search

PiRogueToolSuite / pcapng-utils

A set of Python scripts to manipulate PCAPNG files.
GNU General Public License v3.0
2 stars 1 forks source link

Incorrect padding #1

Closed emaheuxPEREN closed 2 months ago

emaheuxPEREN commented 2 months ago

I tried to export my pcapng to HAR but got an Incorrect padding error from binascii.a2b_base64 function. Here's the full traceback; I also join the input pcapng I used.

---------------------------------------------------------------------------
Error                                     Traceback (most recent call last)
Cell In[5], line 15
     13 traffic.parse_traffic()
     14 # Save the HAR file
---> 15 traffic.save_har(Path(DIR / 'traffic.har'))

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/traffic.py:141, in NetworkTrafficDump.save_har(self, output_file)
    135 """
    136 Save the network traffic data in HAR format to a file.
    137 
    138 :param output_file: the file to save the HAR data to
    139 """
    140 with output_file.open('w') as _of:
--> 141     json.dump(self.to_har(), _of, indent=2)

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/traffic.py:117, in NetworkTrafficDump.to_har(self)
    115 entries = []
    116 if self.http_traffic:
--> 117     entries.extend(self.http_traffic.get_har_entries())
    118 if self.http2_traffic:
    119     entries.extend(self.http2_traffic.get_har_entries())

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:304, in HttpTraffic.get_har_entries(self)
    302 entries = []
    303 for http_conversation in self.conversations:
--> 304     entries.append(http_conversation.to_har())
    305 return entries

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:234, in HttpConversation.to_har(self)
    219 def to_har(self):
    220     """
    221     Convert the HTTP conversation to HTTP Archive (HAR) format.
    222     :return: the HTTP conversation (request and response) in HAR format
    223     """
    224     return {
    225         'startedDateTime': self.request.started_date,
    226         'timestamp': float(self.request.packet.get('frame').get('frame.time_epoch')),
    227         'time': 0,
    228         'timings': {
    229             'send': self.request.sending_duration,
    230             'wait': self.waiting_duration,
    231             'receive': self.response.receiving_duration
    232         },
    233         'cache': {},
--> 234         'request': self.request.to_har(),
    235         'response': self.response.to_har()
    236     }

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:103, in HttpRequest.to_har(self)
     89 def to_har(self):
     90     """
     91     Convert the HTTP request to HTTP Archive (HAR) format.
     92     :return: the HTTP request in HAR format
     93     """
     94     return {
     95         'startedDateTime': self.started_date,
     96         'method': self.method,
     97         'url': self.uri,
     98         'httpVersion': 'HTTP/1.1',
     99         'headers': self.headers,
    100         'queryString': [],
    101         'cookies': [],
    102         'headersSize': self.header_length,
--> 103         'bodySize': self.content_length,
    104         'postData': {
    105             'mimeType': self.content_type,
    106             'base64': self.base64_content,
    107             'text': self.decoded_content
    108         }
    109     }

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:137, in HttpRequest.content_length(self)
    135 @property
    136 def content_length(self):
--> 137     return len(base64.b64decode(self.base64_content))

File ~/.pyenv/versions/3.11.9/lib/python3.11/base64.py:88, in b64decode(s, altchars, validate)
     86     assert len(altchars) == 2, repr(altchars)
     87     s = s.translate(bytes.maketrans(altchars, b'+/'))
---> 88 return binascii.a2b_base64(s, strict_mode=validate)

Error: Incorrect padding

My env:

$ pip freeze
asttokens==2.4.1
decorator==5.1.1
executing==2.1.0
ipython==8.27.0
jedi==0.19.1
matplotlib-inline==0.1.7
parso==0.8.4
pexpect==4.9.0
prompt_toolkit==3.0.47
ptyprocess==0.7.0
pure_eval==0.2.3
Pygments==2.18.0
pytz==2024.1
six==1.16.0
stack-data==0.6.3
traitlets==5.14.3
typing_extensions==4.12.2
wcwidth==0.2.13

$ /usr/bin/tshark --version
TShark (Wireshark) 4.0.11 (Git v4.0.11 packaged as 4.0.11-1~deb12u1).

Running on Linux 6.1.0-25-amd64, with Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz
(with SSE4.2), with 64015 MB of physical memory, with GLib 2.74.6, with PCRE2
10.42 2022-12-11, with zlib 1.2.13, with libpcap 1.10.3 (with TPACKET_V3), with
c-ares 1.18.1, with GnuTLS 3.7.9, with Gcrypt 1.10.1, with nghttp2 1.52.0, with
brotli 1.0.9, with LZ4 1.9.4, with Zstandard 1.5.4, with libsmi 0.4.8, with
LC_TYPE=fr_FR.UTF-8, binary plugins supported.
emaheuxPEREN commented 2 months ago

Alternatively for another pcapng I get the following related error:

---------------------------------------------------------------------------
Error                                     Traceback (most recent call last)
Cell In[2], line 17
     15 traffic.parse_traffic()
     16 # Save the HAR file
---> 17 traffic.save_har(Path(DIR / 'traffic.har'))

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/traffic.py:141, in NetworkTrafficDump.save_har(self, output_file)
    135 """
    136 Save the network traffic data in HAR format to a file.
    137 
    138 :param output_file: the file to save the HAR data to
    139 """
    140 with output_file.open('w') as _of:
--> 141     json.dump(self.to_har(), _of, indent=2)

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/traffic.py:117, in NetworkTrafficDump.to_har(self)
    115 entries = []
    116 if self.http_traffic:
--> 117     entries.extend(self.http_traffic.get_har_entries())
    118 if self.http2_traffic:
    119     entries.extend(self.http2_traffic.get_har_entries())

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:304, in HttpTraffic.get_har_entries(self)
    302 entries = []
    303 for http_conversation in self.conversations:
--> 304     entries.append(http_conversation.to_har())
    305 return entries

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:234, in HttpConversation.to_har(self)
    219 def to_har(self):
    220     """
    221     Convert the HTTP conversation to HTTP Archive (HAR) format.
    222     :return: the HTTP conversation (request and response) in HAR format
    223     """
    224     return {
    225         'startedDateTime': self.request.started_date,
    226         'timestamp': float(self.request.packet.get('frame').get('frame.time_epoch')),
    227         'time': 0,
    228         'timings': {
    229             'send': self.request.sending_duration,
    230             'wait': self.waiting_duration,
    231             'receive': self.response.receiving_duration
    232         },
    233         'cache': {},
--> 234         'request': self.request.to_har(),
    235         'response': self.response.to_har()
    236     }

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:103, in HttpRequest.to_har(self)
     89 def to_har(self):
     90     """
     91     Convert the HTTP request to HTTP Archive (HAR) format.
     92     :return: the HTTP request in HAR format
     93     """
     94     return {
     95         'startedDateTime': self.started_date,
     96         'method': self.method,
     97         'url': self.uri,
     98         'httpVersion': 'HTTP/1.1',
     99         'headers': self.headers,
    100         'queryString': [],
    101         'cookies': [],
    102         'headersSize': self.header_length,
--> 103         'bodySize': self.content_length,
    104         'postData': {
    105             'mimeType': self.content_type,
    106             'base64': self.base64_content,
    107             'text': self.decoded_content
    108         }
    109     }

File /donnees/emaheux/repos/sdk-analysis/pcapng-utils/pcapng_utils/tshark/protocols/http1.py:137, in HttpRequest.content_length(self)
    135 @property
    136 def content_length(self):
--> 137     return len(base64.b64decode(self.base64_content))

File ~/.pyenv/versions/3.11.9/lib/python3.11/base64.py:88, in b64decode(s, altchars, validate)
     86     assert len(altchars) == 2, repr(altchars)
     87     s = s.translate(bytes.maketrans(altchars, b'+/'))
---> 88 return binascii.a2b_base64(s, strict_mode=validate)

Error: Invalid base64-encoded string: number of data characters (97) cannot be 1 more than a multiple of 4