I wrote this bro script to extract all files from a Pcap file. The problem is that it is not extracting all files. I have a http.cap that I analyzed with Wireshark, and I exported Http objects resulting in to 2 .html files. My bro script is extracting only one of this files.
#load base/files/extract
global hash_number = 100;
event bro_init()
{
#Log::disable_stream(Conn::LOG);
mkdir("extract_files");
}
event file_sniff(f: fa_file, meta: fa_metadata)
{
local ext = "";
if ( meta?$mime_type )
ext = split_string(meta$mime_type, /\//)[1];
local hash = f$seen_bytes % hash_number;
mkdir(fmt("./extract_files/%d", hash));
local file_path = fmt("%d/%s-%s.%s", hash, f$source, f$id, ext);
Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=file_path]);
}
I called my bro script like this: bro -r http.cap myscript.bro.
I debugged the file_sniff event with print functions and only 1 of the 2 .html files is tracked. It is something wrong with the Bro platform or It is something I am missing?
This is my pcap file.
I also tried with this other pcap file and get the same result. In Wireshark i get some images, js and http files, and bro extracts only 2 images.
I asked to people in freenode chat (channel #Bro) and they told me that those pcaps have connections without the handshake. So, bro do no track packages in connections without a handshake, opposite to Wireshark. This issue is descrived in the change log of version 2.5 of bro as solved, but i donwloaded this beta version, compiled it and get the same result. I dont know if it is because is a beta version. I hope this gets fixed in future versions.
Related
I am creating my first Grafana panel plugin to display GLG grphics. I am using react simple panel plugin.
For GLG implementation I am having GLG static library(can't install with npm). So I added my GLG library files(GlgCE.js, GlgTooklitCE.js, gunzip.min.js) in external folder. I am importing all these library files in SimplePanel.tsx file. One of my step is to decompress created the data.In my GlgToolkit.js I am having below code which creates object for Zlib.Gunzip and decompress the data which is in Uint8Array format.
tproto.__glg_gunzip_hook__ = (data) => {
var gunzip = new Zlib.Gunzip(data);
return gunzip.decompress();
};
My problem is that above code is not working, while debugging I can say its unable to create object for Zlib.Gunzip. It returing undefine for gunzip variable, and data is not getting decompress.
I will be great if anybody caan help me on this.How can one library file can communicate with other(in this case gunzip.min.js).
I found my own solution, I imported the gunzip.min.js file in my library file.
import * as Zlib from './gunzip.min.js';
I am currently developing a Meteor React app, which is using the ostrio:files package to store audio files in a collection named Files. In another (regular mongo) collection, I am using the following code in the transform function to "join" the document with the link to the audio file:
transform: function(doc){
let curAudio = doc.audio;
let audioFile = Files.collection.findOne({_id: curAudio.file_id});
if(audioFile){
curAudio.audioLink = Files.link(audioFile);
curAudio.audioLength = audioFile.meta.length;
curAudio.audioSize = audioFile.size;
doc.audio = curAudio;
}
return doc;
}
This seems to work just fine, as the resulting audio.audioLink is something like
http://localhost:3000/cdn/storage/files/8Q7WwEXyJSkNWwFQa/original/8Q7WwEXyJSkNWwFQa.m4a
But when I try to do something like this
<audio controls preload="none" style={{width: "480px"}}>
<source src={track.audioLink} type="audio/mp4"/>
<p>Your browser does not support HTML5 audio.</p>
</audio>
To be able to play the file, everything works until I click the play button of the HTML5 player. Then, chrome outputs to the console, that the server returned 404 when the file was supposed to be loaded. I tested putting the link into the adress bar, here the server response is just
File Not Found :(
Does anyone have an idea how to fix this?
I found the answer:
My local Ubuntu installation was apparently configured to store uploaded files in /tmp, which didn't caus problems until I restarted the system or cleared my temporary files otherwise. Having the server recreate the DB fixed the problem.
Joomla has a feature where it loads the a minified javascript file and the uncompressed version when the site is in debug mode.
I have named both my files correctly and am include it as follows:
JHtml::_('script', JUri::root() . 'path_to_file/jquery-sortable.js');
When I put the site in debug mode, it does not load the uncompressed file.
However, If I use the following instead, it works fine:
JHtml::_('script', 'path_to_file/jquery-sortable.js');
Now I'm not sure whether this is a bug in Joomla or not, but I cannot find any information online regarding this. I would like to use JURI::root() in the path.
Does anyone have any information on this?
Indeed, if the script URL begins with http, the code that is responsible for including the uncompressed version (i.e, remove the min. segment if such exists or add -uncompressed otherwise) is ignored.
The source for this behavior:
JHtml::includeRelativeFiles() in libraries/cms/html/html.php:298
protected static function includeRelativeFiles($folder, $file, $relative, $detect_browser, $detect_debug)
{
// If http is present in filename
if (strpos($file, 'http') === 0)
{
$includes = array($file);
}
else
//process the script sourch.
}
...
}
Most of the script files, including frameworks, are included as relative paths. I guess that this behavior is meant to prevent remote resources from getting 404ed.
I just upgraded from cakephp 1.1 to 1.3. I have everything on the site updated and working great, except for creating and downloading zip files.
Here is the code in my accounts_controller.php:
function zip() {
$this->checkSession();
$this->checkUpgradedAccount();
$files = array();
$this->layout="zip";
/*
code where I locate the files to zip, combine them, etc
*/
$tmp_file = "/home/[userdirectory]/tmp/".md5(mktime()).".zip"; //directory name edited
$command = "/usr/bin/zip -j $tmp_file ".implode(" ",$zip_files);
exec($command);
foreach($zip_files as $zf) {
unlink($zf);
}
$file_path = $tmp_file;
$this->set("path",$file_path);
$this->render();
}
When I call this action, however, I get an error:
Error: The requested address '/accounts/zip' was not found on this
server.
It worked just like this in version 1.1. I'm assuming something has changed, but I'm not sure what, and was unable to find anything pertinent in the documentation.
The zip.ctp view file does exists, but it has nothing in it other than: <?php ?>
I suspect something is different with layouts. There is NO "zip.ctp" in the /layouts directory. However, I have changed that line to $this->layout('default'); and it renders a blank page with NO ERROR, but also with no download.
Please direct me on the proper way to download my zip file in cake 1.3. Thanks in advance.
You have two different problems here. That error you're getting is because you don't have a zip layout file. As for your problem with getting the zip file, you should be using the media view class - http://book.cakephp.org/1.3/en/The-Manual/Developing-with-CakePHP/Views.html#media-views
Okay so I'm trying to make a script that can edit an external .txt file. I want to be able to do something like /name John Doe and it saves that name in the file that the command is supposed to edit.
Another example would be I have a file called List.txt associated with the command /todo, whenever I do /todo * it adds whatever came after the command to the List.txt file.
Is there any way I can do this in javascript?
You're in luck, it appears that HTML5 actually supports this. Of course you'll have to run it through a browser, I don't know if you can hack it somehow to work from bash.
Yes, its possible to do this by creating an ajax http request to an server server side script that edits the file based on the http request's content.
Heres an example PHP serverside script the handle the ajax request:
Note: This example has a lot of security issues and is untested
<?php
$command = $_POST['command'];
$argument = $_POST['argument'];
if ($command == "name") {
$file = fopen("names.txt", "a");
fwrite($file, $argument."\n");
fclose($file);
} else if ($command == "todo") {
$file = fopen("todo.txt", "a");
fwrite($file, $argument."\n");
fclose($file);
}
?>
There is also a great tutorial on AJAX requests here
They also have a php tutorial on here
ps. sorry it took so long.