add a tool to extrat image from pcap file

security/web/test.py → security/web/collect_imgs.py

@@ -1,32 +1,12 @@
 import re
 import zlib
-import cv2
 
 from scapy.all import *
 from scapy.layers.inet import TCP
 
-pictures_directory = "/Users/river/project/security/dessert/security/web/pictures"
-faces_directory = "/Users/river/project/security/dessert/security/web/faces"
+pictures_directory = "./pic"
 pcap_file = "arper.pcap"
-
-def face_detect(path, file_name):
-    img = cv2.imread(path)
-    cascade = cv2.CascadeClassifier("haarcascade_frontalface_alt.xml")
-    rects = cascade.detectMultiScale(img, 1.3, 4, cv2.cv.CV_HAAR_SCALE_IMAGE, (20,20))
-
-    if len(rects) == 0:
-        return False
-
-    rects[:, 2:] += rects[:, :2]
-
-    # highlight the faces in the image
-    for x1, y1, x2, y2 in rects:
-        cv2.rectangle(img, (x1, y1), (x2, y2), (127, 255, 0), 2)
-
-    cv2.imwrite("%s/%s-%s" % (faces_directory, pcap_file, file_name), img)
-
-    return True
-
+debug = False
 
 def get_http_headers(http_payload):
     headers = []
@@ -39,13 +19,15 @@ def get_http_headers(http_payload):
         if end is -1:
             return headers
         headers_raw = http_payload[start:end+2]
-        print("start: "+str(start))
-        print("end: "+str(end))
-        print(headers_raw)
+        if debug:
+            print("start: "+str(start))
+            print("end: "+str(end))
+            print(headers_raw)
 
         # break out the headers
         header = dict(re.findall(r"(?P<name>.*?): (?P<value>.*?)\r\n", headers_raw))
-        print(header)
+        if debug:
+            print(header)
         if "Content-Length" in header.keys():
             len = int(header["Content-Length"])
             payload = http_payload[end+4:end+4+len]
@@ -86,6 +68,9 @@ def extract_image(header, payload):
 
     return image, image_type
 
+def derepeat_packet(packetlist):
+    sortlist = sorted(packetlist, key=lambda packet: packet.id)
+    return sortlist
 
 def http_assembler(pcap_file):
     carved_images = 0
@@ -97,12 +82,14 @@ def http_assembler(pcap_file):
 
     for session in sessions:
         http_payload = ""
-        for packet in sessions[session]:
+        packetlist = derepeat_packet(sessions[session])
+        ids = []
+        for packet in packetlist:
             try:
-                if packet[TCP].dport == 80 or packet[TCP].sport == 80:
+                if (packet[TCP].sport == 80) and not (packet.id in ids):
                     # reassemble the stream
                     http_payload += str(packet[TCP].payload)
-
+                    ids.append(packet.id)
             except:
                 pass
 
@@ -119,26 +106,17 @@ def http_assembler(pcap_file):
                 file_name = "%s-pic_carver_%d.%s" % \
                     (pcap_file, carved_images, image_type)
 
-                print(file_name)
                 fd = open("%s/%s" % (pictures_directory, file_name), "wb")
 
                 fd.write(image)
                 fd.close()
 
                 carved_images += 1
 
-                # now attempt face detection
-                try:
-                    result = face_detect("%s/%s" % (pictures_directory, file_name), file_name)
-
-                    if result is True:
-                        faces_detected += 1
-                except:
-                    pass
     return carved_images, faces_detected
 
 if __name__ == "__main__":
     carved_images, faces_detected = http_assembler(pcap_file)
 
-    print "Extracted: %d images" % carved_images
-    print "Detected: %d faces" % faces_detected
+    print("Extracted: %d images" % carved_images)
+    print("Detected: %d faces" % faces_detected)

security/web/pic_carver.py

@@ -125,4 +125,4 @@ def http_assembler(pcap_file):
 carved_images, faces_detected = http_assembler(pcap_file)
 
 print "Extracted: %d images" % carved_images
-print "Detected: %d faces" % faces_detected
+print "Detected: %d faces" % faces_detected