将base64的rawinfo串转为pcap的方法
tammypi
2019-06-26 15:48
82
0
RT。代码如下:
#coding:utf-8
import base64
import os
import binascii
def hex2oct(data):
if data == 'a':
return 10
elif data == 'b':
return 11
elif data == 'c':
return 12
elif data == 'd':
return 13
elif data == 'e':
return 14
elif data == 'f':
return 15
else:
return int(data)
def custom_convert(data):
if len(data) == 1:
return hex2oct(data)
elif len(data) == 2:
return hex2oct(data[0])*16 + hex2oct(data[1])
else:
return -1
def custom_dump(odata):
data = odata.encode("hex")
slen = len(data)
lines = slen/32
if slen%32 !=0:
lines = lines + 1
content = ""
for i in range(0, lines):
line_number = hex(i*16).replace("0x", "")
line_number = line_number.rjust(8, "0")
cur_data = data[i*32:(i+1)*32]
line_data = line_number + " "
ascii_str = ""
for j in range(0, 16):
citem = ""
if 2*j < len(cur_data):
line_data += cur_data[2*j]
citem += cur_data[2*j]
if 2*j+1 >= len(cur_data):
line_data += " "
else:
line_data += cur_data[2*j+1] + " "
citem += cur_data[2*j+1]
citem_number = custom_convert(citem)
if citem_number >= 32 and citem_number <= 126:
ascii_str += chr(citem_number)
else:
ascii_str += '.'
if j == 7:
line_data += " "
line_data = line_data.ljust(59, " ")
line_data += "|"
line_data += ascii_str
line_data += "|\n"
content += line_data
return content
if __name__ == '__main__':
inputstr = """AABeAAEJABDb/yAACABFAAXcYTRAAD8GUlyCR/UCCi0BFdbmG1mcY4CS1vWL2YAQAInNrAAAAQEICvInGNrxk8dcAAAKBgVlCAAAAAIAAAAJAAACngEBAHQALndlYmxvZ2ljLm1hbmFnZW1lbnQubWJlYW5zZXJ2ZXJzLmRvbWFpbnJ1bnRpbWVzcgF4cD9AAAAAAAASdwgAAAAZAAAACnQAGndlYmxvZ2ljLnJtaS5jbGllbnRUaW1lb3V0c3ICeHIDeHAAAAAAAAAnEHQAGGphdmEubmFtaW5nLnByb3ZpZGVyLnVybHQAFHQzOi8vMTAuNDUuMS4yMTo3MDAxdAAcamF2YS5uYW1pbmcuZmFjdG9yeS51cmwucGtnc3QANndlYmxvZ2ljLmpuZGkuZmFjdG9yaWVzOndlYmxvZ2ljLmNvcmJhLmoyZWUubmFtaW5nLnVybHQAG2phdmEubmFtaW5nLmZhY3RvcnkuaW5pdGlhbHQAJXdlYmxvZ2ljLmpuZGkuV0xJbml0aWFsQ29udGV4dEZhY3Rvcnl0ABx3ZWJsb2dpYy5qbmRpLnJlcXVlc3RUaW1lb3V0cQB+AAZ0ACdqbXgucmVtb3RlLngubm90aWZpY2F0aW9uLmZldGNoLnRpbWVvdXRzcQB+AAQAAAAAAAAD6HQAFmpteC5yZW1vdGUuY3JlZGVudGlhbHN1cgR4cAAAAAJ0AAh3ZWJsb2dpY3QADHdlYmxvZ2ljMTEyMnQAIWpteC5yZW1vdGUucHJvdG9jb2wucHJvdmlkZXIucGtnc3QAGndlYmxvZ2ljLm1hbmFnZW1lbnQucmVtb3RldAAram14LnJlbW90ZS54LmNsaWVudC5jb25uZWN0aW9uLmNoZWNrLnBlcmlvZHNxAH4ABAAAAAAAAAAAdAAkam14LnJlbW90ZS54LnJlcXVlc3Qud2FpdGluZy50aW1lb3V0cQB+AAZ4cAb+AQAArO0ABXNyAB13ZWJsb2dpYy5yanZtLkNsYXNzVGFibGVFbnRyeS9SZYFX9PntDAAAeHByABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cHcCAAB4/gEAAKztAAVzcgAdd2VibG9naWMucmp2bS5DbGFzc1RhYmxlRW50cnkvUmWBV/T57QwAAHhwcgAQamF2YS5sYW5nLk51bWJlcoaslR0LlOCLAgAAeHB3AgAAeP4BAACs7QAFc3IAHXdlYmxvZ2ljLnJqdm0uQ2xhc3NUYWJsZUVudHJ5L1JlgVf0+e0MAAB4cHIADmphdmEubGFuZy5Mb25nO4vkkMyPI98CAAFKAAV2YWx1ZXhyABBqYXZhLmxhbmcuTnVtYmVyhqyVHQuU4IsCAAB4cHcCAAB4/gEAAKztAAVzcgAdd2VibG9naWMucmp2bS5DbGFzc1RhYmxlRW50cnkvUmWBV/T57QwAAHhwcgATamF2YS51dGlsLkhhc2h0YWJsZRO7DyUhSuS4AwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwdwIAAHj+AQAArO0ABXNyACV3ZWJsb2dpYy5yanZtLkltbXV0YWJsZVNlcnZpY2VDb250ZXh03cuocGOG8LoMAAB4cgApd2VibG9naWMucm1pLnByb3ZpZGVyLkJhc2ljU2VydmljZUNvbnRleHTkYyI2xdSnHgwAAHhwdwIGAHNyACZ3ZWJsb2dpYy5ybWkuaW50ZXJuYWwuTWV0aG9kRGVzY3JpcHRvchJIWoKK9/Z7DAAAeHB3NQAvbG9va3VwKExqYXZhLmxhbmcuU3RyaW5nO0xqYXZhLnV0aWwuSGFzaHRhYmxlOykAAAAJeHj+AQAArO0ABXNyADN3ZWJsb2dpYy5zZWN1cml0eS5hY2wuaW50ZXJuYWwuQXV0aGVudGljYXRlZFN1YmplY3SyzoT2VRkIHAIAAUwACnByaW5jaXBhbHN0AEFMd2VibG9naWMvc2VjdXJpdHkvYWM="""
inputstr = base64.b64decode(inputstr)
hex_dump_data = custom_dump(inputstr)
with open("/root/test.txt","w") as f:
f.write(custom_dump(inputstr))
cmd = "text2pcap /root/test.txt /root/test.pcap"
os.system(cmd)
发表评论