Decode parses the stream according to the HTTP protocol.
()
| 100 | |
| 101 | // Decode parses the stream according to the HTTP protocol. |
| 102 | func (h *httpReader) Decode() { |
| 103 | // prevent nil pointer access if decoder is not initialized |
| 104 | if Decoder.Writer == nil { |
| 105 | return |
| 106 | } |
| 107 | |
| 108 | streamutils.DecodeConversation( |
| 109 | h.conversation.Ident, |
| 110 | h.conversation.Data, |
| 111 | func(b *bufio.Reader) error { |
| 112 | return h.readRequest(b) |
| 113 | }, |
| 114 | func(b *bufio.Reader) error { |
| 115 | return h.readResponse(b) |
| 116 | }, |
| 117 | ) |
| 118 | |
| 119 | // iterate over responses |
| 120 | for _, res := range h.responses { // populate types.HTTP with all infos from response |
| 121 | ht := newHTTPFromResponse(res.response) |
| 122 | |
| 123 | matchedReq := h.findRequest(res.response) |
| 124 | |
| 125 | atomic.AddInt64(&streamutils.Stats.NumResponses, 1) |
| 126 | |
| 127 | // now add request information |
| 128 | if matchedReq != nil && res.response.Request != nil { |
| 129 | if secret.Decoder.Writer != nil { |
| 130 | h.searchForLoginParams(res.response.Request) |
| 131 | h.searchForBasicAuth(res.response.Request) |
| 132 | } |
| 133 | |
| 134 | atomic.AddInt64(&streamutils.Stats.NumRequests, 1) |
| 135 | // Use the matched request which preserves JA4H header order info |
| 136 | setRequest(ht, &httpRequest{ |
| 137 | request: res.response.Request, |
| 138 | timestamp: res.timestamp, |
| 139 | clientIP: res.clientIP, |
| 140 | serverIP: res.serverIP, |
| 141 | clientPort: res.clientPort, |
| 142 | serverPort: res.serverPort, |
| 143 | flow: res.flow, |
| 144 | headerOrder: matchedReq.headerOrder, |
| 145 | cookieFields: matchedReq.cookieFields, |
| 146 | acceptLang: matchedReq.acceptLang, |
| 147 | }) |
| 148 | } else { |
| 149 | // response without matching request |
| 150 | // don't add to output for now |
| 151 | atomic.AddInt64(&streamutils.Stats.NumUnmatchedResp, 1) |
| 152 | |
| 153 | continue |
| 154 | } |
| 155 | |
| 156 | // Set Community ID for cross-tool correlation |
| 157 | ht.CommunityID = h.conversation.CommunityID |
| 158 | writeHTTP(ht, h.conversation.Ident) |
| 159 | } |
nothing calls this directly
no test coverage detected