mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-05-07 15:07:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

HTTP Gzip Decrypt working

Browse source
This commit is contained in:
windhamwong@nva-hk.com 2017-07-04 14:30:34 +01:00
parent 90802db3c4
commit b9d33c0618
5 changed files with 50 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
package.json
View file

@ -80,6 +80,7 @@
"lodash": "^4.17.4", "lodash": "^4.17.4",
"moment": "^2.17.1", "moment": "^2.17.1",
"moment-timezone": "^0.5.11", "moment-timezone": "^0.5.11",
"pako": "^1.0.5",
"sladex-blowfish": "^0.8.1", "sladex-blowfish": "^0.8.1",
"sortablejs": "^1.5.1", "sortablejs": "^1.5.1",
"split.js": "^1.2.0", "split.js": "^1.2.0",

20
src/core/Utils.js
View file

@ -344,6 +344,26 @@ const Utils = {
}, },
/**
* Translates an array of bytes to a hex string.
*
* @param {byteArray} byteArray
* @returns {string}
*
* @example
* // returns "fe09a7"
* Utils.byteArrayToHex([0xfe, 0x09, 0xa7]);
*/
byteArrayToHexNoSpace: function(byteArray) {
if (!byteArray) return "";
let hexStr = "";
for (let i = 0; i < byteArray.length; i++) {
hexStr += Utils.hex(byteArray[i]);
}
return hexStr.slice(0, hexStr.length-1);
},
/** /**
* Converts a string to a byte array. * Converts a string to a byte array.
* Treats the string as UTF-8 if any values are over 255. * Treats the string as UTF-8 if any values are over 255.

1
src/core/config/Categories.js
View file

@ -131,6 +131,7 @@ const Categories = [
ops: [ ops: [
"HTTP request", "HTTP request",
"Strip HTTP headers", "Strip HTTP headers",
"HTTP gzip decrypt",
"Parse User Agent", "Parse User Agent",
"Parse IP range", "Parse IP range",
"Parse IPv6 address", "Parse IPv6 address",

7
src/core/config/OperationConfig.js
View file

@ -1676,6 +1676,13 @@ const OperationConfig = {
outputType: "string", outputType: "string",
args: [] args: []
}, },
"HTTP gzip decrypt": {
description: "Decrypts Gzip payload from a request or response and returning plaintext of the header and decrypted payload.",
run: Compress.runHttpGzip,
inputType: "byteArray",
outputType: "byteArray",
args: []
},
"Parse User Agent": { "Parse User Agent": {
description: "Attempts to identify and categorise information contained in a user-agent string.", description: "Attempts to identify and categorise information contained in a user-agent string.",
run: HTTP.runParseUserAgent, run: HTTP.runParseUserAgent,

21
src/core/operations/Compress.js
View file

@ -5,6 +5,7 @@ import zlibAndGzip from "zlibjs/bin/zlib_and_gzip.min";
import zip from "zlibjs/bin/zip.min"; import zip from "zlibjs/bin/zip.min";
import unzip from "zlibjs/bin/unzip.min"; import unzip from "zlibjs/bin/unzip.min";
import bzip2 from "exports-loader?bzip2!../lib/bzip2.js"; import bzip2 from "exports-loader?bzip2!../lib/bzip2.js";
import pako from "pako/index.js";
const Zlib = { const Zlib = {
RawDeflate: rawdeflate.Zlib.RawDeflate, RawDeflate: rawdeflate.Zlib.RawDeflate,
@ -254,6 +255,26 @@ const Compress = {
}, },
/**
* HTTP Gzip operation.
*
* @param {byteArray} input
* @param {Object[]} args
* @returns {byteArray}
*/
runHttpGzip: function(input, args) {
input = Utils.byteArrayToHexNoSpace(input);
let regexStr = /1f8b080[0-8][0-9a-f]{12}/;
let gzipPos = input.search(regexStr);
let plainData = input.substr(0, gzipPos);
let gzipData = input.substr(gzipPos);
gzipData = Utils.hexToByteArray(gzipData);
return Utils.hexToByteArray(plainData).concat(Array.prototype.slice.call(pako.ungzip(gzipData)));
},
/** /**
* @constant * @constant
* @default * @default