HTTP Gzip decrypt operation

2025-05-07 15:07:11 -04:00 · 2017-07-04 15:40:02 +01:00 · 2017-07-04 15:40:02 +01:00 · 3b3e0fcd76
commit 3b3e0fcd76
parent 85d41085de
4 changed files with 30 additions and 0 deletions
--- a/package.json
+++ b/package.json
@ -80,6 +80,7 @@
    "lodash": "^4.17.4",
    "moment": "^2.17.1",
    "moment-timezone": "^0.5.11",
+    "pako": "^1.0.5",
    "sladex-blowfish": "^0.8.1",
    "sortablejs": "^1.5.1",
    "split.js": "^1.2.0",
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@ -130,6 +130,7 @@ const Categories = [
        ops: [
            "HTTP request",
            "Strip HTTP headers",
+            "HTTP gzip decrypt",
            "Parse User Agent",
            "Parse IP range",
            "Parse IPv6 address",
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@ -1678,6 +1678,13 @@ const OperationConfig = {
        outputType: "string",
        args: []
    },
+    "HTTP gzip decrypt": {
+        description: "Decrypts Gzip payload from a request or response and returning plaintext of the header and decrypted payload.",
+        run: Compress.runHttpGzip,
+        inputType: "byteArray",
+        outputType: "byteArray",
+        args: []
+    },
    "Parse User Agent": {
        description: "Attempts to identify and categorise information contained in a user-agent string.",
        run: HTTP.runParseUserAgent,
--- a/src/core/operations/Compress.js
+++ b/src/core/operations/Compress.js
@ -5,6 +5,7 @@ import zlibAndGzip from "zlibjs/bin/zlib_and_gzip.min";
 import zip from "zlibjs/bin/zip.min";
 import unzip from "zlibjs/bin/unzip.min";
 import bzip2 from "exports-loader?bzip2!../lib/bzip2.js";
+import pako from "pako/index.js";

 const Zlib = {
    RawDeflate: rawdeflate.Zlib.RawDeflate,
@ -254,6 +255,26 @@ const Compress = {
    },


+    /**
+     * HTTP Gzip operation.
+     *
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {byteArray}
+     */
+    runHttpGzip: function(input, args) {
+        input = Utils.byteArrayToHex(input, "");
+
+        let regexStr = /1f8b080[0-8][0-9a-f]{12}/;
+        let gzipPos = input.search(regexStr);
+        let plainData = input.substr(0, gzipPos);
+        let gzipData = input.substr(gzipPos);
+
+        gzipData = Utils.hexToByteArray(gzipData);
+        return Utils.hexToByteArray(plainData).concat(Array.prototype.slice.call(pako.ungzip(gzipData)));
+    },
+
+
    /**
     * @constant
     * @default