PAS-19: ssltraffic.txt should be a CSV

Issue Information

Issue Type: Bug
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Fixed (2015-11-27 13:12:57)
Affects Version: 0.1,
Target version: 0.1,
Components: Reports ,
Labels: SSLPathExtraction,

Created: 2015-11-27 00:40:09
Time Spent Working
45 minutes
5 minutes
40 minutes

It wasn't originally designed that way, but really ssltraffic.txt should be a CSV.

All the other metadata files are generated on the basis that they can be used as a "quick-read" reference, and additional information can then be extracted from webtraffic.csv (or whichever file is relevant) if needed.

The benefit of the approach above is that it's relatively easy to merge files generated from runs against multiple PCAPs. Extracting duplicates is pretty simple.

That's not possible with ssltraffic.txt though, and even leaving out that downside, I'm not sure it's doing a good job of providing the information that it needs to.

Essentially, it should give us the name of the site in question, and the path that's been identified. Duplicate paths should probably be removed too.

That can be achieved in CSV format (leading to the benefit above) by switching to a format of
FQDN, Identified path

Where paths are of interest, they can soon be located within webtraffic.csv using a quick grep.

Toggle State Changes


I've commented out the old sections, and introduced new so that a CSV called httpspaths.csv is generated using the columns described above.

The old code was a bit opaque in terms of what it was doing and why, so I've made sure the new introductions are properly commented.

Test run going at the moment
btasker changed timespent from '0 minutes' to '10 minutes'
Obviously getting tired, that took a little longer to manually verify than it should have. All seems to be working, and documentation has been updated.
btasker added 'SSLPathExtraction' to labels
btasker changed status from 'Open' to 'Resolved'
btasker added 'Fixed' to resolution
btasker changed timespent from '10 minutes' to '40 minutes'
btasker changed status from 'Resolved' to 'Closed'

Repo: PCAPAnalyseandReport
Commit: 3e20cd1668c6ab9bdcd6b17fe22b7bafe8ce458d
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 01:43:27 2015 +0000
Commit Message: Changed SSL Path identification output to a CSV. See PAS-19

Modified (-)(+)

Webhook User-Agent


View Commit

Re-opening to assign to a component
btasker removed 'Fixed' from resolution
btasker changed status from 'Closed' to 'Reopened'
btasker changed status from 'Reopened' to 'Resolved'
btasker added 'Fixed' to resolution
btasker changed status from 'Resolved' to 'Closed'

Work log

Ben Tasker
2015-11-27 00:57:47

Time Spent: 10 minutes
Log Entry: Implementing

Ben Tasker
2015-11-27 01:44:50

Time Spent: 30 minutes
Log Entry: Testing