HTTP Gzip Decrypt working

2025-05-06 22:47:11 -04:00 · 2017-07-04 14:30:34 +01:00 · 2017-07-04 14:30:34 +01:00 · b9d33c0618
commit b9d33c0618
parent 90802db3c4
5 changed files with 50 additions and 0 deletions
--- a/package.json
+++ b/package.json
@ -80,6 +80,7 @@
    "lodash": "^4.17.4",
    "moment": "^2.17.1",
    "moment-timezone": "^0.5.11",
+    "pako": "^1.0.5",
    "sladex-blowfish": "^0.8.1",
    "sortablejs": "^1.5.1",
    "split.js": "^1.2.0",
--- a/src/core/Utils.js
+++ b/src/core/Utils.js
@ -344,6 +344,26 @@ const Utils = {
    },


+    /**
+     * Translates an array of bytes to a hex string.
+     *
+     * @param {byteArray} byteArray
+     * @returns {string}
+     *
+     * @example
+     * // returns "fe09a7"
+     * Utils.byteArrayToHex([0xfe, 0x09, 0xa7]);
+     */
+    byteArrayToHexNoSpace: function(byteArray) {
+        if (!byteArray) return "";
+        let hexStr = "";
+        for (let i = 0; i < byteArray.length; i++) {
+            hexStr += Utils.hex(byteArray[i]);
+        }
+        return hexStr.slice(0, hexStr.length-1);
+    },
+
+
    /**
     * Converts a string to a byte array.
     * Treats the string as UTF-8 if any values are over 255.
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@ -131,6 +131,7 @@ const Categories = [
        ops: [
            "HTTP request",
            "Strip HTTP headers",
+            "HTTP gzip decrypt",
            "Parse User Agent",
            "Parse IP range",
            "Parse IPv6 address",
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@ -1676,6 +1676,13 @@ const OperationConfig = {
        outputType: "string",
        args: []
    },
+    "HTTP gzip decrypt": {
+        description: "Decrypts Gzip payload from a request or response and returning plaintext of the header and decrypted payload.",
+        run: Compress.runHttpGzip,
+        inputType: "byteArray",
+        outputType: "byteArray",
+        args: []
+    },
    "Parse User Agent": {
        description: "Attempts to identify and categorise information contained in a user-agent string.",
        run: HTTP.runParseUserAgent,
--- a/src/core/operations/Compress.js
+++ b/src/core/operations/Compress.js
@ -5,6 +5,7 @@ import zlibAndGzip from "zlibjs/bin/zlib_and_gzip.min";
 import zip from "zlibjs/bin/zip.min";
 import unzip from "zlibjs/bin/unzip.min";
 import bzip2 from "exports-loader?bzip2!../lib/bzip2.js";
+import pako from "pako/index.js";

 const Zlib = {
    RawDeflate: rawdeflate.Zlib.RawDeflate,
@ -254,6 +255,26 @@ const Compress = {
    },


+    /**
+     * HTTP Gzip operation.
+     *
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {byteArray}
+     */
+    runHttpGzip: function(input, args) {
+        input = Utils.byteArrayToHexNoSpace(input);
+
+        let regexStr = /1f8b080[0-8][0-9a-f]{12}/;
+        let gzipPos = input.search(regexStr);
+        let plainData = input.substr(0, gzipPos);
+        let gzipData = input.substr(gzipPos);
+
+        gzipData = Utils.hexToByteArray(gzipData);
+        return Utils.hexToByteArray(plainData).concat(Array.prototype.slice.call(pako.ungzip(gzipData)));
+    },
+
+
    /**
     * @constant
     * @default