From 3b3e0fcd76327881424cb38dda1454dee2baef48 Mon Sep 17 00:00:00 2001
From: "windhamwong@nva-hk.com" <windhamwong@nva-hk.com>
Date: Tue, 4 Jul 2017 15:40:02 +0100
Subject: [PATCH] HTTP Gzip decrypt operation

---
 package.json                       |  1 +
 src/core/config/Categories.js      |  1 +
 src/core/config/OperationConfig.js |  7 +++++++
 src/core/operations/Compress.js    | 21 +++++++++++++++++++++
 4 files changed, 30 insertions(+)

diff --git a/package.json b/package.json
index 826b38d9..1197d73e 100644
--- a/package.json
+++ b/package.json
@@ -80,6 +80,7 @@
     "lodash": "^4.17.4",
     "moment": "^2.17.1",
     "moment-timezone": "^0.5.11",
+    "pako": "^1.0.5",
     "sladex-blowfish": "^0.8.1",
     "sortablejs": "^1.5.1",
     "split.js": "^1.2.0",
diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js
index ef88c524..2945261b 100755
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@@ -130,6 +130,7 @@ const Categories = [
         ops: [
             "HTTP request",
             "Strip HTTP headers",
+            "HTTP gzip decrypt",
             "Parse User Agent",
             "Parse IP range",
             "Parse IPv6 address",
diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js
index f8d9fe6d..e0eb3570 100755
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@@ -1678,6 +1678,13 @@ const OperationConfig = {
         outputType: "string",
         args: []
     },
+    "HTTP gzip decrypt": {
+        description: "Decrypts Gzip payload from a request or response and returning plaintext of the header and decrypted payload.",
+        run: Compress.runHttpGzip,
+        inputType: "byteArray",
+        outputType: "byteArray",
+        args: []
+    },
     "Parse User Agent": {
         description: "Attempts to identify and categorise information contained in a user-agent string.",
         run: HTTP.runParseUserAgent,
diff --git a/src/core/operations/Compress.js b/src/core/operations/Compress.js
index 020d40cf..cc7ef45f 100755
--- a/src/core/operations/Compress.js
+++ b/src/core/operations/Compress.js
@@ -5,6 +5,7 @@ import zlibAndGzip from "zlibjs/bin/zlib_and_gzip.min";
 import zip from "zlibjs/bin/zip.min";
 import unzip from "zlibjs/bin/unzip.min";
 import bzip2 from "exports-loader?bzip2!../lib/bzip2.js";
+import pako from "pako/index.js";
 
 const Zlib = {
     RawDeflate: rawdeflate.Zlib.RawDeflate,
@@ -254,6 +255,26 @@ const Compress = {
     },
 
 
+    /**
+     * HTTP Gzip operation.
+     *
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {byteArray}
+     */
+    runHttpGzip: function(input, args) {
+        input = Utils.byteArrayToHex(input, "");
+
+        let regexStr = /1f8b080[0-8][0-9a-f]{12}/;
+        let gzipPos = input.search(regexStr);
+        let plainData = input.substr(0, gzipPos);
+        let gzipData = input.substr(gzipPos);
+
+        gzipData = Utils.hexToByteArray(gzipData);
+        return Utils.hexToByteArray(plainData).concat(Array.prototype.slice.call(pako.ungzip(gzipData)));
+    },
+
+
     /**
      * @constant
      * @default