pcapng_utils package
Subpackages
- pcapng_utils.har package
- Subpackages
- pcapng_utils.har.pirogue_enrichment package
- Submodules
- pcapng_utils.har.pirogue_enrichment.base module
- pcapng_utils.har.pirogue_enrichment.decryption module
- pcapng_utils.har.pirogue_enrichment.sorted_list module
- pcapng_utils.har.pirogue_enrichment.stacktrace module
- pcapng_utils.har.pirogue_enrichment.types module
- pcapng_utils.har.pirogue_enrichment.utils module
- Module contents
- pcapng_utils.har.pirogue_enrichment package
- Module contents
- Subpackages
- pcapng_utils.tshark package
Submodules
pcapng_utils.payload module
- class pcapng_utils.payload.HARPayloadDict[source]
Bases:
TypedDict- encoding: NotRequired[Literal['base64']]
- class pcapng_utils.payload.Payload(bytes_=b'')[source]
Bases:
objectRepresentation of either bytes, possibly representing UTF8 plain-text (useful for HAR export).
- to_har_dict()[source]
Serialize content, with HAR formalism (cf. remarks in update_har_request).
- Return type:
- update_har_request(request_entry, mimetype)[source]
Complete entry.request in-place
In specs, size & encoding are not supported for postData, so we shall use the httptoolkit standard to store non-printable request data, in the dedicated _content field + _requestBodyStatus: ‘discarded:not-representable’
We remove any original request data keys prior to filling with new ones
pcapng_utils.pcapng_to_har module
- class pcapng_utils.pcapng_to_har.PcapngToHar(input, output=None, *, tshark_out=None, time_shift=0.0, socket_operations_file=None, cryptography_operations_file=None, tshark, force=False, verbose=False)[source]
Bases:
objectCLI script for converting .pcapng file to .har file using tshark
- cryptography_operations_file: _ArgConfig(name=None, metavar=PATH, help=None, help_behavior_hint=None, aliases=('-cf',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = None
Path to the cryptography data file generated by Pirogue, INPUT_DIR/aes_info.json if unset
- force: _ArgConfig(name=None, metavar=None, help=None, help_behavior_hint=None, aliases=('-f',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = False
Whether to overwrite output if it exists
- input: _ArgConfig(name=None, metavar=None, help=None, help_behavior_hint=None, aliases=('-i',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)]
Path to input .pcapng
- output: _ArgConfig(name=None, metavar=PATH, help=None, help_behavior_hint=None, aliases=('-o',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = None
Path to output .har, INPUT.har if unset
- socket_operations_file: _ArgConfig(name=None, metavar=PATH, help=None, help_behavior_hint=None, aliases=('-sf',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = None
Path to the socket operations data file generated by Pirogue, INPUT_DIR/socket_trace.json if unset
- time_shift: _ArgConfig(name=None, metavar=SECONDS, help=None, help_behavior_hint=None, aliases=None, prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = 0.0
Systematic time shift in seconds between socket operations timestamps vs. network traffic timestamps. Positive means network traffic timestamps (Pirogue date) were earlier than socket operations timestamps (phone date).
- tshark_out: _ArgConfig(name=None, metavar=PATH|1, help=None, help_behavior_hint=None, aliases=('-ot',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = None
Path to raw tshark output as .json optional, if ot=1 -> OUTPUT.json
- verbose: _ArgConfig(name=None, metavar=None, help=None, help_behavior_hint=None, aliases=('-v',), prefix_name=None, constructor_factory=None, default=<NonpropagatingMissingType id='140206783867136'>)] = False
Activate verbose logging