PAS-19: ssltraffic.txt should be a CSV

Issue Information

Issue Type: Bug
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Fixed (2015-11-27 13:12:57)
Affects Version: 0.1,
Target version: 0.1,
Components: Reports ,
Labels: SSLPathExtraction,

Created: 2015-11-27 00:40:09
Time Spent Working
Estimated:
 
45 minutes
Remaining:
  
5 minutes
Logged:
  
40 minutes


Description
It wasn't originally designed that way, but really ssltraffic.txt should be a CSV.

All the other metadata files are generated on the basis that they can be used as a "quick-read" reference, and additional information can then be extracted from webtraffic.csv (or whichever file is relevant) if needed.

The benefit of the approach above is that it's relatively easy to merge files generated from runs against multiple PCAPs. Extracting duplicates is pretty simple.

That's not possible with ssltraffic.txt though, and even leaving out that downside, I'm not sure it's doing a good job of providing the information that it needs to.

Essentially, it should give us the name of the site in question, and the path that's been identified. Duplicate paths should probably be removed too.

That can be achieved in CSV format (leading to the benefit above) by switching to a format of 
FQDN, Identified path


Where paths are of interest, they can soon be located within webtraffic.csv using a quick grep.


Toggle State Changes

Activity


2015-11-27 00:57:34
I've commented out the old sections, and introduced new so that a CSV called httpspaths.csv is generated using the columns described above.

The old code was a bit opaque in terms of what it was doing and why, so I've made sure the new introductions are properly commented.

Test run going at the moment

2015-11-27 00:57:47
btasker changed timespent from '0 minutes' to '10 minutes'

2015-11-27 01:44:13
Obviously getting tired, that took a little longer to manually verify than it should have. All seems to be working, and documentation has been updated.

2015-11-27 01:44:25
btasker added 'SSLPathExtraction' to labels

2015-11-27 01:44:34
btasker changed status from 'Open' to 'Resolved'

2015-11-27 01:44:34
btasker added 'Fixed' to resolution

2015-11-27 01:44:51
btasker changed timespent from '10 minutes' to '40 minutes'

2015-11-27 01:44:57
btasker changed status from 'Resolved' to 'Closed'

2015-11-27 01:45:46

Repo: PCAPAnalyseandReport
Commit: 3e20cd1668c6ab9bdcd6b17fe22b7bafe8ce458d
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 01:43:27 2015 +0000
Commit Message: Changed SSL Path identification output to a CSV. See PAS-19



Modified (-)(+)
-------
Docs/Reports.md
PCAP_Analysis.sh




Webhook User-Agent 

GitHub-Hookshot/333881f


View Commit


2015-11-27 13:12:41
Re-opening to assign to a component

2015-11-27 13:12:41
btasker removed 'Fixed' from resolution

2015-11-27 13:12:41
btasker changed status from 'Closed' to 'Reopened'

2015-11-27 13:12:57
btasker changed status from 'Reopened' to 'Resolved'

2015-11-27 13:12:57
btasker added 'Fixed' to resolution

2015-11-27 13:13:02
btasker changed status from 'Resolved' to 'Closed'

Work log

Ben Tasker
 Permalink
2015-11-27 00:57:47

Time Spent: 10 minutes
Log Entry: Implementing
Ben Tasker
 Permalink
2015-11-27 01:44:50

Time Spent: 30 minutes
Log Entry: Testing