public void DetectWithIoNtfs() { var fileInfo = new FileInfo(path); foreach (var alternateDataStream in fileInfo.ListAlternateDataStreams()) { Console.WriteLine("{0} - {1}", alternateDataStream.Name, alternateDataStream.Size); } // Read the "Zone.Identifier" stream, if it exists: if (fileInfo.AlternateDataStreamExists("Zone.Identifier")) { Console.WriteLine("Found zone identifier stream:"); var s = fileInfo.GetAlternateDataStream("Zone.Identifier",FileMode.Open); using (TextReader reader = s.OpenText()) { Console.WriteLine(reader.ReadToEnd()); } } else { Console.WriteLine("No zone identifier stream found."); } }
/// <summary> /// /// </summary> /// <param name="outputPath"></param> /// <param name="autoHttp"></param> /// <param name="autoGzip"></param> /// <param name="maxSize"></param> public PacketReconstructor(string outputPath, long maxSize) { _outputPath = outputPath; _maxSize = maxSize; this.Guid = System.Guid.NewGuid().ToString(); //ResetTcpReassembly(); _packetParsers = new List<InterfaceParser>(); if (Directory.Exists(Path.Combine(_outputPath, Guid.Substring(0,2))) == false) { woanware.IO.CreateDirectory(Path.Combine(_outputPath, Guid.Substring(0,2))); } //if (File.Exists(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")) == false) //{ // File.Create(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")); //} _storage = new System.IO.FileStream(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin"), System.IO.FileMode.Create); FileInfo file = new FileInfo(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")); if (file.AlternateDataStreamExists("html") == false) { _storageHtml = file.GetAlternateDataStream("html").OpenWrite(); } else { AlternateDataStreamInfo s = file.GetAlternateDataStream("html", FileMode.Open); _storageHtml = s.OpenWrite(); } woanware.IO.WriteToFileStream(_storageHtml, Global.HTML_HEADER); }
/// <summary> /// /// </summary> /// <param name="session"></param> /// <param name="fileInfo"></param> private void ProcessUrls(Session session, FileInfo fileInfo) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("info", FileMode.Open); using (TextReader reader = ads.OpenText()) { UrlDetails urlDetails = new UrlDetails(); urlDetails.SrcIp = session.SrcIpText; urlDetails.SrcPort = session.SourcePort; urlDetails.DstIp = session.DstIpText; urlDetails.DstPort = session.DestinationPort; string line; while ((line = reader.ReadLine()) != null) { if (line.StartsWith("LINK: ") == false) { continue; } string url = line.Substring(6); if (urlDetails.Urls.Contains(session.HttpHost + url) == false) { urlDetails.Urls.Add(session.HttpHost + url); } } if (urlDetails.Urls.Count > 0) { string dir = session.SrcIpText + "." + session.SourcePort + "-" + session.DstIpText + "." + session.DestinationPort; if (System.IO.Directory.Exists(System.IO.Path.Combine(this.outputDirectory, dir)) == false) { IO.CreateDirectory(System.IO.Path.Combine(this.outputDirectory, dir)); } urlDetails.Save(System.IO.Path.Combine(this.outputDirectory, dir, "Url.Details." + session.Guid + ".xml")); } } }
/// <summary> /// /// </summary> /// <param name="session"></param> private void LoadSession(Session session) { (new Thread(() => { MethodInvoker methodInvoker = delegate { try { using (new HourGlass(this)) { if (session == null) { UserInterface.DisplayErrorMessageBox(this, "Unable to locate session"); return; } string filePath = System.IO.Path.Combine(this.dataDirectory, session.Guid.Substring(0, 2), session.Guid + ".bin"); if (File.Exists(filePath) == false) { UserInterface.DisplayErrorMessageBox(this, "Session data file does not exist: " + filePath); return; } byte[] temp = File.ReadAllBytes(filePath); DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp); hexBox.ByteProvider = dynamicByteProvider; temp = woanware.Text.ReplaceNulls(temp); FileInfo fileInfo = new FileInfo(filePath); // Colourised (HTML) if (fileInfo.AlternateDataStreamExists("html") == true) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("html", FileMode.Open); using (TextReader reader = ads.OpenText()) { webControl.DocumentText = reader.ReadToEnd(); } } else { webControl.DocumentText = string.Empty; } // ASCII if (fileInfo.AlternateDataStreamExists("txt") == true) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("txt", FileMode.Open); using (TextReader reader = ads.OpenText()) { txtSession.Text = reader.ReadToEnd(); txtSession.ScrollToTop(); } } else { txtSession.Text = ASCIIEncoding.ASCII.GetString(temp); txtSession.ScrollToTop(); } // Info if (fileInfo.AlternateDataStreamExists("info") == true) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("info", FileMode.Open); using (TextReader reader = ads.OpenText()) { txtInfo.Text = reader.ReadToEnd(); txtInfo.ScrollToTop(); } } else { txtInfo.Text = string.Empty; txtInfo.ScrollToTop(); } } } catch (Exception ex) { this.Log().Error(ex.ToString()); } }; if (this.InvokeRequired == true) { this.BeginInvoke(methodInvoker); } else { methodInvoker.Invoke(); } })).Start(); }
static int Main(string[] args) { // parse + validate args: if (args.Length < 2 || args[0] != "x") { WriteUsageAndExit(); } string zipFileName = args.Last(); Console.WriteLine("Processing archive: " + zipFileName); if (!File.Exists(zipFileName)) { Console.WriteLine("Error: cannot find archive: " + zipFileName); return 2; } var destinationDir = (args[1].StartsWith("-o")) ? args[1].Substring(2) : "."; // open archive, prepare vars: ZipFile zipFile = new ZipFile(zipFileName); byte[] buffer = new byte[2048]; int numExtracted = 0, numSkipped = 0; foreach (ZipEntry entry in zipFile) { var combinedPath = Path.Combine(destinationDir, entry.Name); if (entry.IsDirectory) { Directory.CreateDirectory(combinedPath); continue; } if (!entry.IsFile) continue; // skip dirs var fileInfo = new FileInfo(combinedPath); string md5_str = ComputeStreamHash_MD5(zipFile.GetInputStream(entry)); // check if md5 is same as in Alternate stream in existing file: string prev_md5 = TryReadAlternateStream(fileInfo, STREAM_NAME); if (prev_md5 == md5_str && fileInfo.Length == entry.Size) { if (numSkipped++ == 0) Console.WriteLine("Skip unchanged: " + fileInfo.FullName + " (md5 match: "+md5_str + ")"); continue; } if (!fileInfo.Directory.Exists) fileInfo.Directory.Create(); // now extract the file, followed by the alt stream containing MD5: using (FileStream targetFileStr = fileInfo.OpenWrite()) using (var zipStream = zipFile.GetInputStream(entry)) { Console.WriteLine("Extracting file " + fileInfo); StreamUtils.Copy(zipStream, targetFileStr, buffer); } fileInfo.Refresh(); using (FileStream altStream = fileInfo.GetAlternateDataStream(STREAM_NAME, FileMode.CreateNew).OpenWrite()) using (StreamWriter writer = new StreamWriter(altStream)) { //Console.WriteLine("Writing file " + fileInfo + ":" + STREAM_NAME + " = " + md5_str); writer.Write(md5_str); } numExtracted++; } Console.WriteLine("END archive, " + numExtracted +" extracted, " + numSkipped + " skipped"); return 0; }
static string TryReadAlternateStream(FileInfo fileInfo, string streamName) { if (fileInfo.Exists && fileInfo.AlternateDataStreamExists(streamName)) { using (var altStream = fileInfo.GetAlternateDataStream(streamName).OpenText()) { string prev_md5 = altStream.ReadToEnd(); return prev_md5; } } return null; }
/// <summary> /// Output the parsed HTTP data to a HTML file /// </summary> /// <param name="parser"></param> private void SaveToHtml() { FileInfo file = new FileInfo(outputFile); FileStream fs = null; try { if (file.AlternateDataStreamExists("html") == false) { fs = file.GetAlternateDataStream("html").OpenWrite(); } else { // Delete the existing HTML ADS since we will replace it file.DeleteAlternateDataStream("html"); fs = file.GetAlternateDataStream("html").OpenWrite(); } this.parser.WriteToHtmlFile(fs); } finally { if (fs!= null) { fs.Dispose(); } } }
/// <summary> /// /// </summary> /// <param name="guid"></param> private void ParseHttpData(string outputPath, Session session) { //string fileName = string.Empty; //if (File.Exists(System.IO.Path.Combine(outputPath, session.Guid + ".txt")) == true) //{ // fileName = System.IO.Path.Combine(outputPath, session.Guid + ".txt"); //} //else //{ // fileName = System.IO.Path.Combine(outputPath, session.Guid + ".bin"); //} FileInfo file = new FileInfo(this.outputFile); FileStream fs = null; try { // Open up the "info" ADS if (file.AlternateDataStreamExists("info") == false) { fs = file.GetAlternateDataStream("info").OpenWrite(); } else { AlternateDataStreamInfo s = file.GetAlternateDataStream("info", FileMode.Open); fs = s.OpenWrite(); } foreach (Message message in this.parser.Messages) { // Ensure that the response object is valid if (message.Response.StatusCode == 0) { continue; } // Check the Content-Type header? e.g. contains "HTML" if (message.Response.ContentType.IndexOf("text/html", StringComparison.InvariantCultureIgnoreCase) == -1) { continue; } ParseLinks(fs, message.Response); } } finally { if (fs != null) { fs.Dispose(); } } }