Skip to content

spq/pkappa2

Folders and files

NameName
Last commit message
Last commit date
Aug 6, 2024
May 1, 2024
Aug 22, 2024
Aug 6, 2024
Nov 16, 2023
Aug 23, 2024
Aug 23, 2024
Aug 27, 2023
Jul 30, 2024
May 23, 2024
Jul 30, 2024
May 14, 2021
May 26, 2024
Jul 30, 2024
Aug 12, 2024
Aug 12, 2024
Feb 5, 2023

Repository files navigation

Pkappa2

Pkappa2 is a packet stream analysis tool intended for Attack & Defense CTF Competitions. It receives pcap files via a http upload, usually send by a tcpdump-complete script. The received pcaps are processed and using the webinterface, users can run queries over the streams. Streams matching the query are displayed and their content can be viewed in multiple formats.

The tool is under development and might not work! See docs/TODO.md for missing features.

Add pcaps using a POST to /upload/filename.pcap:

curl --data-binary @some-file.pcap http://localhost:8080/upload/some-file.pcap

Running

  • install required dependencies
    • libpcap (e.g. apt install libpcap-dev)
  • run yarn install && yarn build in /web
  • run go run cmd/pkappa2/main.go in /
  • optionally, install stock converter python dependencies: pip install -r converters/pkappa2lib/requirements.txt
  • visit localhost:8080 in your web browser

You likely want to add some arguments to the go run command, check -help

Docker

  • copy .env.example to .env and change the configuration
  • run docker compose up -d
  • visit localhost:8080 in your web browser

UI Development

  • make sure you can run Pkappa2
  • run yarn dev in /web
  • run go run cmd/pkappa2/main.go -address :8081 in /
  • visit localhost:8080 in your web browser

You can import multiple .pcap files in the current folder using: for f in *.pcap; do curl --data-binary "@$f" "http://localhost:8081/upload/$f"; done

Generating type guards

In order to generate all the typeguards, go to web/ and call

npx ts-auto-guard

When getting api-responses about types mismatching, you can debug the typeguards via

npx ts-auto-guard --debug