diff --git a/main.go b/main.go index 9ebb4fb..d376db3 100644 --- a/main.go +++ b/main.go @@ -33,9 +33,15 @@ func main() { log.Fatalf("Error occurred while analyzing: %s", analyzeErr.Error()) } + // Extract found and requested files + output.StoreFiles() + // Show user analysis analyze.PrintSummary() + // Print filemanager summary + output.PrintSummary() + // Finalize output output.Finalize() } diff --git a/output/flag.go b/output/flag.go index 33595dd..5287df6 100644 --- a/output/flag.go +++ b/output/flag.go @@ -5,11 +5,17 @@ import "flag" var ( fullOutput *bool printEmptyBlocks *bool + targetFiles *string + targetAllFiles *bool + targetOutput *string ) func RegisterFlags() { fullOutput = flag.Bool("full-output", false, "Show full output instead of limiting submodule output") printEmptyBlocks = flag.Bool("print-empty-blocks", false, "Prints blocks (submodule output) even if the submodule doesn't have any content to print.") + targetFiles = flag.String("extract-these", "", "Comma-separated list of files to extract.") + targetAllFiles = flag.Bool("extract-all", false, "Extract all files found.") + targetOutput = flag.String("extract-to", "./extracted", "Directory to store extracted files in.") } diff --git a/output/output.go b/output/output.go index 3041c9e..0e80ae6 100644 --- a/output/output.go +++ b/output/output.go @@ -17,4 +17,10 @@ func Finalize() { // We did - inform user about this printer.Println("Some submodule output was hidden. Add --print-empty-blocks to show it.") } + + // Check if the user didn't use the file extract option, although there were files available to extract + if extractedFiles == 0 && len(registeredFiles) > 0 { + // User avoided the files + printer.Println("Files found in stream. Add --extract-all or --extract-these to extract them.") + } } diff --git a/protocol/http/httpResponseFactory.go b/protocol/http/httpResponseFactory.go index 95b0b90..74d0095 100644 --- a/protocol/http/httpResponseFactory.go +++ b/protocol/http/httpResponseFactory.go @@ -3,10 +3,12 @@ package http import ( "bufio" "fmt" + "git.darknebu.la/maride/pancap/output" "github.com/google/gopacket" "github.com/google/gopacket/tcpassembly" "github.com/google/gopacket/tcpassembly/tcpreader" "io" + "io/ioutil" "net/http" ) @@ -48,9 +50,12 @@ func (h *httpResponseStream) run() { // Ignore, because it may be a request } else { // Try to process assembled request - tcpreader.DiscardBytesToEOF(resp.Body) + fileBytes, _ := ioutil.ReadAll(resp.Body) resp.Body.Close() + // Register file in filemanager + output.RegisterFile("", fileBytes, "HTTP response") + // Build summary line := fmt.Sprintf("Response %s, Type %s, Size %d bytes", resp.Status, resp.Header.Get("Content-Type"), resp.ContentLength) responseSummaryLines = append(responseSummaryLines, line)