCount(); sniffer.TcpSessionArrived += (s, e) => this.UpdateTcpSessionsCount(); sniffer.UdpSessionArrived += (s, e) => this.UpdateUdpStreamsCount(); _hashes = new HashSet <PcapAnalyzer.NetworkHash>(); _passwords = new HashSet <PcapAnalyzer.NetworkPassword>(); _connections = new HashSet <PcapAnalyzer.NetworkConnection>(); this._commands = new List <CliShellCommand>(); AddCommand(new CliShellCommand("add-file", p => AddFile(p), "Add file to analyze. Usage: add-file <FILE-PATH>")); AddCommand(new CliShellCommand("start", p => StartAnalyzing(), "Start analyzing")); AddCommand(new CliShellCommand("show-passwords", p => PrintPasswords(), "Print passwords.")); AddCommand(new CliShellCommand("show-modules", p => PrintModules(), "Print modules.")); AddCommand(new CliShellCommand("show-hashes", p => PrintHashes(), "Print Hashes")); AddCommand(new CliShellCommand("show-networkmap", p => PrintNetworkMap(), "Prints the network map as a json string. Usage: show-networkmap")); AddCommand(new CliShellCommand("export-hashes", p => Utilities.ExportHashes(p, _hashes), "Export all Hashes to Hascat format input files. Usage: export-hashes <OUTPUT-DIRECTORY>")); AddCommand(new CliShellCommand("capture-from-device", p => InitLiveCapture(p), "Capture live traffic from a network device, Usage: capture-from-device <device-name>")); AddCommand(new CliShellCommand("capture-promiscious-mode", p => sniffer.PromisciousMode = true, "Capture live traffic from a network device on promiscious mode (requires superuser privileges, default is normal mode)")); AddCommand(new CliShellCommand("set-captrue-filter", p => VerifyFilter(p), "Set a capture filter to the live traffic capture(filters must be bpf syntax filters)")); AddCommand(new CliShellCommand("show-network-devices", p => PrintNetworkDevices(), "Show the available network devices for live capture")); AddCommand(new CliShellCommand("export-networkmap", p => CommonUi.Exporting.ExportNetworkMap(p, _connections), "Export network map to a json file for neo4j. Usage: export-networkmap <OUTPUT-file>")); // Add the help command this.AddCommand(new CliShellCommand( "help", param => this.PrintCommandsWithDescription(), "Print help menu")); // Add the exit command this.AddCommand(new CliShellCommand( "exit", param => this._exit = true, "Exit CLI")); LoadModules(_analyzer.AvailableModulesNames); }
public MainForm() { InitializeComponent(); _files = new HashSet <string>(); _cts = new CancellationTokenSource(); _connections = new HashSet <PcapAnalyzer.NetworkConnection>(); // Create the DAL and BLL objects. _processor = new PcapProcessor.Processor(); _sniffer = new PcapProcessor.Sniffer(); _analyzer = new PcapAnalyzer.Analyzer(); _processor.BuildTcpSessions = true; _processor.BuildUdpSessions = true; // Create the user controls. _networkMapUserControl = new NetworkMapUserControl(); _networkMapUserControl.Dock = DockStyle.Fill; _sessionsExplorerUserControl = new SessionsExplorerUserControl(); _sessionsExplorerUserControl.Dock = DockStyle.Fill; _hashesUserControl = new HashesUserControl(); _hashesUserControl.Dock = DockStyle.Fill; _passwordsUserControl = new GenericTableUserControl(); _passwordsUserControl.Dock = DockStyle.Fill; _filesUserControl = new FilesUserControl(); _filesUserControl.Dock = DockStyle.Fill; _dnsResponseUserControl = new DnsResponseUserControl(); _dnsResponseUserControl.Dock = DockStyle.Fill; _voipCallsUserControl = new VoipCallsUserControl(); _voipCallsUserControl.Dock = DockStyle.Fill; // Contract the events. _sniffer.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet)); _sniffer.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet)); _sniffer.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession)); _sniffer.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorTcpSessionToBruteSharkDesktopTcpSession(e.TcpSession))); _sniffer.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorUdpSessionToBruteSharkDesktopUdpSession(e.UdpSession))); _processor.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet)); _processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet)); _processor.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession)); _processor.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorTcpSessionToBruteSharkDesktopTcpSession(e.TcpSession))); _processor.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorUdpSessionToBruteSharkDesktopUdpSession(e.UdpSession))); _processor.FileProcessingStatusChanged += (s, e) => SwitchToMainThreadContext(() => OnFileProcessingStatusChanged(s, e)); _processor.ProcessingPrecentsChanged += (s, e) => SwitchToMainThreadContext(() => OnProcessingPrecentsChanged(s, e)); _processor.ProcessingFinished += (s, e) => SwitchToMainThreadContext(() => OnProcessingFinished(s, e)); _analyzer.ParsedItemDetected += (s, e) => SwitchToMainThreadContext(() => OnParsedItemDetected(s, e)); _analyzer.UpdatedItemProprertyDetected += (s, e) => SwitchToMainThreadContext(() => OnUpdatedItemProprertyDetected(s, e)); InitilizeFilesIconsList(); InitilizeModulesCheckedListBox(); InitilizeInterfacesComboBox(); this.modulesTreeView.ExpandAll(); }
public void PcapProcessor_ReadTcpPackets_ReadSuccess() { // Arrange. var recievedPackets = new List <PcapProcessor.TcpPacket>(); var processor = new PcapProcessor.Processor(); processor.TcpPacketArived += (object sender, TcpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet); // Act. processor.ProcessPcap(this.TcpFivePacketsFilePath); // Assert. Assert.AreEqual(5, recievedPackets.Count); }
public void PcapProcessor_ReadUdpPackets_ReadSuccess() { // Arrange. var recievedPackets = new List <PcapProcessor.UdpPacket>(); var processor = new PcapProcessor.Processor(); processor.UdpPacketArived += (object sender, UdpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet); // Act. processor.ProcessPcap(this.UdpFilePath); // Assert (the file has 32 packets). Assert.AreEqual(32, recievedPackets.Count); }
public BruteSharkCli(string[] args) { _args = args; _processor = new PcapProcessor.Processor(); _analyzer = new PcapAnalyzer.Analyzer(); // TODO: create command for this. _processor.BuildTcpSessions = true; _processor.BuildUdpSessions = true; // Contract the events. _processor.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet)); _processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet)); _processor.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession)); _processor.UdpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpStreamToAnalyzerUdpStream(e.UdpSession)); }
public SingleCommandRunner(Analyzer analyzer, Processor processor, string[] args) { _analyzer = analyzer; _processor = processor; _files = new List <string>(); _hashes = new HashSet <NetworkHash>(); _connections = new HashSet <PcapAnalyzer.NetworkConnection>(); _passwords = new HashSet <NetworkPassword>(); _extractedFiles = new HashSet <NetworkFile>(); _analyzer.ParsedItemDetected += OnParsedItemDetected; _processor.ProcessingFinished += (s, e) => this.ExportResults(); _processor.FileProcessingStatusChanged += (s, e) => this.PrintFileStatusUpdate(s, e); // Parse user arguments. CommandLine.Parser.Default.ParseArguments <SingleCommandFlags>(args).WithParsed <SingleCommandFlags>((cliFlags) => _cliFlags = cliFlags); }
public void PcapProcessor_ReadTcpPacketsMultipleFiles_ReadSuccess() { // Arrange. var recievedPackets = new List <PcapProcessor.TcpPacket>(); var processor = new PcapProcessor.Processor(); processor.TcpPacketArived += (object sender, TcpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet); // Act. processor.ProcessPcaps(new List <string>() { this.HttpSmallFilePath, this.TcpFivePacketsFilePath }); // Assert. Assert.AreEqual(46, recievedPackets.Count); }
public MainForm() { InitializeComponent(); _files = new HashSet <string>(); _cts = new CancellationTokenSource(); _networkContext = new CommonUi.NetworkContext(); // Create the DAL and BLL objects. _processor = new PcapProcessor.Processor(); _sniffer = new PcapProcessor.Sniffer(); _analyzer = new PcapAnalyzer.Analyzer(); _processor.BuildTcpSessions = true; _processor.BuildUdpSessions = true; // Contract the events. _sniffer.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet)); _sniffer.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet)); _sniffer.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession)); _sniffer.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.TcpSession)); _sniffer.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.UdpSession)); _processor.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet)); _processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet)); _processor.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession)); _processor.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.TcpSession)); _processor.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.UdpSession)); _processor.FileProcessingStatusChanged += (s, e) => SwitchToMainThreadContext(() => OnFileProcessingStatusChanged(s, e)); _processor.ProcessingPrecentsChanged += (s, e) => SwitchToMainThreadContext(() => OnProcessingPrecentsChanged(s, e)); _processor.ProcessingFinished += (s, e) => SwitchToMainThreadContext(() => OnProcessingFinished(s, e)); _analyzer.ParsedItemDetected += (s, e) => SwitchToMainThreadContext(() => OnParsedItemDetected(s, e)); _analyzer.UpdatedItemProprertyDetected += (s, e) => SwitchToMainThreadContext(() => OnUpdatedItemProprertyDetected(s, e)); InitilizeModulesUserControls(); InitilizeFilesIconsList(); InitilizeModulesCheckedListBox(); InitilizeInterfacesComboBox(); this.modulesTreeView.ExpandAll(); CheckForUpdates(); }