-
Notifications
You must be signed in to change notification settings - Fork 0
/
decoder.py
51 lines (39 loc) · 1.27 KB
/
decoder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import pyshark, base64, base58
def Base58Decoder(text):
print('[+] Base58 decoded.')
return base58.b58decode(text)
def Base64Decoder(text):
#base64_bytes = text.encode('ascii')
sample_string_bytes = base64.b64decode(text)
sample_string = sample_string_bytes.decode('ascii')
print('[+] Base64 decoded.')
return sample_string
# Path to .pcap file
file_cap = input('File captured: ')
# File output
FILE_OUTPUT = input('Filename output: ')
# Domain Name
DOMAIN_NAME = ''
while DOMAIN_NAME == '':
DOMAIN_NAME = input('Domain Name (Example: badbaddoma.in): ')
print(f'[+] Domain Name set to {DOMAIN_NAME}')
cap = pyshark.FileCapture(file_cap, keep_packets=False)
des = []
# Filtering for user's domain name from user's .pcap file
print('[+] Filtering for your domain name.')
def print_cap(packet):
try:
if packet.dns.qry_name.split('.')[1] == DOMAIN_NAME.split('.')[0]:
if packet.dns.qry_name.split('.')[0] not in des:
des.append(packet.dns.qry_name.split('.')[0])
except AttributeError:
pass
cap.apply_on_packets(print_cap)
# Removing added 'Encryptor' from packety.py
decText = ''
for qry in des:
decText += qry[1:-2]
# Writing result to output file
with open(FILE_OUTPUT, 'w') as wr:
wr.write(Base64Decoder(Base58Decoder(decText)))
print(f'[+] Output to {FILE_OUTPUT}')