pcapng_utils package

Subpackages

• pcapng_utils.har package
  • Subpackages
    • pcapng_utils.har.pirogue_enrichment package
      • Submodules
      • pcapng_utils.har.pirogue_enrichment.base module
      • pcapng_utils.har.pirogue_enrichment.decryption module
      • pcapng_utils.har.pirogue_enrichment.sorted_list module
      • pcapng_utils.har.pirogue_enrichment.stacktrace module
      • pcapng_utils.har.pirogue_enrichment.types module
      • pcapng_utils.har.pirogue_enrichment.utils module
      • Module contents
  • Module contents
• pcapng_utils.tshark package
  • Subpackages
    • pcapng_utils.tshark.protocols package
      • Submodules
      • pcapng_utils.tshark.protocols.http1 module
      • pcapng_utils.tshark.protocols.http2 module
      • Module contents
  • Submodules
  • pcapng_utils.tshark.traffic module
    • NetworkTrafficDump
      • NetworkTrafficDump.creation_metadata
      • NetworkTrafficDump.traffic
      • NetworkTrafficDump.parsed_traffic
      • NetworkTrafficDump.parse_traffic()
      • NetworkTrafficDump.to_har()
  • pcapng_utils.tshark.types module
    • HasLayers
      • HasLayers.layers
    • ParsedTrafficProtocol
      • ParsedTrafficProtocol.get_har_entries()
  • pcapng_utils.tshark.utils module
    • get_tshark_bytes_from_raw()
    • har_entry_with_common_fields()
  • pcapng_utils.tshark.wrapper module
    • Tshark
      • Tshark.get_command()
      • Tshark.load_traffic()
      • Tshark.display_filter
      • Tshark.hash_algo
      • Tshark.hosts_file
      • Tshark.less_than_v4_4
      • Tshark.name_resolution
      • Tshark.protocol_match_filter
      • Tshark.tcp_reassemble_out_of_order
      • Tshark.timeout
      • Tshark.tshark_cmd
      • Tshark.version
    • TsharkOutput
      • TsharkOutput.list_layers
      • TsharkOutput.list_packets
      • TsharkOutput.metadata
    • cli_dump_tshark_layers_as_json()
  • Module contents
    • NetworkTrafficDump
      • NetworkTrafficDump.creation_metadata
      • NetworkTrafficDump.traffic
      • NetworkTrafficDump.parsed_traffic
      • NetworkTrafficDump.parse_traffic()
      • NetworkTrafficDump.to_har()
    • Tshark
      • Tshark.get_command()
      • Tshark.load_traffic()
      • Tshark.display_filter
      • Tshark.hash_algo
      • Tshark.hosts_file
      • Tshark.less_than_v4_4
      • Tshark.name_resolution
      • Tshark.protocol_match_filter
      • Tshark.tcp_reassemble_out_of_order
      • Tshark.timeout
      • Tshark.tshark_cmd
      • Tshark.version

Submodules

pcapng_utils.payload module

class pcapng_utils.payload.HARPayloadDict

Bases: TypedDict

encoding: NotRequired[Literal['base64']]

size: int

text: str

class pcapng_utils.payload.Payload(bytes_=b'')

Bases: object

Representation of either bytes, possibly representing UTF8 plain-text (useful for HAR export).

classmethod concat(*payloads)

Concatenate all payloads in order.

Return type:

Self

to_har_dict()

Serialize content, with HAR formalism (cf. remarks in update_har_request).

Return type:

HARPayloadDict

update_har_request(request_entry, mimetype)

Complete entry.request in-place

In specs, size & encoding are not supported for postData, so we shall use the httptoolkit standard to store non-printable request data, in the dedicated _content field + _requestBodyStatus: ‘discarded:not-representable’

We remove any original request data keys prior to filling with new ones

update_har_response(response_entry, mimetype)

Complete entry.response in-place

bytes_: bytes = b''

property sha1: str

property size: int

pcapng_utils.pcapng_to_har module

class pcapng_utils.pcapng_to_har.PcapngToHar(input, output=None, *, tshark_out=None, tshark=<factory>, ensure_ascii=False, time_shift=None, socket_operations_file=None, cryptography_operations_file=None, force=False, verbose=0)

Bases: object

CLI script for converting .pcapng file to .har file using tshark

classmethod cli()

configure_logging()

run(**json_dump_kws)

cryptography_operations_file: Annotated[Literal[''] | Path | None, _ArgConfig(name=None, metavar=PATH, help=None, help_behavior_hint=None, aliases='-cf', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = None

Path to the cryptography data file generated by Pirogue, INPUT_DIR/aes_info.json if unset

ensure_ascii: bool = False

Whether to escape non-ASCII symbols in HAR output

force: Annotated[bool, _ArgConfig(name=None, metavar=None, help=None, help_behavior_hint=None, aliases='-f', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = False

Whether to overwrite output if it exists

input: Annotated[Path, _ArgConfig(name=None, metavar=None, help=None, help_behavior_hint=None, aliases='-i', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)]

Path to input .pcapng

output: Annotated[Path | None, _ArgConfig(name=None, metavar=PATH, help=None, help_behavior_hint=None, aliases='-o', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = None

Path to output .har, INPUT.har if unset

property output_raw_tshark: Path | Literal[True] | None

socket_operations_file: Annotated[Literal[''] | Path | None, _ArgConfig(name=None, metavar=PATH, help=None, help_behavior_hint=None, aliases='-sf', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = None

Path to the socket operations data file generated by Pirogue, INPUT_DIR/socket_trace.json if unset

time_shift: Annotated[float | None, _ArgConfig(name=None, metavar=SECONDS, help=None, help_behavior_hint=None, aliases=None, prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = None

Systematic time shift in seconds between socket operations timestamps vs. network traffic timestamps. Positive means network traffic timestamps (Pirogue date) were earlier than socket operations timestamps (phone date).

When keeping default and Pirogue INPUT_DIR/experiment.json file is present under same directory than input .pcapng, this time-shift will be deduced from the recorded difference between device and network start_capture_time

tshark: Tshark

Configuration for tshark wrapper

tshark_out: Annotated[Literal[1, '1', True, 'true', 'True', 'TRUE'] | str | None, _ArgConfig(name=None, metavar=PATH | 1, help=None, help_behavior_hint=None, aliases='-ot', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = None

Path to raw tshark output as .json optional, if ot=1 -> OUTPUT.json

verbose: Annotated[int, UseCounterAction, _ArgConfig(name=None, metavar=None, help=None, help_behavior_hint=None, aliases='-v', prefix_name=None, constructor_factory=None, default=tyro.MISSING_NONPROP)] = 0

Increase logging verbosity

pcapng_utils.pcapng_to_har.enrich_har_with_io(har_data, enricher, input_dir, input_enrichment_file, default_enrichment_filename, logger, **enrich_params)

Return type:

bool

pcapng_utils.pcapng_to_har.pcapng_to_har(input_file, output_file=None, *, tshark=None, output_raw_tshark=None, socket_operations_file=None, cryptography_operations_file=None, overwrite=False, systematic_time_shift=None, **json_dump_kws)

Convert .pcapng file to .har file using tshark

Module contents