Done with basic parser.
This commit is contained in:
parent
e59a0b2943
commit
10600256d8
2 changed files with 72 additions and 29 deletions
9
index.htm
Normal file
9
index.htm
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<script type="text/javascript" src="index.js"></script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
Check the console logs...
|
||||||
|
</body>
|
||||||
|
</head>
|
||||||
|
</html>
|
86
index.js
86
index.js
|
@ -4,51 +4,85 @@ if(typeof(atob) === 'undefined') {
|
||||||
(function(){
|
(function(){
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var encodedPacket = "1MOyoQIABAAAAAAAAAAAAAAABAABAAAAKPfFWWMZCwBRAAAAUQAAAExg3kp+6eSzGAoxpggARQAAQ66CQABAEXgXCgAAEAoAAAG90gA1AC+qDJSEAQAAAQAAAAAAAAphc3NldHMtY2RuBmdpdGh1YgNjb20AAAEAAQ=="
|
var UDP_HEADER_LENGTH = 8;
|
||||||
|
var OPCODES = ["QUERY", "IQUERY", "STATUS"]
|
||||||
|
|
||||||
|
//tcpdump file
|
||||||
|
//var encodedPacket = "1MOyoQIABAAAAAAAAAAAAAAABAABAAAAKPfFWWMZCwBRAAAAUQAAAExg3kp+6eSzGAoxpggARQAAQ66CQABAEXgXCgAAEAoAAAG90gA1AC+qDJSEAQAAAQAAAAAAAAphc3NldHMtY2RuBmdpdGh1YgNjb20AAAEAAQ=="
|
||||||
|
|
||||||
|
var encodedPacket = "RQAAQ66CQABAEXgXCgAAEAoAAAG90gA1AC+qDJSEAQAAAQAAAAAAAAphc3NldHMtY2RuBmdpdGh1YgNjb20AAAEAAQ=="
|
||||||
//convert to binary string to create ArrayBuffer
|
//convert to binary string to create ArrayBuffer
|
||||||
var packet = atob(encodedPacket);
|
var packet = atob(encodedPacket);
|
||||||
|
|
||||||
console.log("tcpdump length:", packet.length);
|
console.log("IP length:", packet.length);
|
||||||
|
|
||||||
//The first 40 bytes are the tcpdump header
|
|
||||||
packet = packet.slice(40);
|
|
||||||
|
|
||||||
console.log("UDP length:", packet.length);
|
|
||||||
|
|
||||||
//We now have the raw UDP packet!
|
|
||||||
var buffer = new ArrayBuffer(packet.length);
|
var buffer = new ArrayBuffer(packet.length);
|
||||||
|
|
||||||
var view = new DataView(buffer)
|
var ipView = new DataView(buffer)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for(var i = 0; i < packet.length; ++i) {
|
for(var i = 0; i < packet.length; ++i) {
|
||||||
view.setUint8(i, packet.charCodeAt(i), true);
|
ipView.setUint8(i, packet.charCodeAt(i), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
for(i = 0; i < packet.length; ++i) {
|
//We now can work with the raw IP packet!
|
||||||
}
|
|
||||||
|
|
||||||
console.log("Result:", parseDNSHeader(view));
|
//Get the IP header length
|
||||||
|
|
||||||
//Parse DNS Header (given the UDP payload)
|
console.log("Full packet: ", view2HexString(ipView));
|
||||||
|
|
||||||
|
var ipHeaderLength = (ipView.getUint8(0, false) & 0x0F) * 4;
|
||||||
|
|
||||||
|
//Now we can ignore the IP header/UDP header and cut straight to the payload
|
||||||
|
var dnsView = new DataView(buffer, ipHeaderLength + UDP_HEADER_LENGTH);
|
||||||
|
|
||||||
|
console.log("\nPacket payload(DNS packet): ", view2HexString(dnsView));
|
||||||
|
|
||||||
|
|
||||||
|
console.log("\nResult:", parseDNSHeader(dnsView));
|
||||||
|
|
||||||
|
//Parse DNS Header (given the IP payload)
|
||||||
function parseDNSHeader(view) {
|
function parseDNSHeader(view) {
|
||||||
return {
|
|
||||||
MessageID: getHId(view)
|
//message ID is the first Byte
|
||||||
|
var headers = {
|
||||||
|
messageID: view.getUint16(0, false)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
//flags are the 3rd-4th bytes
|
||||||
|
var flags = view.getUint16(2, false);
|
||||||
|
|
||||||
|
headers.qr = (flags & 32768) >>> 15;
|
||||||
|
headers.opcode = (flags & 30720) >>> 11;
|
||||||
|
headers.aa = (flags & 1024) >>> 10;
|
||||||
|
headers.tc = (flags & 512) >>> 9;
|
||||||
|
headers.rd = (flags & 256) >>> 8;
|
||||||
|
headers.ra = (flags & 128) >>> 7;
|
||||||
|
headers.rcode = flags & 15;
|
||||||
|
|
||||||
|
headers.qdcount = view.getUint16(4, false);
|
||||||
|
headers.ancount = view.getUint16(6, false);
|
||||||
|
headers.nscount = view.getUint16(8, false);
|
||||||
|
headers.arcount = view.getUint16(10, false);
|
||||||
|
|
||||||
|
return headers;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getHId(view) {
|
|
||||||
return view.getUint16(0, false)
|
|
||||||
}
|
|
||||||
function getQR(view) {
|
|
||||||
|
|
||||||
|
function view2HexString(view) {
|
||||||
|
var hexString = "";
|
||||||
|
for(var i = 0; i < view.byteLength; i += 2) {
|
||||||
|
hexString += leftPad(view.getUint8(i).toString(16));
|
||||||
|
if(i + 1 >= view.byteLength) break;
|
||||||
|
hexString += leftPad(view.getUint8(i+1).toString(16));
|
||||||
|
hexString += " ";
|
||||||
|
}
|
||||||
|
return hexString;
|
||||||
}
|
}
|
||||||
function getOPCode(view) {
|
|
||||||
|
|
||||||
}
|
function leftPad(str) {
|
||||||
function getAA(view) {
|
return str.length == 1 ? 0 + str : str;
|
||||||
|
|
||||||
}
|
|
||||||
function getTC(view) {
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue