mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-20 23:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added initial functionality for 'Parse IPv4 header' operation.

Browse source
This commit is contained in:
n1474335 2017-02-18 16:13:19 +00:00
parent 92bd2c921e
commit fa20939dd4
3 changed files with 103 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/js/config/Categories.js
View file

@ -127,6 +127,7 @@ var Categories = [
"Parse User Agent", "Parse User Agent",
"Parse IP range", "Parse IP range",
"Parse IPv6 address", "Parse IPv6 address",
"Parse IPv4 header",
"Parse URI", "Parse URI",
"URL Encode", "URL Encode",
"URL Decode", "URL Decode",

17
src/js/config/OperationConfig.js
View file

@ -791,11 +791,24 @@ var OperationConfig = {
}, },
"Parse IPv6 address": { "Parse IPv6 address": {
description: "Displays the longhand and shorthand versions of a valid IPv6 address.<br><br>Recognises all reserved ranges and parses encapsulated or tunnelled addresses including Teredo and 6to4.", description: "Displays the longhand and shorthand versions of a valid IPv6 address.<br><br>Recognises all reserved ranges and parses encapsulated or tunnelled addresses including Teredo and 6to4.",
run: IP.runParseIpv6, run: IP.runParseIPv6,
inputType: "string", inputType: "string",
outputType: "string", outputType: "string",
args: [] args: []
}, },
"Parse IPv4 header": {
description: "Given an IPv4 header as raw bytes, this operations parses and displays each field in an easily readable format.",
run: IP.runParseIPv4Header,
inputType: "string",
outputType: "string",
args: [
{
name: "Input format",
type: "option",
value: IP.IP_HEADER_FORMAT
}
]
},
"Text encoding": { "Text encoding": {
description: "Translates the data between different character encodings.<br><br>Supported charsets are:<ul><li>UTF8</li><li>UTF16</li><li>UTF16LE (little-endian)</li><li>UTF16BE (big-endian)</li><li>Hex</li><li>Base64</li><li>Latin1 (ISO-8859-1)</li><li>Windows-1251</li></ul>", description: "Translates the data between different character encodings.<br><br>Supported charsets are:<ul><li>UTF8</li><li>UTF16</li><li>UTF16LE (little-endian)</li><li>UTF16BE (big-endian)</li><li>Hex</li><li>Base64</li><li>Latin1 (ISO-8859-1)</li><li>Windows-1251</li></ul>",
run: CharEnc.run, run: CharEnc.run,
@ -2034,7 +2047,7 @@ var OperationConfig = {
] ]
}, },
"Regular expression": { "Regular expression": {
description: "Define your own regular expression to search the input data with, optionally choosing from a list of pre-defined patterns.", description: "Define your own regular expression (regex) to search the input data with, optionally choosing from a list of pre-defined patterns.",
run: StrUtils.runRegex, run: StrUtils.runRegex,
manualBake: true, manualBake: true,
inputType: "string", inputType: "string",

89
src/js/operations/IP.js
View file

@ -1,4 +1,4 @@
/* globals BigInteger */ /* globals BigInteger, Checksum */
/** /**
* Internet Protocol address operations. * Internet Protocol address operations.
@ -78,7 +78,7 @@ var IP = {
* @param {Object[]} args * @param {Object[]} args
* @returns {string} * @returns {string}
*/ */
runParseIpv6: function (input, args) { runParseIPv6: function (input, args) {
var match, var match,
output = ""; output = "";
@ -401,6 +401,91 @@ var IP = {
}, },
/**
* @constant
* @default
*/
IP_HEADER_FORMAT: ["Hex", "Raw"],
/**
* Parse IPv4 header operation.
*
* @param {byteArray} input
* @param {Object[]} args
* @returns {string}
*/
runParseIPv4Header: function(input, args) {
var format = args[0],
output;
if (format === "Hex") {
input = Utils.fromHex(input);
} else if (format === "Raw") {
input = Utils.strToByteArray(input);
} else {
return "Unrecognised input format.";
}
var version = (input[0] >>> 4) & 0x0f,
ihl = input[0] & 0x0f,
dscp = (input[1] >>> 2) & 0x3f,
ecn = input[1] & 0x03,
length = input[2] << 8 | input[3],
identification = input[4] << 8 | input[5],
flags = (input[6] >>> 5) & 0x07,
fragOffset = (input[6] & 0x1f) << 8 | input[7],
ttl = input[8],
protocol = input[9],
checksum = input[10] << 8 | input[11],
srcIP = input[12] << 24 | input[13] << 16 | input[14] << 8 | input[15],
dstIP = input[16] << 24 | input[17] << 16 | input[18] << 8 | input[19],
checksumHeader = input.slice(0, 10).concat([0, 0]).concat(input.slice(12, 20));
// Version
if (version !== 4) {
version = version + " (Error: for IPv4 headers, this should always be set to 4)";
}
// IHL
if (ihl < 5) {
ihl = ihl + " (Error: this should always be at least 5)";
} else if (ihl > 5) {
// sort out options...
}
//
// Check checksum
var correctChecksum = Checksum.runTCPIP(checksumHeader, []),
givenChecksum = Utils.hex(checksum),
checksumResult;
if (correctChecksum === givenChecksum) {
checksumResult = givenChecksum + " (correct)";
} else {
checksumResult = givenChecksum + " (incorrect, should be " + correctChecksum + ")";
}
output = "Version: " + version +
"\nInternet Header Length (IHL): " + ihl +
"\nDifferentiated Services Code Point (DSCP): " + dscp +
"\nECN: " + ecn +
"\nTotal length: " + length +
"\nIdentification: " + identification +
"\nFlags: " + flags +
"\nFragment offset: " + fragOffset +
"\nTime-To-Live: " + ttl +
"\nProtocol: " + protocol +
"\nHeader checksum: " + checksumResult +
"\nSource IP address: " + IP._ipv4ToStr(srcIP) +
"\nDestination IP address: " + IP._ipv4ToStr(dstIP) +
"\nCorrect checksum: " + Checksum.runTCPIP(checksumHeader, []);
return output;
},
/** /**
* @constant * @constant
* @default * @default