New recipe: Strip Ethernet/IP/TCP Header from hexstream

src/core/config/Categories.js

@@ -303,6 +303,7 @@ const Categories = [
         ops: [
             "From Tcpdump",
             "HTTP gzip Decrypt",
+			"Strip TCP Headers",
         ]
     },
     {

src/core/config/OperationConfig.js

@@ -35,6 +35,7 @@ import StrUtils from "../operations/StrUtils.js";
 import Tidy from "../operations/Tidy.js";
 import Unicode from "../operations/Unicode.js";
 import URL_ from "../operations/URL.js";
+import Packets from "../operations/Packets.js";
 
 /**
  * Type definition for an OpConf.
@@ -673,13 +674,6 @@ const OperationConfig = {
             }
         ]
     },
-    "From Tcpdump": {
-        module: "Packets",
-        description: "[DEPRECATED] Converts Tcpdump hex to string",
-        inputType: "string",
-        outputType: "byteArray",
-        args: []
-    },
     "From Hexdump": {
         module: "Default",
         description: "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.",
@@ -3876,6 +3870,36 @@ const OperationConfig = {
             }
         ]
     },
+    "From Tcpdump": {
+        module: "Packets",
+        description: "[DEPRECATED] Converts Tcpdump hex to string",
+        inputType: "string",
+        outputType: "byteArray",
+        args: []
+    },
+    "Strip TCP Headers": {
+        module: "Packets",
+        description: "Remove selected TCP headers from hexstream",
+        inputType: "string",
+        outputType: "string",
+        args: [
+            {
+                name: "Ethernet Header",
+                type: "boolean",
+                value: Packets.STRIP_ETHERNET_HEADER,
+            },
+            {
+                name: "IP Header",
+                type: "boolean",
+                value: Packets.STRIP_IP_HEADER,
+            },
+            {
+                name: "Ethernet Header",
+                type: "boolean",
+                value: Packets.STRIP_TCP_HEADER,
+            },
+        ]
+    },
 };
 
 

src/core/config/modules/Packets.js

@@ -14,6 +14,7 @@ let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
 
 OpModules.Packets = {
     "From Tcpdump":				Packets.runFromTcpdump,
+	"Strip TCP Headers":		Packets.stripPacketHeader
 };
 
 export default OpModules;

src/core/operations/Packets.js

@@ -11,23 +11,6 @@ import Utils from "../Utils.js";
  * @namespace
  */
 const Packets = {
-
-    /**
-     * @constant
-     * @default
-     */
-    WIDTH: 16,
-    /**
-     * @constant
-     * @default
-     */
-    UPPER_CASE: false,
-    /**
-     * @constant
-     * @default
-     */
-    INCLUDE_FINAL_LENGTH: false,
-
     /**
      * From Tcpdump Hexstring operation.
      *
@@ -49,6 +32,50 @@ const Packets = {
         return output;
     },
     
+    
+     /**
+     * @constant
+     * @default
+     */
+    STRIP_ETHERNET_HEADER: true,
+    
+    /**
+     * @constant
+     * @default
+     */
+    STRIP_IP_HEADER: true,
+    
+    /**
+     * @constant
+     * @default
+     */
+    STRIP_TCP_HEADER: true,
+    
+    /**
+     * Strip TCP Headersoperation.
+     *
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    stripPacketHeader: function(input, args) {
+        let output = input,
+            stripEthernet = args[0],
+            stripIP = args[1],
+            stripTCP = args[2];
+
+        if (stripEthernet) {
+            output = output.replace(/^(([0-9a-f]{4} ){6,8}0800 )/igm,'');
+        }
+        if (stripIP) {
+            output = output.replace(/^((45[0-9a-f]{2} ([0-9a-f]{4} ){9}))/igm,'');
+        }
+        if (stripTCP) {
+            output = output.replace(/^([0-9a-f]{4} ){6}((80[0-9a-f]{2} ([0-9a-f]{4} ?){9})|(50[0-9a-f]{2} ([0-9a-f]{4} ?){3}))/igm,'');
+        }
+
+        return output;
+    },
 };
 
 export default Packets;