📄 u_filterhttp.pas

📁 linux program to read packet data
💻 PAS
字号:
(*
 * One Way Network Sniffer (OWNS)
 * Copyright (C) 2001-2002 OWNS
 *
 * http://owns.sourceforge.net/
 * http://www.owns.st
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *)

(*
 * $Id: u_FilterHttp.pas,v 1.6 2002/11/23 21:49:50 owns Exp $
 * Filter for http connections
 *)

unit u_FilterHttp;
interface
uses SysUtils,
     u_messageHTTP, u_Statistics;

type
  TFiltreExtensions = set of (TypeInconnu, TypeText, TypeApplication, TypeAudio,TypeImage, TypeVideo);
  TFilterHeaders = set of (AllHeaders,HotMailHeaders,FileSavedHeaders);
  TFilterHttpTCPStream = set of (AllTCPStreams,FileSavedTCPStreams);

  TFilterHttp = class
  private
    FMinSize          : LongInt;
    FFiltreExtensions : TFiltreExtensions;
    FFilterHeaders    : TFilterHeaders;
    FFindWord         : String;
    FRejectPartialContentMessage : boolean;
    FSaveFiles        : boolean;
    FFilterHttpTCPStream    : TFilterHttpTCPStream;
    procedure filtreMessageType(p_HTTPMessage : THTTPMessage; var r_SaveBody : boolean; var r_SaveHeader : boolean);
    procedure filtreMessageCookiesHotmail(p_HTTPMessage : THTTPMessage; var r_SaveBody : boolean; var r_SaveHeader : boolean);
    procedure filtreFind(p_HTTPMessage : THTTPMessage; var r_SaveBody : boolean; var r_SaveHeader : boolean);
  public
    constructor create;
    function filterMessage(p_HTTPMessage : THTTPMessage; var r_SaveBody : boolean; var r_SaveHeader : boolean) : boolean;
    property minSize : LongInt read FMinSize write FMinSize;
    property filtreExtensions : TFiltreExtensions read FFiltreExtensions write FFiltreExtensions;
    property findWord : String read FFindWord write FFindWord;
    property RejectPartialContentMessage : boolean read FRejectPartialContentMessage write FRejectPartialContentMessage;
    property filterHeaders : TFilterHeaders read FFilterHeaders write FFilterHeaders;
    property saveFiles : boolean read FSaveFiles write FSaveFiles;
    property FilterHttpTCPStream : TFilterHttpTCPStream read FFilterHttpTCPStream write FFilterHttpTCPStream;
  end;


implementation

//
// TFiltreHttp
////////////////////////////////////////////////////////////////////////////////

constructor TFilterHttp.create;
begin
  FMinSize  := 1000;
  FFindWord := '';
  FFiltreExtensions := [TypeText,Typeinconnu,Typeimage];
  FRejectPartialContentMessage := true;
  FFilterHeaders := [];
  FSaveFiles := true;
  FFilterHttpTCPStream := [];
end;


procedure TFilterHttp.filtreMessageType(p_HTTPMessage : THTTPMessage;
                var r_SaveBody : boolean; var r_SaveHeader : boolean);
begin
  with p_HTTPMessage.HeaderCOntentType do
  begin
    if (MediaType = 'text') then begin if (typeText in FFiltreExtensions) then r_SaveBody := True; end
    else
    if (MediaType = 'image') then begin if (typeImage in FFiltreExtensions) then r_SaveBody := True; end
    else
    if (MediaType = 'audio') then begin if (typeAudio in FFiltreExtensions) then r_SaveBody := True; end
    else
    if (MediaType = 'video') then begin if (typeVideo in FFiltreExtensions) then r_SaveBody := True; end
    else
    if (MediaType = 'application') then begin if (typeApplication in FFiltreExtensions) then r_SaveBody := True; end
    else
      r_SaveBody := typeInconnu in FFiltreExtensions;
  end;
end;

procedure TFilterHttp.filtreMessageCookiesHotmail(p_HTTPMessage : THTTPMessage;
                var r_SaveBody : boolean; var r_SaveHeader : boolean);
var
  i : Integer;
begin
  for i := 0 to p_HTTPMessage.Cookies.Count-1 do
    if ( (pos('MSPAuth',p_HTTPMessage.Cookies[i]) > 0) or
       (pos('MSPProf',p_HTTPMessage.Cookies[i]) > 0) ) then r_saveheader := true;
end;

procedure TFilterHttp.filtreFind(p_HTTPMessage : THTTPMessage;
                var r_SaveBody : boolean; var r_SaveHeader : boolean);
begin
  r_SaveBody := pos(AnsiUpperCase(FfindWord),AnsiUpperCase(p_HTTPMessage.Body)) > 0;
end;

// called in u_ConnectionHTTP to know if we must save or not an HTTP message and its header
// returns true if there is something to save
function TFilterHttp.filterMessage(p_HTTPMessage : THTTPMessage; var r_SaveBody : boolean; var r_SaveHeader : boolean) : Boolean;
begin
  r_SaveBody := false;
  r_SaveHeader := false;

  FiltreMessageType(p_HTTPMessage, r_SaveBody, r_SaveHeader);

  r_SaveBody := (p_HTTPMessage.BodyLength >= FMinSize) and r_SaveBody;

  if HotMailHeaders in FFilterHeaders then
    filtreMessageCookiesHotmail(p_HTTPMessage, r_SaveBody, r_SaveHeader);

  if (FfindWord <> '') then
    filtreFind(p_HTTPMessage, r_SaveBody, r_SaveHeader);

  if ((FRejectPartialContentMessage) and (p_HTTPMessage.StatusCode = 206)) then
  begin
    // 206 : Partial Content ie les messages avec "Content-Range"
    r_SaveBody := false;
  end;

  if AllHeaders in FFilterHeaders then
    r_SaveHeader := true;

  if ((FileSavedHeaders in FFilterHeaders) and (r_SaveBody)) then
    r_SaveHeader := true;

//  r_SaveBody := false;
//  r_SaveHeader := false;

  r_SaveBody := r_SaveBody and FSaveFiles;
  result := r_SaveBody or r_SaveHeader;
end;




end.
💿 文件大小 3612 K
👤 上传用户 gankai1983
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#program #packet #linux #data
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -