MCPcopy
hub / github.com/dreadl0ck/netcap / Decode

Method Decode

decoder/stream/http/http_reader.go:102–182  ·  view source on GitHub ↗

Decode parses the stream according to the HTTP protocol.

()

Source from the content-addressed store, hash-verified

100
101// Decode parses the stream according to the HTTP protocol.
102func (h *httpReader) Decode() {
103 // prevent nil pointer access if decoder is not initialized
104 if Decoder.Writer == nil {
105 return
106 }
107
108 streamutils.DecodeConversation(
109 h.conversation.Ident,
110 h.conversation.Data,
111 func(b *bufio.Reader) error {
112 return h.readRequest(b)
113 },
114 func(b *bufio.Reader) error {
115 return h.readResponse(b)
116 },
117 )
118
119 // iterate over responses
120 for _, res := range h.responses { // populate types.HTTP with all infos from response
121 ht := newHTTPFromResponse(res.response)
122
123 matchedReq := h.findRequest(res.response)
124
125 atomic.AddInt64(&streamutils.Stats.NumResponses, 1)
126
127 // now add request information
128 if matchedReq != nil && res.response.Request != nil {
129 if secret.Decoder.Writer != nil {
130 h.searchForLoginParams(res.response.Request)
131 h.searchForBasicAuth(res.response.Request)
132 }
133
134 atomic.AddInt64(&streamutils.Stats.NumRequests, 1)
135 // Use the matched request which preserves JA4H header order info
136 setRequest(ht, &httpRequest{
137 request: res.response.Request,
138 timestamp: res.timestamp,
139 clientIP: res.clientIP,
140 serverIP: res.serverIP,
141 clientPort: res.clientPort,
142 serverPort: res.serverPort,
143 flow: res.flow,
144 headerOrder: matchedReq.headerOrder,
145 cookieFields: matchedReq.cookieFields,
146 acceptLang: matchedReq.acceptLang,
147 })
148 } else {
149 // response without matching request
150 // don't add to output for now
151 atomic.AddInt64(&streamutils.Stats.NumUnmatchedResp, 1)
152
153 continue
154 }
155
156 // Set Community ID for cross-tool correlation
157 ht.CommunityID = h.conversation.CommunityID
158 writeHTTP(ht, h.conversation.Ident)
159 }

Callers

nothing calls this directly

Calls 9

readRequestMethod · 0.95
readResponseMethod · 0.95
findRequestMethod · 0.95
searchForLoginParamsMethod · 0.95
searchForBasicAuthMethod · 0.95
newHTTPFromResponseFunction · 0.85
setRequestFunction · 0.85
writeHTTPFunction · 0.85
DecodeConversationMethod · 0.65

Tested by

no test coverage detected