QPA进程抓包工具

- QPA.py:程序入口，双击该文件将运行起程序
- window.py:与js交互，界面将直接调用该文件里面的函数
- dpcap.py:读取包文件，解析报文
- analysis2.py:分析特征
- calc.py:函数库
- var.py:参数数据

#!/usr/bin/env python
# -*- coding: utf-8 -*-

‘‘‘
@author zhuzhu
@contact QQ327909056
‘‘‘
import getopt sys ostime
import hashlibbinascii
import dpcapcalcvar
import jsonre
import pdb
import profile

def richNode（L5nodeL3nodeerrornodepre_L5node）:
    totalflow=0
    for key stream in L5node.items（）:
        totalflow+=stream[‘size‘]
    for key stream in L5node.items（）:
        size=stream[‘size‘]
        rate=str（（（size*1000）/totalflow）/10.0）+‘%‘+‘[‘+str（calc.cflow（stream[‘addsize‘]））+‘]‘
        split=key.split（‘_‘）
        skey=‘S‘+split[4]+‘_‘+split[0]+‘_‘+split[1]
        dkey=‘D‘+split[4]+‘_‘+split[2]+‘_‘+split[3]
        #if stream.has_key（‘newkey‘）:
        if ‘newkey‘ in stream:
            skey+=‘_‘+stream[‘newkey‘].split（‘_‘）[5]+‘_‘+stream[‘newkey‘].split（‘_‘）[6]+‘_‘+stream[‘newkey‘].split（‘_‘）[7]
            dkey+=‘_‘+stream[‘newkey‘].split（‘_‘）[5]+‘_‘+stream[‘newkey‘].split（‘_‘）[6]+‘_‘+stream[‘newkey‘].split（‘_‘）[7]
        #if stream.has_key（‘ssl‘）:
        if ‘ssl‘ in stream:
            skey+=‘_‘+stream[‘ssl‘].split（‘_‘）[5]
            dkey+=‘_‘+stream[‘ssl‘].split（‘_‘）[5]
        if len（L3node[skey][‘pl‘]）==1:
            del L3node[skey]
            subNode（L3nodedkeyL5nodekeysizerate）
        elif len（L3node[dkey][‘pl‘]）==1:
            del L3node[dkey]
            subNode（L3nodeskeyL5nodekeysizerate）
        elif len（L3node[skey][‘pl‘]）>len（L3node[dkey][‘pl‘]）:
            #del L3node[dkey]
            subNode（L3nodeskeyL5nodekeysizerate）
        else:
            #del L3node[skey]
            subNode（L3nodedkeyL5nodekeysizerate）
    for key stream in L3node.items（）:
        if stream[‘sub‘]==[]:
            del L3node[key]
            continue
        if len（stream[‘sub‘]）!=len（stream[‘pl‘]）:
            L3node[key][‘pl‘]=[]
            L3node[key][‘content‘]=[]
            L3node[key][‘size‘]=0
            for sub in stream[‘sub‘]:
                L3node[key][‘pl‘].append（sub[13]）
                L3node[key][‘content‘].append（sub[12]）
                L3node[key][‘size‘]+=sub[11]
        L3node[key][‘addsize‘]=0
        for sub in stream[‘sub‘]:
            L3node[key][‘addsize‘]+=sub[17]
        #print keyL3node[key][‘addsize‘]
    dpcap.getsig（L3nodepre_L5node）
    return L3nodetotalflow    

def nodeBI（L3nodetotalflow）:
    interval=64
    for key stream in L3node.items（）:
        stream[‘rate‘]=str（（（stream[‘size‘]*1000）/totalflow）/10.0）+‘%‘+‘[‘+str（calc.cflow（stream[‘addsize‘]））+‘]‘
        spl=[]
        apl=[[] for x in xrange（var.maxpl）]
        showapl=‘‘
        showsig=‘‘
        for sub in stream[‘sub‘]:
            if len（sub[10]） == var.maxpl:
                spl.append（sub[10]）
            for x in xrange（0len（sub[10]））:
                apl[x].append（sub[10][x]）
        IsOrder=True
        for x in xrange（0len（apl））:
            if apl[x]==[]:
                break
            apl[x]=list（set（apl[x]））
            apl[x].sort（）
            if x!=len（apl）:
                

 属性            大小     日期    时间   名称
----------- ---------  ---------- -----  ----
     目录           0  2019-12-03 01:31  openQPA\
     文件          88  2019-12-03 01:31  openQPA\.gitignore
     文件         171  2019-12-03 01:31  openQPA\AppProperty.py
     文件       35821  2019-12-03 01:31  openQPA\LICENSE
     文件        1776  2019-12-03 01:31  openQPA\QPA.py
     文件         541  2019-12-03 01:31  openQPA\README.md
     文件        1056  2019-12-03 01:31  openQPA\RoundWindow.py
     文件       12846  2019-12-03 01:31  openQPA\Window.py
     文件       32737  2019-12-03 01:31  openQPA\analysis2.py
     文件       16861  2019-12-03 01:31  openQPA\calc.py
     目录           0  2019-12-03 01:31  openQPA\conf\
     文件         386  2019-12-03 01:31  openQPA\conf\PA.cfg
     文件        1067  2019-12-03 01:31  openQPA\connect.pyc
     目录           0  2019-12-03 01:31  openQPA\connect\
     文件       16384  2019-12-03 01:31  openQPA\connect\CAP.exe
     文件         511  2019-12-03 01:31  openQPA\connect\Microsoft.VC90.CRT.manifest
     文件       62976  2019-12-03 01:31  openQPA\connect\NIC.exe
     文件      915128  2019-12-03 01:31  openQPA\connect\WinPcap_4.1.3.exe
     文件      224768  2019-12-03 01:31  openQPA\connect\msvcm90.dll
     文件      535008  2019-12-03 01:31  openQPA\connect\msvcp110.dll
     文件      568832  2019-12-03 01:31  openQPA\connect\msvcp90.dll
     文件      761152  2019-12-03 01:31  openQPA\connect\msvcr100.dll
     文件      875472  2019-12-03 01:31  openQPA\connect\msvcr110.dll
     文件      655872  2019-12-03 01:31  openQPA\connect\msvcr90.dll
     文件       86070  2019-12-03 01:31  openQPA\connect\pthreadVC2.dll
     目录           0  2019-12-03 01:31  openQPA\css\
     文件        2899  2019-12-03 01:31  openQPA\css\boxy.css
     文件        9462  2019-12-03 01:31  openQPA\css\common.css
     文件        1607  2019-12-03 01:31  openQPA\css\tip-yellow.css
     文件       27692  2019-12-03 01:31  openQPA\dpcap.py
     目录           0  2019-12-03 01:31  openQPA\html\
............此处省略36个文件信息