-
Notifications
You must be signed in to change notification settings - Fork 2
/
pic_carver.py
135 lines (92 loc) · 3.58 KB
/
pic_carver.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/python
__author__ = 'kalcho'
import re
import zlib
import cv2
from scapy.all import *
pictures_directory = "/home/kalcho/pic_carver/pictures"
faces_directory = "/home/kalcho/pic_carver/faces"
pcap_file = "bhp.pcap"
def get_http_headers(http_payload):
try:
# split the headers off if it is HTTP traffic
headers_raw = http_payload[:http_payload.index("\r\n\r\n")+2]
# break out the headers
headers = dict(re.findall(r"(?P<name>.*?): (?P<value>.*?)\r\n",
headers_raw))
except:
return None
if "Content-Type" not in headers:
return None
return headers
def extract_image(headers, http_payload):
image = None
image_type = None
try:
if "image" in headers["Content-Type"]:
# grab the image type and image body
image_type = headers["Content-Type"].split("/")[1]
image = http_payload[http_payload.index("\r\n\r\n")+4:]
# if we detect compression decompress the image
try:
if "Content-Encoding" in header.keys():
if headers['Content-Encoding'] == "gzip":
image = zlib.decompress(image, 16+zlib.MAX_WBITS)
elif headers['Content-Encoding'] == "deflate":
image = zlib.decompress(image)
except:
pass
except:
return None, None
return image, image_type
def face_detect(path, file_name):
img = cv2.imread(path)
cascade = cv2.CascadeClassifier("haarcascade_frontalface_alt.xml")
rects = cascade.detectMultiScale(img, 1.3, 4, cv2.cv.CV_HAAR_SCALE_IMAGE,
(20, 20))
if len(rects) == 0:
return False
rects[:, 2:] += rects[:, :2]
# highlighting the faces in the image
for x1, y1, x2, y2 in rects:
cv2.rectangle(img, (x1, y1), (x2, y2), (127, 255, 0), 2)
cv2.imwrite("%s/%s-%s" % (faces_directory, pcap_file, file_name), img)
return True
def http_assembler(pcap_file):
carved_images = 0
faces_detected = 0
a = rdpcap(pcap_file)
sessions = a.sessions()
for session in sessions:
http_payload = ""
for packet in sessions[session]:
try:
if packet[TCP].dport == 80 or packet[TCP].sport == 80:
# reasssemble the stream
http_payload += str(packet[TCP].payload)
except:
pass
headers = get_http_headers(http_payload)
if headers is None:
continue
image, image_type = extract_image(headers, http_payload)
if image is not None and image_type is not None:
# store the image
file_name = "%s-pic_carver_%d.%s" % (pcap_file, carved_images,
image_type)
fd = open("%s/%s" % (pictures_directory, file_name), "wb")
fd.write(image)
fd.close()
carved_images += 1
# now attempt face detection
try:
result = face_detect("%s/%s" % (pictures_directory, file_name),
file_name)
if result is True:
faces_detected += 1
except:
pass
return carved_images, faces_detected
carved_images, faces_detected = http_assembler(pcap_file)
print "Extracted: %d images" % carved_images
print "Detected: %d faces" % faces_detected