diff --git a/Dockerfile b/Dockerfile old mode 100644 new mode 100755 index ce99c2f..32df99d --- a/Dockerfile +++ b/Dockerfile @@ -7,24 +7,37 @@ FROM ubuntu:latest MAINTAINER Srinivas Piskala Ganesh Babu "spg349@nyu.edu" # Apt update and install - nginx and git +#RUN apt-get update && apt-get upgrade -y RUN apt-get update ENV DEBIAN_FRONTEND=noninteractive RUN apt-get install -y graphviz -RUN apt-get install -y python-tk -RUN apt-get install -y python-pip +RUN apt-get install -y python3-tk +RUN apt-get install -y python3-pip +RUN apt-get install -y python3-pil +RUN apt-get install -y python3-pil.imagetk RUN apt-get install -y nginx RUN apt-get install -y git-core RUN apt-get install -y sudo RUN apt-get install -y libx11-dev - -# Fetching the latest source code from the github repo of devOps +RUN apt-get install -y libnss3 +RUN apt-get install -y libx11-xcb1 +RUN apt-get update && \ + apt-get install -yq --no-install-recommends \ + libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 \ + libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 \ + libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 \ + libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 \ + libnss3 +RUN apt-get install -y libgtk2.0-0 + +# Fetching the latest source code from the github repo of pcapxray RUN git clone https://github.com/srinivas11789/PcapXray ### Master branch changes - srinivas11789/pcapxray -RUN pip install -r PcapXray/requirements.txt +RUN pip3 install --upgrade -r PcapXray/requirements.txt WORKDIR PcapXray/Source -CMD python main.py +CMD python3 main.py ### Develop/Beta branch changes - srinivas11789/pcapxray-beta #WORKDIR PcapXray diff --git a/README.md b/README.md index d323857..46663b1 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,11 @@ python3 Source/main.py ``` ( Make sure to escalate privilege to allow file creations - Run with `sudo` ) +For MAC: +``` +brew install graphviz +``` + * Python 2 ```bash diff --git a/Source/Module/communication_details_fetch.py b/Source/Module/communication_details_fetch.py index 9e6d1ea..c67f4ca 100644 --- a/Source/Module/communication_details_fetch.py +++ b/Source/Module/communication_details_fetch.py @@ -2,7 +2,7 @@ # Library Import import ipwhois -from dns import reversename, resolver +#from dns import reversename, resolver import socket # Module Import #import pcap_reader @@ -26,6 +26,20 @@ def whois_info_fetch(self, ip): except: whois_info = "NoWhoIsInfo" return whois_info + + """ + @staticmethod + def dns_using_library(ip): + try: + reverse_query = reversename.from_address(ip) + resolve_bot = resolve.Resolver() + resolve_bot.timeout = 1 + resolve_bot.lifetime = 1 + dns_info = str(resolve_bot.query(reverse_query,"PTR")[0]) + except: + dns_info = "NotResolvable" + return dns_info + """ @staticmethod def dns(ip): diff --git a/Source/Module/pcap_reader.py b/Source/Module/pcap_reader.py index 2289aef..eace776 100644 --- a/Source/Module/pcap_reader.py +++ b/Source/Module/pcap_reader.py @@ -10,6 +10,9 @@ import malicious_traffic_identifier import communication_details_fetch +# Feature toggle +tls_view_feature = False + class PcapEngine(): """ PcapEngine: To support different pcap parser backend engine to operate reading pcap @@ -50,6 +53,17 @@ def __init__(self, pcap_file_name, pcap_parser_engine="scapy"): except: logging.error("Cannot import selected pcap engine: Scapy!") sys.exit() + + try: + from scapy.all import load_layer + global tls_view_feature + tls_view_feature = True + logging.info("tls view feature enabled") + except: + logging.info("tls view feature not enabled") + + if tls_view_feature: + load_layer("tls") # Scapy sessions and other types use more O(N) iterations so just # - use rdpcap + our own iteration (create full duplex streams) @@ -305,8 +319,20 @@ def analyse_packet_data(self): payload = "reverse" # Payload + global tls_view_feature if "TCP" in packet: - memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["TCP"].payload)) + if tls_view_feature: + if "TLS" in packet: + memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["TLS"].msg)) + elif "SSLv2" in packet: + memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["SSLv2"].msg)) + elif "SSLv3" in packet: + memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["SSLv3"].msg)) + else: + memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["TCP"].payload)) + else: + # TODO: clean this payload dump + memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["TCP"].payload)) payload_string = packet["TCP"].payload elif "UDP" in packet: memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["UDP"].payload)) diff --git a/Source/Module/plot_lan_network.py b/Source/Module/plot_lan_network.py index 539846f..0444690 100644 --- a/Source/Module/plot_lan_network.py +++ b/Source/Module/plot_lan_network.py @@ -41,7 +41,10 @@ def __init__(self, filename, path, option="Tor", to_ip="All", from_ip="All"): 'fontcolor': 'black', 'color': ' black', 'style': 'filled', - 'fillcolor': 'yellow' + 'fillcolor': 'yellow', + 'fixedsize': 'true', + 'width': '3', + 'height': '3' } } diff --git a/Source/Module/user_interface.py b/Source/Module/user_interface.py index f1aa4d7..bedd305 100644 --- a/Source/Module/user_interface.py +++ b/Source/Module/user_interface.py @@ -63,7 +63,8 @@ def __init__(self, base): # Browse button #self.filename = StringVar() ttk.Button(InitFrame, text="Browse", command=lambda: self.browse_directory("pcap")).grid(column=2, row=0, padx=10, pady=10,sticky="E") - ttk.Button(InitFrame, text="Analyze!", command=self.pcap_analyse).grid(column=3, row=0, padx=10, pady=10,sticky="E") + self.analyze_button = ttk.Button(InitFrame, text="Analyze!", command=self.pcap_analyse) + self.analyze_button.grid(column=3, row=0, padx=10, pady=10,sticky="E") self.progressbar.grid(column=4, row=0, padx=10, pady=10, sticky="E") # First Frame with Report Directory @@ -88,7 +89,7 @@ def __init__(self, base): self.engine.set('scapy') # Zoom - self.zoom = [900,900] + self.zoom = [900,500] ttk.Button(FirstFrame, text="zoomIn", command=self.zoom_in).grid(row=0,column=10, padx=5, sticky="E") ttk.Button(FirstFrame, text="zoomOut", command=self.zoom_out).grid(row=0,column=19,padx=10, sticky="E") @@ -191,6 +192,7 @@ def pcap_analyse(self): self.ibutton['state'] = 'disabled' self.to_menu['state'] = 'disabled' self.from_menu['state'] = 'disabled' + self.analyze_button['state'] = 'disabled' self.progressbar.start() @@ -254,8 +256,10 @@ def pcap_analyse(self): # Enable controls self.trigger['state'] = 'normal' + self.ibutton['state'] = 'normal' self.to_menu['state'] = 'normal' self.from_menu['state'] = 'normal' + self.analyze_button['state'] = 'normal' else: mb.showerror("Error","File Not Found !") @@ -323,7 +327,13 @@ def load_image(self): def map_select(self, *args): print(self.option.get()) print(self.to_ip.get(), self.from_ip.get()) + self.trigger['state'] = 'disabled' + self.analyze_button['state'] = 'disabled' + self.ibutton['state'] = 'disabled' self.generate_graph() + self.trigger['state'] = 'normal' + self.ibutton['state'] = 'normal' + self.analyze_button['state'] = 'normal' def zoom_in(self): print("zoomin") @@ -334,7 +344,7 @@ def zoom_in(self): def zoom_out(self): print("zoomout") - if self.zoom[0] > 700 and self.zoom[1] > 700: + if self.zoom[0] > 900 and self.zoom[1] > 500: self.zoom[0] -= 100 self.zoom[1] -= 100 else: diff --git a/requirements.txt b/requirements.txt index 1f12c72..3b94de7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -29,3 +29,6 @@ matplotlib cefpython3 pyvis +# Ciphersuites +cryptography + diff --git a/run.sh b/run.sh index ad47e6b..dec4ac4 100644 --- a/run.sh +++ b/run.sh @@ -30,7 +30,7 @@ if [[ "$OSTYPE" == "darwin"* ]]; then # Run Docker Image - Production (Master) #docker run --rm -d --name pcapxray -e DISPLAY=$IP:0 -v /tmp/.X11-unix:/tmp/.X11-unix srinivas11789/pcapxray # Run Docker Image - Staging (Develop) - docker run --rm -d --name pcapxray -v ${PWD}/artifacts:/tmp/artifacts -e DISPLAY=$IP:0 -v /tmp/.X11-unix:/tmp/.X11-unix srinivas11789/pcapxray-2.5 + docker run --rm -d --name pcapxray -v ${PWD}/artifacts:/tmp/artifacts -e DISPLAY=$IP:0 -v /tmp/.X11-unix:/tmp/.X11-unix srinivas11789/pcapxray-2_9 #elif [[ "$OSTYPE" == "linux-gnu" ]]; then @@ -44,7 +44,7 @@ else # Run docker - Production (Master) #docker run --rm --net=host --env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw" srinivas11789/pcapxray # Run docker - Staging (Develop) - docker run --rm -d --name pcapxray -v ${PWD}/artifacts:/tmp/artifacts --net=host --env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw" srinivas11789/pcapxray-2.5 + docker run --rm -d --name pcapxray -v ${PWD}/artifacts:/tmp/artifacts --net=host --env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw" srinivas11789/pcapxray-2_9 fi #else