将base64的rawinfo串转为pcap的方法

tammypi tammypi
2019-06-26 15:48
24
0

RT。代码如下:

#coding:utf-8
import base64
import os
import binascii

def hex2oct(data):
    if data == 'a':
        return 10
    elif data == 'b':
        return 11
    elif data == 'c':
        return 12
    elif data == 'd':
        return 13
    elif data == 'e':
        return 14
    elif data == 'f':
        return 15
    else:
        return int(data)

def custom_convert(data):
    if len(data) == 1:
        return hex2oct(data)
    elif len(data) == 2:
        return hex2oct(data[0])*16 + hex2oct(data[1])
    else:
        return -1

def custom_dump(odata):
    data = odata.encode("hex")
    slen = len(data)
    lines = slen/32
    if slen%32 !=0:
        lines = lines + 1

    content = ""
    for i in range(0, lines):
        line_number = hex(i*16).replace("0x", "")
        line_number = line_number.rjust(8, "0")
        cur_data = data[i*32:(i+1)*32]

        line_data = line_number + "  "
        ascii_str = ""
        for j in range(0, 16):
            citem = ""
            if 2*j < len(cur_data):
                line_data += cur_data[2*j]
                citem += cur_data[2*j]
                if 2*j+1 >= len(cur_data):
                    line_data += " "
                else:
                    line_data += cur_data[2*j+1] + " "
                    citem += cur_data[2*j+1]
            citem_number = custom_convert(citem)
            if citem_number >= 32 and citem_number <= 126:
                ascii_str += chr(citem_number)
            else:
                ascii_str += '.'
            if j == 7:
                line_data += " "
        line_data = line_data.ljust(59, " ")
        line_data += "|"
        line_data += ascii_str
        line_data += "|\n"
        content += line_data
    return content

if __name__ == '__main__':
    inputstr = """AABeAAEJABDb/yAACABFAAXcYTRAAD8GUlyCR/UCCi0BFdbmG1mcY4CS1vWL2YAQAInNrAAAAQEICvInGNrxk8dcAAAKBgVlCAAAAAIAAAAJAAACngEBAHQALndlYmxvZ2ljLm1hbmFnZW1lbnQubWJlYW5zZXJ2ZXJzLmRvbWFpbnJ1bnRpbWVzcgF4cD9AAAAAAAASdwgAAAAZAAAACnQAGndlYmxvZ2ljLnJtaS5jbGllbnRUaW1lb3V0c3ICeHIDeHAAAAAAAAAnEHQAGGphdmEubmFtaW5nLnByb3ZpZGVyLnVybHQAFHQzOi8vMTAuNDUuMS4yMTo3MDAxdAAcamF2YS5uYW1pbmcuZmFjdG9yeS51cmwucGtnc3QANndlYmxvZ2ljLmpuZGkuZmFjdG9yaWVzOndlYmxvZ2ljLmNvcmJhLmoyZWUubmFtaW5nLnVybHQAG2phdmEubmFtaW5nLmZhY3RvcnkuaW5pdGlhbHQAJXdlYmxvZ2ljLmpuZGkuV0xJbml0aWFsQ29udGV4dEZhY3Rvcnl0ABx3ZWJsb2dpYy5qbmRpLnJlcXVlc3RUaW1lb3V0cQB+AAZ0ACdqbXgucmVtb3RlLngubm90aWZpY2F0aW9uLmZldGNoLnRpbWVvdXRzcQB+AAQAAAAAAAAD6HQAFmpteC5yZW1vdGUuY3JlZGVudGlhbHN1cgR4cAAAAAJ0AAh3ZWJsb2dpY3QADHdlYmxvZ2ljMTEyMnQAIWpteC5yZW1vdGUucHJvdG9jb2wucHJvdmlkZXIucGtnc3QAGndlYmxvZ2ljLm1hbmFnZW1lbnQucmVtb3RldAAram14LnJlbW90ZS54LmNsaWVudC5jb25uZWN0aW9uLmNoZWNrLnBlcmlvZHNxAH4ABAAAAAAAAAAAdAAkam14LnJlbW90ZS54LnJlcXVlc3Qud2FpdGluZy50aW1lb3V0cQB+AAZ4cAb+AQAArO0ABXNyAB13ZWJsb2dpYy5yanZtLkNsYXNzVGFibGVFbnRyeS9SZYFX9PntDAAAeHByABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cHcCAAB4/gEAAKztAAVzcgAdd2VibG9naWMucmp2bS5DbGFzc1RhYmxlRW50cnkvUmWBV/T57QwAAHhwcgAQamF2YS5sYW5nLk51bWJlcoaslR0LlOCLAgAAeHB3AgAAeP4BAACs7QAFc3IAHXdlYmxvZ2ljLnJqdm0uQ2xhc3NUYWJsZUVudHJ5L1JlgVf0+e0MAAB4cHIADmphdmEubGFuZy5Mb25nO4vkkMyPI98CAAFKAAV2YWx1ZXhyABBqYXZhLmxhbmcuTnVtYmVyhqyVHQuU4IsCAAB4cHcCAAB4/gEAAKztAAVzcgAdd2VibG9naWMucmp2bS5DbGFzc1RhYmxlRW50cnkvUmWBV/T57QwAAHhwcgATamF2YS51dGlsLkhhc2h0YWJsZRO7DyUhSuS4AwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwdwIAAHj+AQAArO0ABXNyACV3ZWJsb2dpYy5yanZtLkltbXV0YWJsZVNlcnZpY2VDb250ZXh03cuocGOG8LoMAAB4cgApd2VibG9naWMucm1pLnByb3ZpZGVyLkJhc2ljU2VydmljZUNvbnRleHTkYyI2xdSnHgwAAHhwdwIGAHNyACZ3ZWJsb2dpYy5ybWkuaW50ZXJuYWwuTWV0aG9kRGVzY3JpcHRvchJIWoKK9/Z7DAAAeHB3NQAvbG9va3VwKExqYXZhLmxhbmcuU3RyaW5nO0xqYXZhLnV0aWwuSGFzaHRhYmxlOykAAAAJeHj+AQAArO0ABXNyADN3ZWJsb2dpYy5zZWN1cml0eS5hY2wuaW50ZXJuYWwuQXV0aGVudGljYXRlZFN1YmplY3SyzoT2VRkIHAIAAUwACnByaW5jaXBhbHN0AEFMd2VibG9naWMvc2VjdXJpdHkvYWM="""
    inputstr = base64.b64decode(inputstr)
    hex_dump_data = custom_dump(inputstr)
    with open("/root/test.txt","w") as f:
        f.write(custom_dump(inputstr))
    cmd = "text2pcap /root/test.txt /root/test.pcap"
    os.system(cmd)

 

发表评论

验证码: