From 10600256d8a17ddeab6e7f316d0a0290302a15dd Mon Sep 17 00:00:00 2001 From: John Shaver Date: Mon, 25 Sep 2017 15:22:52 -0700 Subject: [PATCH] Done with basic parser. --- index.htm | 9 ++++++ index.js | 92 +++++++++++++++++++++++++++++++++++++------------------ 2 files changed, 72 insertions(+), 29 deletions(-) create mode 100644 index.htm diff --git a/index.htm b/index.htm new file mode 100644 index 0000000..18448d2 --- /dev/null +++ b/index.htm @@ -0,0 +1,9 @@ + + + + + + Check the console logs... + + + diff --git a/index.js b/index.js index 75d4afd..3f49269 100644 --- a/index.js +++ b/index.js @@ -4,52 +4,86 @@ if(typeof(atob) === 'undefined') { (function(){ 'use strict'; - var encodedPacket = "1MOyoQIABAAAAAAAAAAAAAAABAABAAAAKPfFWWMZCwBRAAAAUQAAAExg3kp+6eSzGAoxpggARQAAQ66CQABAEXgXCgAAEAoAAAG90gA1AC+qDJSEAQAAAQAAAAAAAAphc3NldHMtY2RuBmdpdGh1YgNjb20AAAEAAQ==" + var UDP_HEADER_LENGTH = 8; + var OPCODES = ["QUERY", "IQUERY", "STATUS"] + + //tcpdump file + //var encodedPacket = "1MOyoQIABAAAAAAAAAAAAAAABAABAAAAKPfFWWMZCwBRAAAAUQAAAExg3kp+6eSzGAoxpggARQAAQ66CQABAEXgXCgAAEAoAAAG90gA1AC+qDJSEAQAAAQAAAAAAAAphc3NldHMtY2RuBmdpdGh1YgNjb20AAAEAAQ==" + + var encodedPacket = "RQAAQ66CQABAEXgXCgAAEAoAAAG90gA1AC+qDJSEAQAAAQAAAAAAAAphc3NldHMtY2RuBmdpdGh1YgNjb20AAAEAAQ==" //convert to binary string to create ArrayBuffer var packet = atob(encodedPacket); - console.log("tcpdump length:", packet.length); + console.log("IP length:", packet.length); - //The first 40 bytes are the tcpdump header - packet = packet.slice(40); - - console.log("UDP length:", packet.length); - - //We now have the raw UDP packet! var buffer = new ArrayBuffer(packet.length); - var view = new DataView(buffer) + var ipView = new DataView(buffer) + + for(var i = 0; i < packet.length; ++i) { - view.setUint8(i, packet.charCodeAt(i), true); - } - - for(i = 0; i < packet.length; ++i) { + ipView.setUint8(i, packet.charCodeAt(i), true); } - console.log("Result:", parseDNSHeader(view)); + //We now can work with the raw IP packet! - //Parse DNS Header (given the UDP payload) + //Get the IP header length + + console.log("Full packet: ", view2HexString(ipView)); + + var ipHeaderLength = (ipView.getUint8(0, false) & 0x0F) * 4; + + //Now we can ignore the IP header/UDP header and cut straight to the payload + var dnsView = new DataView(buffer, ipHeaderLength + UDP_HEADER_LENGTH); + + console.log("\nPacket payload(DNS packet): ", view2HexString(dnsView)); + + + console.log("\nResult:", parseDNSHeader(dnsView)); + + //Parse DNS Header (given the IP payload) function parseDNSHeader(view) { - return { - MessageID: getHId(view) + + //message ID is the first Byte + var headers = { + messageID: view.getUint16(0, false) }; + + //flags are the 3rd-4th bytes + var flags = view.getUint16(2, false); + + headers.qr = (flags & 32768) >>> 15; + headers.opcode = (flags & 30720) >>> 11; + headers.aa = (flags & 1024) >>> 10; + headers.tc = (flags & 512) >>> 9; + headers.rd = (flags & 256) >>> 8; + headers.ra = (flags & 128) >>> 7; + headers.rcode = flags & 15; + + headers.qdcount = view.getUint16(4, false); + headers.ancount = view.getUint16(6, false); + headers.nscount = view.getUint16(8, false); + headers.arcount = view.getUint16(10, false); + + return headers; } - function getHId(view) { - return view.getUint16(0, false) + + function view2HexString(view) { + var hexString = ""; + for(var i = 0; i < view.byteLength; i += 2) { + hexString += leftPad(view.getUint8(i).toString(16)); + if(i + 1 >= view.byteLength) break; + hexString += leftPad(view.getUint8(i+1).toString(16)); + hexString += " "; + } + return hexString; } - function getQR(view) { + + function leftPad(str) { + return str.length == 1 ? 0 + str : str; } - function getOPCode(view) { - } - function getAA(view) { - - } - function getTC(view) { - - } - })();