mirror of
https://github.com/gchq/CyberChef.git
synced 2025-05-08 07:21:02 -04:00
Sync up and fix issues
Renaming from tcpdump into packets category. Adding a new packet category. Update structures
This commit is contained in:
parent
a74d97f2a4
commit
a34547dab1
8 changed files with 93 additions and 215 deletions
|
@ -27,7 +27,6 @@ const Categories = [
|
||||||
ops: [
|
ops: [
|
||||||
"To Hexdump",
|
"To Hexdump",
|
||||||
"From Hexdump",
|
"From Hexdump",
|
||||||
"From nTcpdump",
|
|
||||||
"From 0x[Hex]",
|
"From 0x[Hex]",
|
||||||
"From Char(Hex)",
|
"From Char(Hex)",
|
||||||
"To Hex",
|
"To Hex",
|
||||||
|
@ -137,7 +136,6 @@ const Categories = [
|
||||||
ops: [
|
ops: [
|
||||||
"HTTP request",
|
"HTTP request",
|
||||||
"Strip HTTP headers",
|
"Strip HTTP headers",
|
||||||
"HTTP gzip decrypt",
|
|
||||||
"Parse User Agent",
|
"Parse User Agent",
|
||||||
"Parse IP range",
|
"Parse IP range",
|
||||||
"Parse IPv6 address",
|
"Parse IPv6 address",
|
||||||
|
@ -300,6 +298,13 @@ const Categories = [
|
||||||
"To Kebab case",
|
"To Kebab case",
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "Packets",
|
||||||
|
ops: [
|
||||||
|
"From Tcpdump",
|
||||||
|
"HTTP gzip Decrypt",
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "Other",
|
name: "Other",
|
||||||
ops: [
|
ops: [
|
||||||
|
|
|
@ -36,8 +36,6 @@ import Tidy from "../operations/Tidy.js";
|
||||||
import Unicode from "../operations/Unicode.js";
|
import Unicode from "../operations/Unicode.js";
|
||||||
import URL_ from "../operations/URL.js";
|
import URL_ from "../operations/URL.js";
|
||||||
|
|
||||||
import nTcpdump from "../operations/nTcpdump.js";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Type definition for an OpConf.
|
* Type definition for an OpConf.
|
||||||
*
|
*
|
||||||
|
@ -501,8 +499,8 @@ const OperationConfig = {
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"From 0x[Hex]": {
|
"From 0x[Hex]": {
|
||||||
|
module: "Default",
|
||||||
description: "Converts a hexadecimal byte string back into a its raw value.<br><br>e.g. <code>0x217e21</code> becomes the UTF-8 encoded string <code>!~!</code>",
|
description: "Converts a hexadecimal byte string back into a its raw value.<br><br>e.g. <code>0x217e21</code> becomes the UTF-8 encoded string <code>!~!</code>",
|
||||||
run: ByteRepr.runFrom0xHex,
|
|
||||||
highlight: ByteRepr.highlightFrom,
|
highlight: ByteRepr.highlightFrom,
|
||||||
highlightReverse: ByteRepr.highlightTo,
|
highlightReverse: ByteRepr.highlightTo,
|
||||||
inputType: "string",
|
inputType: "string",
|
||||||
|
@ -510,8 +508,8 @@ const OperationConfig = {
|
||||||
args: []
|
args: []
|
||||||
},
|
},
|
||||||
"From Char(Hex)": {
|
"From Char(Hex)": {
|
||||||
|
module: "Default",
|
||||||
description: "Converts a hexadecimal byte string back into a its raw value.<br><br>e.g. <code>chr(33)</code> becomes the UTF-8 encoded string <code>!</code>",
|
description: "Converts a hexadecimal byte string back into a its raw value.<br><br>e.g. <code>chr(33)</code> becomes the UTF-8 encoded string <code>!</code>",
|
||||||
run: ByteRepr.runFromCharHex,
|
|
||||||
highlight: ByteRepr.highlightFrom,
|
highlight: ByteRepr.highlightFrom,
|
||||||
highlightReverse: ByteRepr.highlightTo,
|
highlightReverse: ByteRepr.highlightTo,
|
||||||
inputType: "string",
|
inputType: "string",
|
||||||
|
@ -675,11 +673,9 @@ const OperationConfig = {
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"From nTcpdump": {
|
"From Tcpdump": {
|
||||||
description: "For Tcpdump conversion only.",
|
module: "Packets",
|
||||||
run: nTcpdump.runFrom,
|
description: "[DEPRECATED] Converts Tcpdump hex to string",
|
||||||
highlight: nTcpdump.highlightFrom,
|
|
||||||
highlightReverse: nTcpdump.highlightTo,
|
|
||||||
inputType: "string",
|
inputType: "string",
|
||||||
outputType: "byteArray",
|
outputType: "byteArray",
|
||||||
args: []
|
args: []
|
||||||
|
@ -1767,9 +1763,9 @@ const OperationConfig = {
|
||||||
outputType: "string",
|
outputType: "string",
|
||||||
args: []
|
args: []
|
||||||
},
|
},
|
||||||
"HTTP gzip decrypt": {
|
"HTTP gzip Decrypt": {
|
||||||
|
module: "Compression",
|
||||||
description: "Decrypts Gzip payload from a request or response and returning plaintext of the header and decrypted payload.",
|
description: "Decrypts Gzip payload from a request or response and returning plaintext of the header and decrypted payload.",
|
||||||
run: Compress.runHttpGzip,
|
|
||||||
inputType: "byteArray",
|
inputType: "byteArray",
|
||||||
outputType: "byteArray",
|
outputType: "byteArray",
|
||||||
args: []
|
args: []
|
||||||
|
|
|
@ -26,6 +26,7 @@ OpModules.Compression = {
|
||||||
"Bzip2 Decompress": Compress.runBzip2Decompress,
|
"Bzip2 Decompress": Compress.runBzip2Decompress,
|
||||||
"Tar": Compress.runTar,
|
"Tar": Compress.runTar,
|
||||||
"Untar": Compress.runUntar,
|
"Untar": Compress.runUntar,
|
||||||
|
"HTTP gzip Decrypt":Compress.runHttpGzip,
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -51,6 +51,8 @@ OpModules.Default = {
|
||||||
"From Hexdump": Hexdump.runFrom,
|
"From Hexdump": Hexdump.runFrom,
|
||||||
"To Hex": ByteRepr.runToHex,
|
"To Hex": ByteRepr.runToHex,
|
||||||
"From Hex": ByteRepr.runFromHex,
|
"From Hex": ByteRepr.runFromHex,
|
||||||
|
"From 0x[Hex]": ByteRepr.runFrom0xHex,
|
||||||
|
"From Char(Hex)": ByteRepr.runFromCharHex,
|
||||||
"To Octal": ByteRepr.runToOct,
|
"To Octal": ByteRepr.runToOct,
|
||||||
"From Octal": ByteRepr.runFromOct,
|
"From Octal": ByteRepr.runFromOct,
|
||||||
"To Charcode": ByteRepr.runToCharcode,
|
"To Charcode": ByteRepr.runToCharcode,
|
||||||
|
|
|
@ -20,6 +20,7 @@ import JSBNModule from "./JSBN.js";
|
||||||
import PublicKeyModule from "./PublicKey.js";
|
import PublicKeyModule from "./PublicKey.js";
|
||||||
import ShellcodeModule from "./Shellcode.js";
|
import ShellcodeModule from "./Shellcode.js";
|
||||||
import URLModule from "./URL.js";
|
import URLModule from "./URL.js";
|
||||||
|
import PacketsModule from "./Packets.js";
|
||||||
|
|
||||||
Object.assign(
|
Object.assign(
|
||||||
OpModules,
|
OpModules,
|
||||||
|
@ -35,7 +36,8 @@ Object.assign(
|
||||||
JSBNModule,
|
JSBNModule,
|
||||||
PublicKeyModule,
|
PublicKeyModule,
|
||||||
ShellcodeModule,
|
ShellcodeModule,
|
||||||
URLModule
|
URLModule,
|
||||||
|
PacketsModule
|
||||||
);
|
);
|
||||||
|
|
||||||
export default OpModules;
|
export default OpModules;
|
||||||
|
|
19
src/core/config/modules/Packets.js
Normal file
19
src/core/config/modules/Packets.js
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
import Packets from "../../operations/Packets.js";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Packets module.
|
||||||
|
*
|
||||||
|
* Libraries:
|
||||||
|
* - Utils.js
|
||||||
|
*
|
||||||
|
* @author drkna [whytho@email]
|
||||||
|
* @copyright Crown Copyright 2017
|
||||||
|
* @license Apache-2.0
|
||||||
|
*/
|
||||||
|
let OpModules = typeof self === "undefined" ? {} : self.OpModules || {};
|
||||||
|
|
||||||
|
OpModules.Packets = {
|
||||||
|
"From Tcpdump": Packets.runFromTcpdump,
|
||||||
|
};
|
||||||
|
|
||||||
|
export default OpModules;
|
54
src/core/operations/Packets.js
Normal file
54
src/core/operations/Packets.js
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
import Utils from "../Utils.js";
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Packets operations.
|
||||||
|
*
|
||||||
|
* @author drkna [whytho@email]
|
||||||
|
* @copyright Crown Copyright 2016
|
||||||
|
* @license Apache-2.0
|
||||||
|
*
|
||||||
|
* @namespace
|
||||||
|
*/
|
||||||
|
const Packets = {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @constant
|
||||||
|
* @default
|
||||||
|
*/
|
||||||
|
WIDTH: 16,
|
||||||
|
/**
|
||||||
|
* @constant
|
||||||
|
* @default
|
||||||
|
*/
|
||||||
|
UPPER_CASE: false,
|
||||||
|
/**
|
||||||
|
* @constant
|
||||||
|
* @default
|
||||||
|
*/
|
||||||
|
INCLUDE_FINAL_LENGTH: false,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* From Tcpdump Hexstring operation.
|
||||||
|
*
|
||||||
|
* @param {string} input
|
||||||
|
* @param {Object[]} args
|
||||||
|
* @returns {byteArray}
|
||||||
|
*/
|
||||||
|
runFromTcpdump: function(input, args) {
|
||||||
|
let output = [];
|
||||||
|
let regex = /^\s*(?:0x[\dA-F]{4}:?)?\s*((?:[\dA-F]{4}\s?){1,8})/igm;
|
||||||
|
let block = regex.exec(input);
|
||||||
|
while (block) {
|
||||||
|
let line = Utils.fromHex(block[1].replace(/-/g, " "));
|
||||||
|
for (let i = 0; i < line.length; i++) {
|
||||||
|
output.push(line[i]);
|
||||||
|
}
|
||||||
|
block = regex.exec(input);
|
||||||
|
}
|
||||||
|
return output;
|
||||||
|
},
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
export default Packets;
|
|
@ -1,201 +0,0 @@
|
||||||
/* globals app */
|
|
||||||
import Utils from "../Utils.js";
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Hexdump operations.
|
|
||||||
*
|
|
||||||
* @author n1474335 [n1474335@gmail.com]
|
|
||||||
* @copyright Crown Copyright 2016
|
|
||||||
* @license Apache-2.0
|
|
||||||
*
|
|
||||||
* @namespace
|
|
||||||
*/
|
|
||||||
const nTcpdump = {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @constant
|
|
||||||
* @default
|
|
||||||
*/
|
|
||||||
WIDTH: 16,
|
|
||||||
/**
|
|
||||||
* @constant
|
|
||||||
* @default
|
|
||||||
*/
|
|
||||||
UPPER_CASE: false,
|
|
||||||
/**
|
|
||||||
* @constant
|
|
||||||
* @default
|
|
||||||
*/
|
|
||||||
INCLUDE_FINAL_LENGTH: false,
|
|
||||||
|
|
||||||
/**
|
|
||||||
* To Hexdump operation.
|
|
||||||
*
|
|
||||||
* @param {byteArray} input
|
|
||||||
* @param {Object[]} args
|
|
||||||
* @returns {string}
|
|
||||||
*/
|
|
||||||
runTo: function(input, args) {
|
|
||||||
let length = args[0] || nTcpdump.WIDTH;
|
|
||||||
let upperCase = args[1];
|
|
||||||
let includeFinalLength = args[2];
|
|
||||||
|
|
||||||
let output = "", padding = 2;
|
|
||||||
for (let i = 0; i < input.length; i += length) {
|
|
||||||
let buff = input.slice(i, i+length);
|
|
||||||
let hexa = "";
|
|
||||||
for (let j = 0; j < buff.length; j++) {
|
|
||||||
hexa += Utils.hex(buff[j], padding) + " ";
|
|
||||||
}
|
|
||||||
|
|
||||||
let lineNo = Utils.hex(i, 8);
|
|
||||||
|
|
||||||
if (upperCase) {
|
|
||||||
hexa = hexa.toUpperCase();
|
|
||||||
lineNo = lineNo.toUpperCase();
|
|
||||||
}
|
|
||||||
|
|
||||||
output += lineNo + " " +
|
|
||||||
Utils.padRight(hexa, (length*(padding+1))) +
|
|
||||||
" |" + Utils.padRight(Utils.printable(Utils.byteArrayToChars(buff)), buff.length) + "|\n";
|
|
||||||
|
|
||||||
if (includeFinalLength && i+buff.length === input.length) {
|
|
||||||
output += Utils.hex(i+buff.length, 8) + "\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return output.slice(0, -1);
|
|
||||||
},
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* From Hexdump operation.
|
|
||||||
*
|
|
||||||
* @param {string} input
|
|
||||||
* @param {Object[]} args
|
|
||||||
* @returns {byteArray}
|
|
||||||
*/
|
|
||||||
runFrom: function(input, args) {
|
|
||||||
let output = [];
|
|
||||||
let regex = /^\s*(?:0x[\dA-F]{4}:?)?\s*((?:[\dA-F]{4}\s?){1,8})/igm;
|
|
||||||
let block = regex.exec(input);
|
|
||||||
while (block) {
|
|
||||||
let line = Utils.fromHex(block[1].replace(/-/g, " "));
|
|
||||||
for (let i = 0; i < line.length; i++) {
|
|
||||||
output.push(line[i]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// Is this a CyberChef hexdump or is it from a different tool?
|
|
||||||
let width = input.indexOf("\n");
|
|
||||||
let w = (width - 13) / 4;
|
|
||||||
// w should be the specified width of the hexdump and therefore a round number
|
|
||||||
if (Math.floor(w) !== w || input.indexOf("\r") !== -1 || output.indexOf(13) !== -1) {
|
|
||||||
app.options.attemptHighlight = false;
|
|
||||||
}
|
|
||||||
return output;
|
|
||||||
},
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Highlight to hexdump
|
|
||||||
*
|
|
||||||
* @param {Object[]} pos
|
|
||||||
* @param {number} pos[].start
|
|
||||||
* @param {number} pos[].end
|
|
||||||
* @param {Object[]} args
|
|
||||||
* @returns {Object[]} pos
|
|
||||||
*/
|
|
||||||
highlightTo: function(pos, args) {
|
|
||||||
// Calculate overall selection
|
|
||||||
let w = args[0] || 16,
|
|
||||||
width = 14 + (w*4),
|
|
||||||
line = Math.floor(pos[0].start / w),
|
|
||||||
offset = pos[0].start % w,
|
|
||||||
start = 0,
|
|
||||||
end = 0;
|
|
||||||
|
|
||||||
pos[0].start = line*width + 10 + offset*3;
|
|
||||||
|
|
||||||
line = Math.floor(pos[0].end / w);
|
|
||||||
offset = pos[0].end % w;
|
|
||||||
if (offset === 0) {
|
|
||||||
line--;
|
|
||||||
offset = w;
|
|
||||||
}
|
|
||||||
pos[0].end = line*width + 10 + offset*3 - 1;
|
|
||||||
|
|
||||||
// Set up multiple selections for bytes
|
|
||||||
let startLineNum = Math.floor(pos[0].start / width);
|
|
||||||
let endLineNum = Math.floor(pos[0].end / width);
|
|
||||||
|
|
||||||
if (startLineNum === endLineNum) {
|
|
||||||
pos.push(pos[0]);
|
|
||||||
} else {
|
|
||||||
start = pos[0].start;
|
|
||||||
end = (startLineNum+1) * width - w - 5;
|
|
||||||
pos.push({ start: start, end: end });
|
|
||||||
while (end < pos[0].end) {
|
|
||||||
startLineNum++;
|
|
||||||
start = startLineNum * width + 10;
|
|
||||||
end = (startLineNum+1) * width - w - 5;
|
|
||||||
if (end > pos[0].end) end = pos[0].end;
|
|
||||||
pos.push({ start: start, end: end });
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set up multiple selections for ASCII
|
|
||||||
let len = pos.length, lineNum = 0;
|
|
||||||
start = 0;
|
|
||||||
end = 0;
|
|
||||||
for (let i = 1; i < len; i++) {
|
|
||||||
lineNum = Math.floor(pos[i].start / width);
|
|
||||||
start = (((pos[i].start - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);
|
|
||||||
end = (((pos[i].end + 1 - (lineNum * width)) - 10) / 3) + (width - w -2) + (lineNum * width);
|
|
||||||
pos.push({ start: start, end: end });
|
|
||||||
}
|
|
||||||
return pos;
|
|
||||||
},
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Highlight from hexdump
|
|
||||||
*
|
|
||||||
* @param {Object[]} pos
|
|
||||||
* @param {number} pos[].start
|
|
||||||
* @param {number} pos[].end
|
|
||||||
* @param {Object[]} args
|
|
||||||
* @returns {Object[]} pos
|
|
||||||
*/
|
|
||||||
highlightFrom: function(pos, args) {
|
|
||||||
let w = args[0] || 16;
|
|
||||||
let width = 14 + (w*4);
|
|
||||||
|
|
||||||
let line = Math.floor(pos[0].start / width);
|
|
||||||
let offset = pos[0].start % width;
|
|
||||||
|
|
||||||
if (offset < 10) { // In line number section
|
|
||||||
pos[0].start = line*w;
|
|
||||||
} else if (offset > 10+(w*3)) { // In ASCII section
|
|
||||||
pos[0].start = (line+1)*w;
|
|
||||||
} else { // In byte section
|
|
||||||
pos[0].start = line*w + Math.floor((offset-10)/3);
|
|
||||||
}
|
|
||||||
|
|
||||||
line = Math.floor(pos[0].end / width);
|
|
||||||
offset = pos[0].end % width;
|
|
||||||
|
|
||||||
if (offset < 10) { // In line number section
|
|
||||||
pos[0].end = line*w;
|
|
||||||
} else if (offset > 10+(w*3)) { // In ASCII section
|
|
||||||
pos[0].end = (line+1)*w;
|
|
||||||
} else { // In byte section
|
|
||||||
pos[0].end = line*w + Math.ceil((offset-10)/3);
|
|
||||||
}
|
|
||||||
|
|
||||||
return pos;
|
|
||||||
},
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
export default nTcpdump;
|
|
Loading…
Add table
Add a link
Reference in a new issue