BKreisel/SANSY.py

## SANSY.py
from scapy.all import *
import re
import base64


def extract_picture(data):
    if not hasattr(extract_picture, "fout"):
        extract_picture.fout = open("capture.jpg","wb")
    file_re = re.compile(r"FILE:")
    grr_re = re.compile(r"/root")
    start_re = re.compile(r"FILE:START_STATE")
    end_re = re.compile(r"FILE:STOP_STATE")

    if file_re.search(data):
        if start_re.search(data) is None and end_re.search(data) is None and \
        grr_re.search(data) is None:
            extract_picture.fout.write(data[5:])
    else:
        print(data)

p = rdpcap("dns-capture.pcap")
packets = sorted(p, key=lambda x: x[Dot11].SC)

for packet in packets:
    if DNSRR in packet:
        b64_data = packet[DNS].an.rdata
        data = base64.urlsafe_b64decode(b64_data)
        extract_picture(data)

extract_picture.fout.close()
	from scapy.all import *
	import re
	import base64


	def extract_picture(data):
	if not hasattr(extract_picture, "fout"):
	extract_picture.fout = open("capture.jpg","wb")
	file_re = re.compile(r"FILE:")
	grr_re = re.compile(r"/root")
	start_re = re.compile(r"FILE:START_STATE")
	end_re = re.compile(r"FILE:STOP_STATE")

	if file_re.search(data):
	if start_re.search(data) is None and end_re.search(data) is None and \
	grr_re.search(data) is None:
	extract_picture.fout.write(data[5:])
	else:
	print(data)

	p = rdpcap("dns-capture.pcap")
	packets = sorted(p, key=lambda x: x[Dot11].SC)

	for packet in packets:
	if DNSRR in packet:
	b64_data = packet[DNS].an.rdata
	data = base64.urlsafe_b64decode(b64_data)
	extract_picture(data)

	extract_picture.fout.close()