This script was originally created to help identify the extent to which my downstream traffic was observable, in part to aid in the writing of this analysis of what the draft IPB will allow
It's purpose is to crawl a PCAP and extract all potentially useful information about observed browsing behaviour/connections. At time of moving into a dedicated project, the script currently supports
The codebase can be found On Github
| Key | Type | Pty | Summary | Status | Resolution | Created | Assigned To |
|---|---|---|---|---|---|---|---|
| PAS-1 | Task | Major | Create Repo | Closed | Done | 2015-11-22 09:07:17 | |
| PAS-2 | Bug | Major | HTTPS paths are only extracted if a TLS handshake has been observed | Closed | Fixed | 2015-11-22 09:10:25 | |
| PAS-3 | New Feature | Major | Allow configuration of "interesting" Referrers | Open | 2015-11-22 09:31:15 | ||
| PAS-4 | Bug | Major | HTTPS Referrer Search should only match on the Referrer field | Closed | Fixed | 2015-11-22 09:46:13 | |
| PAS-5 | New Feature | Major | Replace observed Cipher Suites with Human Readable versions | Closed | Done | 2015-11-22 10:38:41 | |
| PAS-6 | New Feature | Minor | Reading of multiple PCAPs | Open | 2015-11-22 11:20:06 | ||
| PAS-7 | Task | Major | Document Report Files | Closed | Done | 2015-11-22 11:21:17 | |
| PAS-8 | New Feature | Major | Rationalise fields in webtraffic.csv | Closed | Done | 2015-11-22 11:33:11 | |
| PAS-9 | New Feature | Major | Unique list of IP/Ports | Open | 2015-11-22 13:10:55 | ||
| PAS-10 | New Feature | Major | Take encapsulated IPv6 Traffic into account | Closed | Done | 2015-11-24 16:45:07 | |
| PAS-11 | New Feature | Major | Call TShark only if a relevant port has been observed | Open | 2015-11-25 16:47:58 | ||
| PAS-12 | New Feature | Major | Implement processing of HTTP output | Closed | Done | 2015-11-25 22:37:01 | |
| PAS-13 | New Feature | Major | Extract DNS Traffic | Open | 2015-11-26 00:40:00 | ||
| PAS-14 | Task | Major | Tidy Up | Open | 2015-11-26 00:41:28 | ||
| PAS-15 | Task | Major | SMTP Credential Handling | Open | 2015-11-26 16:11:39 | ||
| PAS-16 | New Feature | Major | Browser Fingerprinting | Open | 2015-11-26 18:12:06 | ||
| PAS-17 | New Feature | Major | Configuration Option for Passive Only Checks | Closed | Done | 2015-11-26 18:14:33 | |
| PAS-18 | New Feature | Major | Extract interesting paths from Cookies | Open | 2015-11-26 18:18:17 | ||
| PAS-19 | Bug | Major | ssltraffic.txt should be a CSV | Closed | Fixed | 2015-11-27 00:40:09 | |
| PAS-20 | New Feature | Major | Mail Handling | Open | 2015-11-27 12:41:55 | ||
| PAS-21 | New Feature | Major | Correlate Encrypted Traffic against DNS to obtain hostname | Open | 2015-11-27 13:26:35 | ||
| PAS-22 | New Feature | Major | TCP Transaction Log | Closed | Done | 2015-11-28 17:23:55 | |
| PAS-23 | New Feature | Major | Allow per directory override of configuration | Closed | Done | 2015-11-28 22:52:18 | |
| PAS-24 | New Feature | Major | Allow Manual Disabling of Certain Checks | Open | 2015-11-28 23:04:55 | ||
| PAS-25 | Sub-task | Major | Document run dependancies | Open | 2015-11-28 23:08:04 | ||
| PAS-26 | New Feature | Major | Generate list of observed unresolvable FQDNs | Open | 2016-02-03 11:04:59 | ||
| PAS-27 | New Feature | Major | Allow Configuration of SSL Ports | Closed | Done | 2016-02-03 12:54:18 | |
| PAS-28 | New Feature | Major | Detect likely Tor Handshakes | Open | 2016-02-03 14:23:01 |
| Configuration Options |
| Data Correlation and Extraction |
| DNS |
| Documentation |
| Fingerprinting |
| HTTP |
| Instant Messaging |
| PCAP Handling |
| Processing Logic |
| Reports |
| SSL/TLS |
| 0.1 | Un-released | |
| 0.2 | Un-released |