示例#1
0
        public void DetectWithIoNtfs()
        {
            var fileInfo = new FileInfo(path);

            foreach (var alternateDataStream in fileInfo.ListAlternateDataStreams())
            {
                Console.WriteLine("{0} - {1}", alternateDataStream.Name, alternateDataStream.Size);
            }

            // Read the "Zone.Identifier" stream, if it exists:
            if (fileInfo.AlternateDataStreamExists("Zone.Identifier"))
            {
                Console.WriteLine("Found zone identifier stream:");

                var s = fileInfo.GetAlternateDataStream("Zone.Identifier",FileMode.Open);
                using (TextReader reader = s.OpenText())
                {
                    Console.WriteLine(reader.ReadToEnd());
                }
            }
            else
            {
                Console.WriteLine("No zone identifier stream found.");
            }
        }
        /// <summary>
        /// 
        /// </summary>
        /// <param name="outputPath"></param>
        /// <param name="autoHttp"></param>
        /// <param name="autoGzip"></param>
        /// <param name="maxSize"></param>
        public PacketReconstructor(string outputPath, 
                                   long maxSize)
        {
            _outputPath = outputPath;
            _maxSize = maxSize;

            this.Guid = System.Guid.NewGuid().ToString();
            //ResetTcpReassembly();

            _packetParsers = new List<InterfaceParser>();

            if (Directory.Exists(Path.Combine(_outputPath, Guid.Substring(0,2))) == false)
            {
                woanware.IO.CreateDirectory(Path.Combine(_outputPath, Guid.Substring(0,2)));
            }

            //if (File.Exists(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")) == false)
            //{
            //    File.Create(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin"));
            //}

            _storage = new System.IO.FileStream(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin"), System.IO.FileMode.Create);

            FileInfo file = new FileInfo(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin"));

            if (file.AlternateDataStreamExists("html") == false)
            {
                _storageHtml = file.GetAlternateDataStream("html").OpenWrite();
            }
            else
            {
                AlternateDataStreamInfo s = file.GetAlternateDataStream("html", FileMode.Open);
                _storageHtml = s.OpenWrite();
            }

            woanware.IO.WriteToFileStream(_storageHtml, Global.HTML_HEADER);
        }
示例#3
0
        /// <summary>
        /// 
        /// </summary>
        public void Start()
        {
            Task task = Task.Factory.StartNew(() =>
            {
                try
                {
                    cancelSource = new CancellationTokenSource();

                    foreach (Session session in this.blockingCollection.GetConsumingEnumerable(cancelSource.Token))
                    {
                        try
                        {
                            string path = System.IO.Path.Combine(this.dataDirectory,
                                                                 session.Guid.Substring(0, 2),
                                                                 session.Guid + ".bin");

                            if (File.Exists(path) == false)
                            {
                                continue;
                            }

                            FileInfo fileInfo = new FileInfo(path);

                            // Info
                            if (fileInfo.AlternateDataStreamExists("info") == false)
                            {
                                continue;
                            }

                            ProcessUrls(session, fileInfo);
                        }
                        catch (Exception) { }
                    }
                }
                catch (OperationCanceledException) { }
                catch (Exception ex)
                {
                    //System.Console.WriteLine(ex.ToString());
                }
                finally
                {
                    OnComplete(Id.ToString());
                }

            }, TaskCreationOptions.LongRunning);
        }
示例#4
0
        /// <summary>
        /// 
        /// </summary>
        /// <param name="session"></param>
        private void LoadSession(Session session)
        {
            (new Thread(() =>
            {
                MethodInvoker methodInvoker = delegate
                {
                    try
                    {
                        using (new HourGlass(this))
                        {
                            if (session == null)
                            {
                                UserInterface.DisplayErrorMessageBox(this, "Unable to locate session");
                                return;
                            }

                            string filePath = System.IO.Path.Combine(this.dataDirectory, session.Guid.Substring(0, 2), session.Guid + ".bin");

                            if (File.Exists(filePath) == false)
                            {
                                UserInterface.DisplayErrorMessageBox(this, "Session data file does not exist: " + filePath);
                                return;
                            }

                            byte[] temp = File.ReadAllBytes(filePath);
                            DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp);
                            hexBox.ByteProvider = dynamicByteProvider;

                            temp = woanware.Text.ReplaceNulls(temp);

                            FileInfo fileInfo = new FileInfo(filePath);

                            // Colourised (HTML)
                            if (fileInfo.AlternateDataStreamExists("html") == true)
                            {
                                AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("html", FileMode.Open);
                                using (TextReader reader = ads.OpenText())
                                {
                                    webControl.DocumentText = reader.ReadToEnd();
                                }
                            }
                            else
                            {
                                webControl.DocumentText = string.Empty;
                            }

                            // ASCII
                            if (fileInfo.AlternateDataStreamExists("txt") == true)
                            {
                                AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("txt", FileMode.Open);
                                using (TextReader reader = ads.OpenText())
                                {
                                    txtSession.Text = reader.ReadToEnd();
                                    txtSession.ScrollToTop();
                                }
                            }
                            else
                            {
                                txtSession.Text = ASCIIEncoding.ASCII.GetString(temp);
                                txtSession.ScrollToTop();
                            }

                            // Info
                            if (fileInfo.AlternateDataStreamExists("info") == true)
                            {
                                AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("info", FileMode.Open);
                                using (TextReader reader = ads.OpenText())
                                {
                                    txtInfo.Text = reader.ReadToEnd();
                                    txtInfo.ScrollToTop();
                                }
                            }
                            else
                            {
                                txtInfo.Text = string.Empty;
                                txtInfo.ScrollToTop();
                            }
                        }
                    }
                    catch (Exception ex)
                    {
                        this.Log().Error(ex.ToString());
                    }
                };

                if (this.InvokeRequired == true)
                {
                    this.BeginInvoke(methodInvoker);
                }
                else
                {
                    methodInvoker.Invoke();
                }

            })).Start();
        }
 static string TryReadAlternateStream(FileInfo fileInfo, string streamName)
 {
     if (fileInfo.Exists && fileInfo.AlternateDataStreamExists(streamName))
     {
         using (var altStream = fileInfo.GetAlternateDataStream(streamName).OpenText())
         {
             string prev_md5 = altStream.ReadToEnd();
             return prev_md5;
         }
     }
     return null;
 }
示例#6
0
        /// <summary>
        /// Output the parsed HTTP data to a HTML file
        /// </summary>
        /// <param name="parser"></param>
        private void SaveToHtml()
        {
            FileInfo file = new FileInfo(outputFile);

            FileStream fs = null;
            try
            {
                if (file.AlternateDataStreamExists("html") == false)
                {
                    fs = file.GetAlternateDataStream("html").OpenWrite();
                }
                else
                {
                    // Delete the existing HTML ADS since we will replace it
                    file.DeleteAlternateDataStream("html");
                    fs = file.GetAlternateDataStream("html").OpenWrite();
                }

                this.parser.WriteToHtmlFile(fs);
            }
            finally
            {
                if (fs!= null)
                {
                    fs.Dispose();
                }
            }
        }
示例#7
0
        /// <summary>
        /// 
        /// </summary>
        /// <param name="guid"></param>
        private void ParseHttpData(string outputPath, Session session)
        {
            //string fileName = string.Empty;
            //if (File.Exists(System.IO.Path.Combine(outputPath, session.Guid + ".txt")) == true)
            //{
            //    fileName = System.IO.Path.Combine(outputPath, session.Guid + ".txt");
            //}
            //else
            //{
            //    fileName = System.IO.Path.Combine(outputPath, session.Guid + ".bin");
            //}

            FileInfo file = new FileInfo(this.outputFile);

            FileStream fs = null;
            try
            {
                // Open up the "info" ADS
                if (file.AlternateDataStreamExists("info") == false)
                {
                    fs = file.GetAlternateDataStream("info").OpenWrite();
                }
                else
                {
                    AlternateDataStreamInfo s = file.GetAlternateDataStream("info", FileMode.Open);
                    fs = s.OpenWrite();
                }

                foreach (Message message in this.parser.Messages)
                {
                    // Ensure that the response object is valid
                    if (message.Response.StatusCode == 0)
                    {
                        continue;
                    }

                    // Check the Content-Type header? e.g. contains "HTML"
                    if (message.Response.ContentType.IndexOf("text/html", StringComparison.InvariantCultureIgnoreCase) == -1)
                    {
                        continue;
                    }

                    ParseLinks(fs, message.Response);
                }
            }
            finally
            {
                if (fs != null)
                {
                    fs.Dispose();
                }
            }
        }