Automatic packet analyzer made by Ca' Foscari team (unive) for CyberChallenge attack/defense CTF of 27/06/2018. This tool was written in less than ten days. Every pull request is welcome!
git clone https://github.com/secgroup/flower
cd flower
npm install
pip install -r services/requirements.txtEnv var to set:
REACT_APP_FLOWER_SERVER_IPip of the host that will have flower services and db activeREACT_APP_FLAG_REGEXregex that match flags. Mongodb is required on the same machine that run the services. To start it:sudo mongod --dbpath /path/to/mongodb/db --bind_ip 0.0.0.0
./run.shcd services
./run_ws.shOnce everything has been started, flower should be accessible at the address of the machine that started it on port 3000.
You must first install pynids from here. The pip version is outdated! Good luck with the installation.
Then, you can import pcaps into mongodb by executing the provided script importer.py as follows:
cd services
./importer.py pcap_file.pcap
You can find a test_pcap in services/test_pcap. For a quick demo, run ./importer.py test_pcap/dump-2018-06-27_13:25:31.pcap
If you are going to use flower in a CTF, remember to set up the firewall in the most appropriate way, as the current implementation does not use other security techniques.
- Flow list
- Regex filtering with highlight
- Highlight in red flow with flags
- Favourite management
- Time filter
- Service filter
- Colored hexdump
- Automatic export GET/POST request directly in python format
- Automatic export to pwntools
