From 53267b11810ec03fd6f34065f487dbbe321553ed Mon Sep 17 00:00:00 2001 From: Nex Sabre Date: Wed, 12 Oct 2022 17:04:01 +0200 Subject: [PATCH 1/3] Add option to decode packet thru stdin to the tshark process --- .gitignore | 5 +++- go.mod | 1 + go.sum | 2 ++ goshark/connector.go | 60 ++++++++++++++++++++++++++++++++++++++++++++ main.go | 23 ++++++++++++++++- 5 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 goshark/connector.go diff --git a/.gitignore b/.gitignore index 1de1a7b..1e1eb71 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,7 @@ # vendor/ .txt .bin -main \ No newline at end of file +main + +.vscode/ +__debug_bin diff --git a/go.mod b/go.mod index 4124bba..af2f97f 100644 --- a/go.mod +++ b/go.mod @@ -16,6 +16,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/leodido/go-urn v1.2.1 // indirect github.com/mattn/go-isatty v0.0.16 // indirect + github.com/mitchellh/go-ps v1.0.0 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/pelletier/go-toml/v2 v2.0.5 // indirect diff --git a/go.sum b/go.sum index 8310bb6..085a3b7 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,8 @@ github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= diff --git a/goshark/connector.go b/goshark/connector.go new file mode 100644 index 0000000..e0145f0 --- /dev/null +++ b/goshark/connector.go @@ -0,0 +1,60 @@ +package goshark + +import ( + "encoding/xml" + "fmt" + "io" + "log" + "os/exec" + "strings" +) + +const ONE = "\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x7f\x00\x00\x01\x00\x00\x00" +const TWO = "\x91\xbeFc\ng\r\x00^\x00\x00\x00^\x00\x00\x00" +const THR = "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00P\x00\x01\x00\x00@)|\x82\x7f\x00\x00\x01\x7f\x00\x00\x01`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00" + +type Proto struct { +} + +type Packet struct { + XMLName xml.Name `xml:"packet"` + Protos []Proto `xml:"proto"` +} + +func RunTSharkProcess() { + subProcess := exec.Command( + "tshark", "-l", "-n", "-T", "pdml", "-i", "-", + ) + + stdin, err := subProcess.StdinPipe() + if err != nil { + log.Fatal(err) + } + + go func() { + defer stdin.Close() + // stdin.Write([]byte{1, 67}) + // v, _ := hex.DecodeString(ONE) + // v2, _ := hex.DecodeString(TWO) + // v3, _ := hex.DecodeString(THR) + + io.WriteString(stdin, ONE) + io.WriteString(stdin, TWO) + io.WriteString(stdin, THR) + // stdin.Write(v3) + // io.WriteString(stdin, fmt.Sprintf("%s%s%s", ONE, TWO, THR)) + }() + + out, err := subProcess.CombinedOutput() + if err != nil { + log.Fatal("something went wrong with decoding packet...") + } + + out2 := string(out) + start, stop := strings.Index(out2, ""), strings.Index(out2, "") + fmt.Printf("\n%s\n", out[start:stop+9]) + + var packet Packet + xml.Unmarshal(out[start:stop+9], &packet) + fmt.Println(packet) +} diff --git a/main.go b/main.go index 8f25eaa..12e71a7 100644 --- a/main.go +++ b/main.go @@ -2,11 +2,32 @@ package main import ( "fmt" + "log" "github.com/PacketHelper/goshark/v2/goshark" + ps "github.com/mitchellh/go-ps" ) +func findPyShark() { + processes, err := ps.Processes() + if err != nil { + log.Fatal(err) + } + + var processObj ps.Process + for x := range processes { + p := processes[x] + processName := p.Executable() + if processName == "tshark" { + processObj = p + break + } + } + fmt.Print(processObj.PPid()) +} + func main() { fmt.Print("Starting goshark api...") - goshark.HttpServer() + // goshark.HttpServer() + goshark.RunTSharkProcess() } From d6f05f5f6549b30278e29d6a739a04e31f2f0892 Mon Sep 17 00:00:00 2001 From: Nex Sabre Date: Wed, 12 Oct 2022 19:57:01 +0200 Subject: [PATCH 2/3] Add output structure for pdml type --- goshark/connector.go | 8 -------- goshark/structures.go | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 8 deletions(-) create mode 100644 goshark/structures.go diff --git a/goshark/connector.go b/goshark/connector.go index e0145f0..30532a9 100644 --- a/goshark/connector.go +++ b/goshark/connector.go @@ -13,14 +13,6 @@ const ONE = "\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf const TWO = "\x91\xbeFc\ng\r\x00^\x00\x00\x00^\x00\x00\x00" const THR = "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00P\x00\x01\x00\x00@)|\x82\x7f\x00\x00\x01\x7f\x00\x00\x01`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00" -type Proto struct { -} - -type Packet struct { - XMLName xml.Name `xml:"packet"` - Protos []Proto `xml:"proto"` -} - func RunTSharkProcess() { subProcess := exec.Command( "tshark", "-l", "-n", "-T", "pdml", "-i", "-", diff --git a/goshark/structures.go b/goshark/structures.go new file mode 100644 index 0000000..53398f5 --- /dev/null +++ b/goshark/structures.go @@ -0,0 +1,36 @@ +package goshark + +import "encoding/xml" + +type Packet struct { + XMLName xml.Name `xml:"packet"` + Protos []Proto `xml:"proto"` +} +type Proto struct { + XMLNAME xml.Name `xml:"proto"` + Name string `xml:"name,attr"` + Pos int `xml:"pos,attr"` + Showname string `xml:"showname,attr"` + Size int `xml:"size,attr"` + Field []Field `xml:"field"` +} + +type Field struct { + Name string `xml:"name,attr"` + Pos int `xml:"pos,attr"` + Show string `xml:"show,attr"` + Showname string `xml:"showname,attr"` + Value string `xml:"value,attr"` + Size int `xml:"size,attr"` + DetailedField []DetailedField `xml:"field"` +} + +type DetailedField struct { + Name string `xml:"name,attr"` + Pos int `xml:"pos,attr"` + Show string `xml:"show,attr"` + Showname string `xml:"showname,attr"` + Value string `xml:"value,attr"` + Size int `xml:"size,attr"` + Hide string `xml:"hide,attr"` +} From 491175155629b629ed0fe308dc6410f4fde50332 Mon Sep 17 00:00:00 2001 From: Nex Sabre Date: Thu, 20 Oct 2022 21:11:36 +0200 Subject: [PATCH 3/3] save work for later --- goshark/api_test.go | 6 ++--- goshark/connector.go | 26 +++++++++++++++++-- goshark/{decode.go => file_decode.go} | 0 .../{decode_test.go => file_decode_test.go} | 0 goshark/struct_pack.go | 20 ++++++++++++++ goshark/struct_pack_test.go | 23 ++++++++++++++++ main.go | 3 ++- 7 files changed, 72 insertions(+), 6 deletions(-) rename goshark/{decode.go => file_decode.go} (100%) rename goshark/{decode_test.go => file_decode_test.go} (100%) create mode 100644 goshark/struct_pack.go create mode 100644 goshark/struct_pack_test.go diff --git a/goshark/api_test.go b/goshark/api_test.go index cb8fef9..cdf09db 100644 --- a/goshark/api_test.go +++ b/goshark/api_test.go @@ -1,7 +1,7 @@ package goshark import ( - "io/ioutil" + "io" "net/http" "net/http/httptest" "testing" @@ -26,7 +26,7 @@ func TestStatusZHandler(t *testing.T) { w := httptest.NewRecorder() r.ServeHTTP(w, req) - responseData, _ := ioutil.ReadAll(w.Body) + responseData, _ := io.ReadAll(w.Body) assert.Equal(t, http.StatusOK, w.Code) assert.Equal(t, mockResponse, string(responseData)) } @@ -41,7 +41,7 @@ func TestGetHexHandler(t *testing.T) { w := httptest.NewRecorder() r.ServeHTTP(w, req) - responseData, _ := ioutil.ReadAll(w.Body) + responseData, _ := io.ReadAll(w.Body) assert.Equal(t, mockResponse, string(responseData)) assert.Equal(t, http.StatusOK, w.Code) } diff --git a/goshark/connector.go b/goshark/connector.go index 30532a9..cd0673f 100644 --- a/goshark/connector.go +++ b/goshark/connector.go @@ -1,6 +1,7 @@ package goshark import ( + "encoding/hex" "encoding/xml" "fmt" "io" @@ -9,10 +10,31 @@ import ( "strings" ) -const ONE = "\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x7f\x00\x00\x01\x00\x00\x00" +const TSharkHeader = "\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x7f\x00\x00\x01\x00\x00\x00" const TWO = "\x91\xbeFc\ng\r\x00^\x00\x00\x00^\x00\x00\x00" const THR = "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00P\x00\x01\x00\x00@)|\x82\x7f\x00\x00\x01\x7f\x00\x00\x01`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00" +func CreateTSharkHeader() (header string) { + // var _bytes []byte + + // _bytes = append(_bytes, []byte("1")...) + // fmt.Println(_bytes) + + // a := fmt.Sprintf("%b", 1) + // a, _ := hex.DecodeString("7fff") + // b, _ := strconv.ParseInt("3", 2, 0) + // fmt.Print(b) + // fmt.Println([]byte(a)) + fmt.Println([]byte(TSharkHeader)) + fmt.Println(hex.DecodeString("ff")) + return header +} + +func createTSharkPacketInformationHeader() { + +} + +// RunTSharkProcess spawn a TShark process and transfer to it packets to decode func RunTSharkProcess() { subProcess := exec.Command( "tshark", "-l", "-n", "-T", "pdml", "-i", "-", @@ -30,7 +52,7 @@ func RunTSharkProcess() { // v2, _ := hex.DecodeString(TWO) // v3, _ := hex.DecodeString(THR) - io.WriteString(stdin, ONE) + // io.WriteString(stdin, ONE) io.WriteString(stdin, TWO) io.WriteString(stdin, THR) // stdin.Write(v3) diff --git a/goshark/decode.go b/goshark/file_decode.go similarity index 100% rename from goshark/decode.go rename to goshark/file_decode.go diff --git a/goshark/decode_test.go b/goshark/file_decode_test.go similarity index 100% rename from goshark/decode_test.go rename to goshark/file_decode_test.go diff --git a/goshark/struct_pack.go b/goshark/struct_pack.go new file mode 100644 index 0000000..f687bac --- /dev/null +++ b/goshark/struct_pack.go @@ -0,0 +1,20 @@ +package goshark + +import ( + "errors" + "fmt" + "strings" +) + +func structPack(format string, a ...int) (int, error) { + if len(format) != len(a) { + return 0, errors.New("wrong format or missing arguments") + } + + var formatList = strings.Split(format, "") + + for i := range a { + fmt.Println(formatList[i], a[i]) + } + return 0, nil +} diff --git a/goshark/struct_pack_test.go b/goshark/struct_pack_test.go new file mode 100644 index 0000000..b39301b --- /dev/null +++ b/goshark/struct_pack_test.go @@ -0,0 +1,23 @@ +package goshark + +import ( + "errors" + "log" + "testing" + + "github.com/go-playground/assert/v2" +) + +func TestStructPack(t *testing.T) { + output, err := structPack("II", 1, 2) + if err != nil { + log.Fatal() + } + assert.Equal(t, output, 0) +} + +func TestNegativeStructPackIncorrectFormat(t *testing.T) { + header := "IIHHIIII" + _, err := structPack(header, 1, 2, 3, 4, 5) + assert.Equal(t, err, errors.New("wrong format or missing arguments")) +} diff --git a/main.go b/main.go index 12e71a7..9f85d0a 100644 --- a/main.go +++ b/main.go @@ -29,5 +29,6 @@ func findPyShark() { func main() { fmt.Print("Starting goshark api...") // goshark.HttpServer() - goshark.RunTSharkProcess() + // goshark.RunTSharkProcess() + goshark.CreateTSharkHeader() }