diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js index 3d48bda3..640f864b 100755 --- a/src/core/config/Categories.js +++ b/src/core/config/Categories.js @@ -303,6 +303,7 @@ const Categories = [ ops: [ "From Tcpdump", "HTTP gzip Decrypt", + "Strip TCP Headers", ] }, { diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js index 6e477617..3b866a60 100755 --- a/src/core/config/OperationConfig.js +++ b/src/core/config/OperationConfig.js @@ -35,6 +35,7 @@ import StrUtils from "../operations/StrUtils.js"; import Tidy from "../operations/Tidy.js"; import Unicode from "../operations/Unicode.js"; import URL_ from "../operations/URL.js"; +import Packets from "../operations/Packets.js"; /** * Type definition for an OpConf. @@ -673,13 +674,6 @@ const OperationConfig = { } ] }, - "From Tcpdump": { - module: "Packets", - description: "[DEPRECATED] Converts Tcpdump hex to string", - inputType: "string", - outputType: "byteArray", - args: [] - }, "From Hexdump": { module: "Default", description: "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.", @@ -3876,6 +3870,36 @@ const OperationConfig = { } ] }, + "From Tcpdump": { + module: "Packets", + description: "[DEPRECATED] Converts Tcpdump hex to string", + inputType: "string", + outputType: "byteArray", + args: [] + }, + "Strip TCP Headers": { + module: "Packets", + description: "Remove selected TCP headers from hexstream", + inputType: "string", + outputType: "string", + args: [ + { + name: "Ethernet Header", + type: "boolean", + value: Packets.STRIP_ETHERNET_HEADER, + }, + { + name: "IP Header", + type: "boolean", + value: Packets.STRIP_IP_HEADER, + }, + { + name: "Ethernet Header", + type: "boolean", + value: Packets.STRIP_TCP_HEADER, + }, + ] + }, }; diff --git a/src/core/config/modules/Packets.js b/src/core/config/modules/Packets.js index 88f3d7a8..97586d00 100644 --- a/src/core/config/modules/Packets.js +++ b/src/core/config/modules/Packets.js @@ -13,7 +13,8 @@ import Packets from "../../operations/Packets.js"; let OpModules = typeof self === "undefined" ? {} : self.OpModules || {}; OpModules.Packets = { - "From Tcpdump": Packets.runFromTcpdump, + "From Tcpdump": Packets.runFromTcpdump, + "Strip TCP Headers": Packets.stripPacketHeader }; export default OpModules; diff --git a/src/core/operations/Packets.js b/src/core/operations/Packets.js index 4ecdf190..181abece 100644 --- a/src/core/operations/Packets.js +++ b/src/core/operations/Packets.js @@ -11,23 +11,6 @@ import Utils from "../Utils.js"; * @namespace */ const Packets = { - - /** - * @constant - * @default - */ - WIDTH: 16, - /** - * @constant - * @default - */ - UPPER_CASE: false, - /** - * @constant - * @default - */ - INCLUDE_FINAL_LENGTH: false, - /** * From Tcpdump Hexstring operation. * @@ -48,7 +31,51 @@ const Packets = { } return output; }, + + + /** + * @constant + * @default + */ + STRIP_ETHERNET_HEADER: true, + + /** + * @constant + * @default + */ + STRIP_IP_HEADER: true, + + /** + * @constant + * @default + */ + STRIP_TCP_HEADER: true, + + /** + * Strip TCP Headersoperation. + * + * @param {string} input + * @param {Object[]} args + * @returns {string} + */ + stripPacketHeader: function(input, args) { + let output = input, + stripEthernet = args[0], + stripIP = args[1], + stripTCP = args[2]; + if (stripEthernet) { + output = output.replace(/^(([0-9a-f]{4} ){6,8}0800 )/igm,''); + } + if (stripIP) { + output = output.replace(/^((45[0-9a-f]{2} ([0-9a-f]{4} ){9}))/igm,''); + } + if (stripTCP) { + output = output.replace(/^([0-9a-f]{4} ){6}((80[0-9a-f]{2} ([0-9a-f]{4} ?){9})|(50[0-9a-f]{2} ([0-9a-f]{4} ?){3}))/igm,''); + } + + return output; + }, }; export default Packets;