-
Notifications
You must be signed in to change notification settings - Fork 2
/
pic_carver.py
131 lines (87 loc) · 3.37 KB
/
pic_carver.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import re
import zlib
import cv2
from scapy.all import *
pic_dir = "/root/Desktop/bh_python_book/pics"
faces_dir = "/root/Desktop/bh_python_book/faces"
pcap_file = "http_witp_jpegs.cap"
def get_http_headers(http_payload):
try:
# split the headers off
headers_raw = http_payload[:http_payload.index("\r\n\r\n")+2]
#break out the headers
headers = dict(re.findall(r"(?P<name>.*?): (?P<value>.*?)\r\n", headers_raw))
except:
return None
if "Content-Type" not in headers:
return None
return headers
def extract_image(headers, http_payload):
image = None
image_type = None
try:
if "image" in headers['Content-Type']:
#grab the image type and body
image_type = headers['Content-Type'].split("/")[1]
image = http_payload[http_payload.index("\r\n\r\n")+4:]
# if we detect compression, decompress the image
try:
if "Content-Encoding" in headers.keys():
if headers['Content-Encoding'] == "gzip":
image = zlib.decompress(image, 16+zlib.MAX_WBITS)
elif headers['Content-Encoding'] == 'deflate':
image = zlib.decompress(image)
except:
pass
except:
return None, None
return image, image_type
def face_detect(path, file_name):
img = cv2.imread(path)
cascade = cv2.CascadeClassifier("haarcascade_frontface_alt.xml")
rects = cascade.detectMultiScale(img, 1.3, 4, cv2.cv.CV_HAAR_SCALE_IMAGE, (20,20))
if len(rects) == 0:
return False
rects[:, 2:] += rects[:, :2]
#highlight the faces
for x1, y1, x2, y2 in rects:
cv2.rectangle(img, (x1, y1),(x2, y2),(127,255,0),2)
cv2.imwrite("%s/%s-%s"%(faces_dir, pcap_file, file_name), img)
return True
def http_assembler(pcap_file):
carved_images = 0
faces_detected = 0
a = rdpcap(pcap_file)
sessions = a.sessions()
for session in sessions:
http_payload = ""
for packet in sessions[session]:
try:
if packet[TCP].dport == 80 or packet[TCP].sport == 80:
#reassemble the stream
http_payload += str(packet[TCP].payload)
except:
pass
headers = get_http_headers(http_payload)
if headers is None:
continue
image,image_type = extract_image(headers, http_payload)
if image is not None and image_type is not None:
#store the image
file_name = "%s-pic_aradaw_%d.%s"%(pcap_file, carved_images, image_type)
print "%s/%s"%(pic_dir, file_name)
fd = open("%s/%s"%(pic_dir, file_name),"w+")
fd.write(image)
fd.close()
carved_images += 1
#now attempt face detection
try:
result = face_detect("%s%s"%(pic_dir, file_name), file_name)
if result is True:
faces_detected += 1
except:
pass
return carved_images, faces_detected
carved_images, faces_detected = http_assembler(pcap_file)
print "Extracted: %d images"%carved_images
print "Detected: %d faces"%faces_detected