Skip to content

parse_pcap_klap: use request_uri for matching the response #1136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rytilahti merged 2 commits into from
Sep 28, 2024
+25 −9
Merged

parse_pcap_klap: use request_uri for matching the response #1136

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
219afa5
parse_pcap_klap: use request_uri for matching the response
rytilahti Sep 28, 2024
26b159b
Fix linting
rytilahti Sep 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 25 additions & 9 deletions devtools/parse_pcap_klap.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,24 @@
from kasa.protocol import DEFAULT_CREDENTIALS, get_default_credentials


def _is_http_response_for_packet(response, packet):
"""Return True if the *response* contains a response for request in *packet*.

Different tshark versions use different field for the information.
"""
if not hasattr(response, "http"):
return False
if hasattr(response.http, "response_for_uri") and (
response.http.response_for_uri == packet.http.request_full_uri
):
return True
# tshark 4.4.0
if response.http.request_uri == packet.http.request_uri:
return True

return False


class MyEncryptionSession(KlapEncryptionSession):
"""A custom KlapEncryptionSession class that allows for decryption."""

Expand Down Expand Up @@ -222,7 +240,7 @@ def main(
while True:
try:
packet = capture.next()
# packet_number = capture._current_packet
packet_number = capture._current_packet
# we only care about http packets
if hasattr(
packet, "http"
Expand Down Expand Up @@ -267,18 +285,16 @@ def main(
message = bytes.fromhex(data)
operator.local_seed = message
response = None
print(
f"got handshake1 in {packet_number}, "
f"looking for the response"
)
while (
True
): # we are going to now look for the response to this request
response = capture.next()
if (
hasattr(response, "http")
and hasattr(response.http, "response_for_uri")
and (
response.http.response_for_uri
== packet.http.request_full_uri
)
):
if _is_http_response_for_packet(response, packet):
print(f"found response in {packet_number}")
break
data = response.http.get_field_value("file_data", raw=True)
message = bytes.fromhex(data)
Expand Down