mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-05-08 07:21:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

New recipe: Strip Ethernet/IP/TCP Header from hexstream

Browse source
This commit is contained in:
Windham Wong 2017-10-19 15:58:47 +01:00
parent a34547dab1
commit 54194f2cc1
4 changed files with 78 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/core/config/Categories.js
View file

@ -303,6 +303,7 @@ const Categories = [
ops: [ ops: [
"From Tcpdump", "From Tcpdump",
"HTTP gzip Decrypt", "HTTP gzip Decrypt",
"Strip TCP Headers",
] ]
}, },
{ {

38
src/core/config/OperationConfig.js
View file

@ -35,6 +35,7 @@ import StrUtils from "../operations/StrUtils.js";
import Tidy from "../operations/Tidy.js"; import Tidy from "../operations/Tidy.js";
import Unicode from "../operations/Unicode.js"; import Unicode from "../operations/Unicode.js";
import URL_ from "../operations/URL.js"; import URL_ from "../operations/URL.js";
import Packets from "../operations/Packets.js";
/** /**
* Type definition for an OpConf. * Type definition for an OpConf.
@ -673,13 +674,6 @@ const OperationConfig = {
} }
] ]
}, },
"From Tcpdump": {
module: "Packets",
description: "[DEPRECATED] Converts Tcpdump hex to string",
inputType: "string",
outputType: "byteArray",
args: []
},
"From Hexdump": { "From Hexdump": {
module: "Default", module: "Default",
description: "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.", description: "Attempts to convert a hexdump back into raw data. This operation supports many different hexdump variations, but probably not all. Make sure you verify that the data it gives you is correct before continuing analysis.",
@ -3876,6 +3870,36 @@ const OperationConfig = {
} }
] ]
}, },
"From Tcpdump": {
module: "Packets",
description: "[DEPRECATED] Converts Tcpdump hex to string",
inputType: "string",
outputType: "byteArray",
args: []
},
"Strip TCP Headers": {
module: "Packets",
description: "Remove selected TCP headers from hexstream",
inputType: "string",
outputType: "string",
args: [
{
name: "Ethernet Header",
type: "boolean",
value: Packets.STRIP_ETHERNET_HEADER,
},
{
name: "IP Header",
type: "boolean",
value: Packets.STRIP_IP_HEADER,
},
{
name: "Ethernet Header",
type: "boolean",
value: Packets.STRIP_TCP_HEADER,
},
]
},
}; };

3
src/core/config/modules/Packets.js
View file

@ -13,7 +13,8 @@ import Packets from "../../operations/Packets.js";
let OpModules = typeof self === "undefined" ? {} : self.OpModules || {}; let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
OpModules.Packets = { OpModules.Packets = {
"From Tcpdump": Packets.runFromTcpdump, "From Tcpdump": Packets.runFromTcpdump,
"Strip TCP Headers": Packets.stripPacketHeader
}; };
export default OpModules; export default OpModules;

61
src/core/operations/Packets.js
View file

@ -11,23 +11,6 @@ import Utils from "../Utils.js";
* @namespace * @namespace
*/ */
const Packets = { const Packets = {
/**
* @constant
* @default
*/
WIDTH: 16,
/**
* @constant
* @default
*/
UPPER_CASE: false,
/**
* @constant
* @default
*/
INCLUDE_FINAL_LENGTH: false,
/** /**
* From Tcpdump Hexstring operation. * From Tcpdump Hexstring operation.
* *
@ -48,7 +31,51 @@ const Packets = {
} }
return output; return output;
}, },
/**
* @constant
* @default
*/
STRIP_ETHERNET_HEADER: true,
/**
* @constant
* @default
*/
STRIP_IP_HEADER: true,
/**
* @constant
* @default
*/
STRIP_TCP_HEADER: true,
/**
* Strip TCP Headersoperation.
*
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
stripPacketHeader: function(input, args) {
let output = input,
stripEthernet = args[0],
stripIP = args[1],
stripTCP = args[2];
if (stripEthernet) {
output = output.replace(/^(([0-9a-f]{4} ){6,8}0800 )/igm,'');
}
if (stripIP) {
output = output.replace(/^((45[0-9a-f]{2} ([0-9a-f]{4} ){9}))/igm,'');
}
if (stripTCP) {
output = output.replace(/^([0-9a-f]{4} ){6}((80[0-9a-f]{2} ([0-9a-f]{4} ?){9})|(50[0-9a-f]{2} ([0-9a-f]{4} ?){3}))/igm,'');
}
return output;
},
}; };
export default Packets; export default Packets;