Minor bug fixes. A few new precanned reports. Added support to pcap c…

…ode 101 raw packets. darcs-hash:20090622005154-20ca2-546de281c97a24614975b6f965cb3c91f52eeefe.gz
anarchivist · Jun 22, 2009 · c77379b · c77379b
1 parent 83c7698
commit c77379b
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 3 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -8,7 +8,8 @@ my_utilities		=	$(shell find utilities -not -name .\*)
 my_examples		=	$(shell find examples -not -name .\*)
 bin_SCRIPTS		=	pyflag pyflash pyflag_launch src/pyflag/conf.py
 pkgdata_DATA		=	$(my_data) \
-				data/magic.mgc data/magic.mime.mgc
+				data/magic.mgc data/magic.mime.mgc \
+				images/changelog.html
 pkgpython_PYTHON        =       src/pyflag/conf.py
 nobase_pkgdata_DATA	=	$(my_images) $(my_utilities) $(my_examples)
 man_MANS		=	pyflag.1
@@ -56,6 +57,11 @@ deb-pkg:
 	chmod 744 debian/rules
 	dpkg-buildpackage -rfakeroot
 
+images/changelog.html:
+	echo "<html><body><pre>" > images/changelog.html
+	cat _darcs/inventory >> images/changelog.html
+	echo "</pre></body></html>" >> images/changelog.html
+
 data/magic.mgc: data/magic
 	cd data && file -C -m magic
 

diff --git a/src/FileFormats/HTML.py b/src/FileFormats/HTML.py
@@ -37,7 +37,9 @@ def decoder(x):
         return x.group(1).decode("hex")
 
     ## we can use this to handle arbitrary levels of quoting
-    string = re.sub("%(..)", decoder, string)
+    try:
+        string = re.sub("%(..)", decoder, string)
+    except: pass
 
     ## references seem to _always_ be encoded using utf8 - even if the
     ## page is encoded using a different charset??? This whole quoting

diff --git a/src/include/pcap.h b/src/include/pcap.h
@@ -22,6 +22,7 @@ dependancy on libpcap. (We dont actually link against it). */
 #define DLT_FDDI	10	/* FDDI */
 #define DLT_RAW         12      /* Raw headers (no link layer) */
 #define DLT_RAW2        14
+#define DLT_RAW3        101
 
 #define DLT_IEEE802_11  105     /* IEEE 802.11 wireless */
 #define DLT_LINUX_SLL	113

diff --git a/src/network/network.c b/src/network/network.c
@@ -70,6 +70,7 @@ int Root_Read(Packet self, StringIO input) {
 
   case DLT_RAW:
   case DLT_RAW2:
+  case DLT_RAW3:
     this->packet.eth = (Packet)CONSTRUCT(IP, Packet, super.Con, self, self);
     return CALL(this->packet.eth, Read, input);
 

diff --git a/src/plugins/Core.py b/src/plugins/Core.py
@@ -618,6 +618,7 @@ def display(self, query, result):
         cdbh.execute("select count(*) as count from inode")
         row = cdbh.fetch()
         result.row("Total Inodes in VFS", row['count'])
+        result.link("Changelog", url="images/changelog.html")
         result.end_table()
 
 

diff --git a/src/plugins/PreCanned/Basic.py b/src/plugins/PreCanned/Basic.py
@@ -74,6 +74,27 @@ class Images(Reports.PreCannedCaseTableReports):
     default_table = "TypeCaseTable"
     columns = ['Thumbnail', 'InodeTable.Size','FileTable.Filename']
 
+class Videos(Reports.PreCannedCaseTableReports):
+    """ Display a preview of Videos """
+    args = {'filter':' "Thumbnail"  has_magic video',
+            'order': 1, 'direction':0}
+    family = "Disk Forensics"
+    description = "View all Videos "
+    name = "/Disk Forensics/Multimedia/Videos"
+    default_table = "TypeCaseTable"
+    columns = ['Thumbnail', 'InodeTable.Size','FileTable.Filename']
+
+class OfficeFiles(Reports.PreCannedCaseTableReports):
+    """ Display a preview of Office files """
+    args = {'filter':' "Thumbnail"  has_magic office ',
+            'order': 1, 'direction':0}
+    family = "Disk Forensics"
+    description = "View all Office files "
+    name = "/Disk Forensics/Multimedia/Office"
+    default_table = "TypeCaseTable"
+    columns = ['Thumbnail', 'InodeTable.Size','FileTable.Filename']
+
+
 class HTMLPages(Registry.PreCanned):
     args = {'filter':' "Thumbnail"  has_magic HTML ',
             'order': 4, 'direction':1}
@@ -101,6 +122,15 @@ class ImageURLs(Reports.PreCannedCaseTableReports):
     default_table = 'HTTPCaseTable'
     columns = ['Timestamp','TypeCaseTable.Thumbnail','InodeTable.Size', 'URL']
 
+class VideoURLs(Reports.PreCannedCaseTableReports):
+    description = "Show videos downloaded over HTTP"
+    name = [ "/Network Forensics/Communications/Web/Videos"]
+    family = 'Network Forensics'
+    args = {'filter':'Thumbnail has_magic video',
+            'order': 0, 'direction': 1 }
+    default_table = 'HTTPCaseTable'
+    columns = ['Timestamp','TypeCaseTable.Thumbnail','InodeTable.Size', 'URL']
+
 class GoogleSearches(Reports.PreCannedCaseTableReports):
     description = "Shows possible Google searches."
     name = [ "/Network Forensics/Web Applications/Google Searches" ]

diff --git a/src/pyflag/HTMLUI.py b/src/pyflag/HTMLUI.py
@@ -340,7 +340,7 @@ def _calculate_js_for_pane(self, target=None, pane="main", **opts):
 
         if pane=='new':
             id=self.get_unique_id()
-            return "window.open('f?%s&__pyflag_parent='+window.__pyflag_name+'&__pyflag_name=child_%s','child_%s',  'width=1024, height=800, scrollbars=yes'); return false;" % (target, id,id)
+            return "window.open('f?%s&__pyflag_parent='+window.__pyflag_name+'&__pyflag_name=child_%s','child_%s',  'fullscreen=yes,scrollbars=yes'); return false;" % (target, id,id)
 
         if target:
             ## Try to remove the callback which we are generated from: