1   
  2   
  3   
  4   
  5   
  6   
  7  """IRC Protocol""" 
  8   
  9  import cStringIO 
 10  import re 
 11  import logging 
 12   
 13  from lib.cuckoo.common.utils import convert_to_printable 
 14   
 15  log = logging.getLogger("Processing.Pcap.irc.protocol") 
 16   
 17   
 19      """IRC Protocol Request.""" 
 20   
 21       
 22      __methods_client = dict.fromkeys(( "PASS", "JOIN", "USER", "OPER", "MODE", "SERVICE", "QUIT", "SQUIT", 
 23          "PART", "TOPIC", "NAMES", "LIST", "INVITE", 
 24          "KICK", "PRIVMSG", "NOTICE", "MOTD", "LUSERS", "VERSION", "STATS", "LINKS", "TIME", "CONNECT", 
 25          "TRACE", "ADMIN", "INFO", "SERVLIST", 
 26          "SQUERY", "WHO", "WHOIS", "WHOWAS", "KILL", "PING", "PONG", "ERROR", "AWAY", "REHASH", "DIE", "RESTART", 
 27          "SUMMON", "USERS", "WALLOPS", 
 28          "USERHOST", "NICK", "ISON" 
 29      )) 
 30   
 32          self._messages = [] 
 33           
 34          self._sc = {} 
 35           
 36          self._cc = {} 
  37   
 39          """Extract into a list irc messages of a tcp streams. 
 40          @buf: tcp stream data 
 41          """ 
 42          try: 
 43              f = cStringIO.StringIO(buf) 
 44              lines = f.readlines() 
 45          except Exception: 
 46              log.error("Failed reading tcp stream buffer") 
 47              return False 
 48   
 49          for element in lines: 
 50              if not re.match("^:", element) is None: 
 51                  command = "([a-zA-Z]+|[0-9]{3})" 
 52                  params = "(\x20.+)" 
 53                  irc_server_msg = re.findall("(^:[\w+.{}!@|()]+\x20)"+command+params,element) 
 54                  if irc_server_msg: 
 55                      self._sc["prefix"] = convert_to_printable(irc_server_msg[0][0].strip()) 
 56                      self._sc["command"] = convert_to_printable(irc_server_msg[0][1].strip()) 
 57                      self._sc["params"] = convert_to_printable(irc_server_msg[0][2].strip()) 
 58                      self._sc["type"] = "server" 
 59                      self._messages.append(dict(self._sc)) 
 60              else: 
 61                  irc_client_msg = re.findall("([a-zA-Z]+\x20)(.+[\x0a\0x0d])",element) 
 62                  if irc_client_msg and irc_client_msg[0][0].strip() in self.__methods_client: 
 63                      self._cc["command"] = convert_to_printable(irc_client_msg[0][0].strip()) 
 64                      self._cc["params"] = convert_to_printable(irc_client_msg[0][1].strip()) 
 65                      self._cc["type"] = "client" 
 66                      self._messages.append(dict(self._cc)) 
  67       
 69          """Get irc client commands of tcp streams. 
 70          @buf: list of messages 
 71          @return: dictionary of the client messages 
 72          """ 
 73   
 74          try: 
 75              self._unpack(buf) 
 76          except Exception: 
 77              return None 
 78   
 79          entry_cc = [] 
 80          for msg in self._messages: 
 81              if msg["type"] == "client": 
 82                  entry_cc.append(msg) 
 83   
 84          return entry_cc 
  85   
 87          """Get irc client commands of tcp streams. 
 88          @buf: list of messages 
 89          @return: dictionary of the client messages filtered 
 90          """ 
 91          try: 
 92              self._unpack(buf) 
 93          except Exception: 
 94              return None 
 95   
 96          entry_cc = [] 
 97   
 98          for msg in self._messages: 
 99              if msg["type"] == "client" and msg["command"] not in filters: 
100                  entry_cc.append(msg) 
101   
102          return entry_cc 
 103   
105          """Get irc server commands of tcp streams. 
106          @buf: list of messages 
107          @return: dictionary of server messages 
108          """ 
109   
110          try: 
111              self._unpack(buf) 
112          except Exception: 
113              return None 
114   
115          entry_sc = [] 
116   
117          for msg in self._messages: 
118              if msg["type"] == "server": 
119                  entry_sc.append(msg) 
120   
121          return entry_sc 
 122   
124          """Get irc server commands of tcp streams. 
125          @buf: list of messages 
126          @return: dictionary of server messages filtered 
127          """ 
128          try: 
129              self._unpack(buf) 
130          except Exception: 
131              return None 
132   
133          entry_sc = [] 
134          for msg in self._messages: 
135              if msg["type"] == "server" and msg["command"] not in filters: 
136                  entry_sc.append(msg) 
137   
138          return entry_sc 
 139   
141          """Check if there is irc messages in a stream TCP. 
142          @buf: stream data 
143          @return: boolean result 
144          """ 
145   
146          try: 
147              self._unpack(buf) 
148              if self._messages: 
149                  return True 
150              else: 
151                  return False 
152          except Exception: 
153              return False 
  154