Merge pull request #112 from odedshimon/refactor-data-context

Refactor data context

Author: odedshimon

BruteShark/BruteForce/BruteForce.csproj

@@ -2,6 +2,7 @@
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
+    <LangVersion>8.0</LangVersion>
   </PropertyGroup>
 
 </Project>

BruteShark/BruteSharkCli/Cli Shell/CliShell.cs

@@ -229,7 +229,7 @@ private void PrintHashes()
 
         private void PrintNetworkMap()
         {
-            Console.WriteLine(CommonUi.Exporting.GetNetworkMapAsJsonString(this._connections));
+            Console.WriteLine(CommonUi.Exporting.GetIndentdJson(this._connections));
         }
 
         private void StartAnalyzing()

BruteShark/BruteSharkCli/Properties/launchSettings.json

@@ -2,7 +2,7 @@
   "profiles": {
     "BruteSharkCli": {
       "commandName": "Project",
-      "commandLineArgs": "-d C:\\\\Users\\King\\\\github\\BS_SEP\\BruteShark\\Pcap_Examples -m Credentials,NetworkMap,FileExtracting,DNS -o C:\\\\Users\\King\\Desktop\\Test"
+      "commandLineArgs": "-d C:\\\\Users\\King\\\\github\\BS_NETWORK\\BruteShark\\Pcap_Examples -m Credentials,NetworkMap,FileExtracting,DNS -o C:\\\\Users\\King\\Desktop\\Test"
     }
   }
 }

BruteShark/BruteSharkCli/Single Command Runner/SingleCommandRunner.cs

@@ -15,10 +15,11 @@ class SingleCommandRunner
     {
         private SingleCommandFlags _cliFlags;
         private List<string> _files;
+        private CommonUi.NetworkContext _networkContext;
         private HashSet<PcapAnalyzer.NetworkFile> _extractedFiles;
         private HashSet<PcapAnalyzer.NetworkPassword> _passwords;
         private HashSet<PcapAnalyzer.NetworkHash> _hashes;
-        private HashSet<PcapAnalyzer.NetworkConnection> _connections;
+        //private HashSet<PcapAnalyzer.NetworkConnection> _connections;
         private HashSet<CommonUi.VoipCall> _voipCalls;
         private HashSet<PcapAnalyzer.DnsNameMapping> _dnsMappings;
 
@@ -41,8 +42,8 @@ public SingleCommandRunner(Analyzer analyzer, Processor processor, Sniffer sniff
             _processor = processor;
             _files = new List<string>();
 
+            _networkContext = new NetworkContext();
             _hashes = new HashSet<PcapAnalyzer.NetworkHash>();
-            _connections = new HashSet<PcapAnalyzer.NetworkConnection>();
             _passwords = new HashSet<NetworkPassword>();
             _extractedFiles = new HashSet<NetworkFile>();
             _voipCalls = new HashSet<CommonUi.VoipCall>();
@@ -214,10 +215,12 @@ private void ExportResults()
         {
             if (_cliFlags.OutputDir != null)
             { 
-                if (_connections.Any())
+                if (_networkContext.Connections.Any())
                 {
-                    var filePath = CommonUi.Exporting.ExportNetworkMap(_cliFlags.OutputDir, _connections);
-                    CliPrinter.Info($"Successfully exported network map to json file: {filePath}");
+                    var networkMapFilePath = CommonUi.Exporting.ExportNetworkMap(_cliFlags.OutputDir, _networkContext.Connections);
+                    CliPrinter.Info($"Successfully exported network map to json file: {networkMapFilePath}");
+                    var nodesDataFilePath = CommonUi.Exporting.ExportNetworkNodesData(_cliFlags.OutputDir, _networkContext.GetAllNodes());
+                    CliPrinter.Info($"Successfully exported network nodes data to json file: {nodesDataFilePath}");
                 }
                 if (_hashes.Any())
                 {
@@ -237,7 +240,7 @@ private void ExportResults()
 				if(_voipCalls.Any())
                 {
                    var dirPath = CommonUi.Exporting.ExportVoipCalls(_cliFlags.OutputDir, _voipCalls);
-                    CliPrinter.Info($"Successfully exported voip calss extracted to: {dirPath}");
+                    CliPrinter.Info($"Successfully exported voip calls extracted to: {dirPath}");
                 }
             }
 
@@ -304,7 +307,7 @@ private void OnParsedItemDetected(object sender, ParsedItemDetectedEventArgs e)
             else if (e.ParsedItem is PcapAnalyzer.NetworkConnection)
             {
                 var networkConnection = e.ParsedItem as NetworkConnection;
-                _connections.Add(networkConnection);
+                _networkContext.Connections.Add(networkConnection);
             }
             else if (e.ParsedItem is PcapAnalyzer.VoipCall)
             {

BruteShark/BruteSharkDesktop/BruteSharkDesktop.csproj

@@ -12,6 +12,7 @@
 	  <PackageReference Include="AutomaticGraphLayout" Version="1.1.9" />
 	  <PackageReference Include="AutomaticGraphLayout.Drawing" Version="1.1.9" />
 	  <PackageReference Include="AutomaticGraphLayout.GraphViewerGDI" Version="1.1.9" />
+	  <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
 	</ItemGroup>
 
 	<ItemGroup>

BruteShark/BruteSharkDesktop/JsonTreeViewLoader.cs

@@ -0,0 +1,69 @@
+using Newtonsoft.Json.Linq;
+using System.Windows.Forms;
+
+namespace BruteSharkDesktop
+{
+    // Originally taken from https://stackoverflow.com/questions/39673815/how-to-recursively-populate-a-treeview-with-json-data
+    // Did some customizations for BruteShark needs.
+    public static class JsonTreeViewLoader
+    {
+		public static void LoadJsonToTreeView(this TreeView treeView, string json, string rootNodeText)
+		{
+            var root = JToken.Parse(json);
+            DisplayTreeView(treeView, root, rootNodeText);
+        }
+
+        private static void DisplayTreeView(TreeView treeView, JToken root, string rootName)
+        {
+            treeView.BeginUpdate();
+            try
+            {
+                treeView.Nodes.Clear();
+                var tNode = treeView.Nodes[treeView.Nodes.Add(new TreeNode(rootName))];
+                tNode.Tag = root;
+
+                AddNode(root, tNode);
+
+                treeView.ExpandAll();
+            }
+            finally
+            {
+                treeView.EndUpdate();
+            }
+        }
+
+        private static void AddNode(JToken token, TreeNode inTreeNode)
+        {
+            if (token == null)
+                return;
+            if (token is JValue)
+            {
+                var childNode = inTreeNode.Nodes[inTreeNode.Nodes.Add(new TreeNode(token.ToString()))];
+                childNode.Tag = token;
+            }
+            else if (token is JObject jObject)
+            {
+                foreach (var property in jObject.Properties())
+                {
+                    var childNode = inTreeNode.Nodes[inTreeNode.Nodes.Add(new TreeNode(property.Name))];
+                    childNode.Tag = property;
+                    AddNode(property.Value, childNode);
+                }
+            }
+            else if (token is JArray jArray)
+            {
+                foreach (JValue jv in jArray)
+                {
+                    var childNode = inTreeNode.Nodes[inTreeNode.Nodes.Add(new TreeNode(jv.ToString()))];
+                }
+            }
+            else
+            {
+                // TODO: log
+                // Debug.WriteLine(string.Format("{0} not implemented", token.Type)); // JConstructor, JRaw
+            }
+        }
+
+
+    }
+}

BruteShark/BruteSharkDesktop/MainForm.cs

@@ -18,7 +18,7 @@ public partial class MainForm : Form
     {
         private CancellationTokenSource _cts;
         private HashSet<string> _files;
-        private HashSet<PcapAnalyzer.NetworkConnection> _connections;
+        private CommonUi.NetworkContext _networkContext;
         private PcapProcessor.Processor _processor;
         private PcapProcessor.Sniffer _sniffer;
         private PcapAnalyzer.Analyzer _analyzer;
@@ -38,7 +38,7 @@ public MainForm()
 
             _files = new HashSet<string>();
             _cts = new CancellationTokenSource();
-            _connections = new HashSet<PcapAnalyzer.NetworkConnection>();
+            _networkContext = new CommonUi.NetworkContext();
 
             // Create the DAL and BLL objects.
             _processor = new PcapProcessor.Processor();
@@ -51,13 +51,13 @@ public MainForm()
             _sniffer.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
             _sniffer.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
             _sniffer.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
-            _sniffer.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorTcpSessionToBruteSharkDesktopTcpSession(e.TcpSession)));
-            _sniffer.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorUdpSessionToBruteSharkDesktopUdpSession(e.UdpSession)));
+            _sniffer.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.TcpSession));
+            _sniffer.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.UdpSession));
             _processor.UdpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorUdpPacketToAnalyzerUdpPacket(e.Packet));
             _processor.TcpPacketArived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpPacketToAnalyzerTcpPacket(e.Packet));
             _processor.TcpSessionArrived += (s, e) => _analyzer.Analyze(CommonUi.Casting.CastProcessorTcpSessionToAnalyzerTcpSession(e.TcpSession));
-            _processor.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorTcpSessionToBruteSharkDesktopTcpSession(e.TcpSession)));
-            _processor.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(Casting.CastProcessorUdpSessionToBruteSharkDesktopUdpSession(e.UdpSession)));
+            _processor.TcpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.TcpSession));
+            _processor.UdpSessionArrived += (s, e) => SwitchToMainThreadContext(() => OnSessionArived(e.UdpSession));
             _processor.FileProcessingStatusChanged += (s, e) => SwitchToMainThreadContext(() => OnFileProcessingStatusChanged(s, e));
             _processor.ProcessingPrecentsChanged += (s, e) => SwitchToMainThreadContext(() => OnProcessingPrecentsChanged(s, e));
             _processor.ProcessingFinished += (s, e) => SwitchToMainThreadContext(() => OnProcessingFinished(s, e));
@@ -73,9 +73,9 @@ public MainForm()
 
         private void InitilizeModulesUserControls()
         {
-            _networkMapUserControl = new NetworkMapUserControl();
+            _networkMapUserControl = new NetworkMapUserControl(_networkContext);
             _networkMapUserControl.Dock = DockStyle.Fill;
-            _sessionsExplorerUserControl = new SessionsExplorerUserControl();
+            _sessionsExplorerUserControl = new SessionsExplorerUserControl(_networkContext);
             _sessionsExplorerUserControl.Dock = DockStyle.Fill;
             _hashesUserControl = new HashesUserControl();
             _hashesUserControl.Dock = DockStyle.Fill;
@@ -134,7 +134,13 @@ private void HandleFailedFiles()
             }
         }
 
-        private void OnSessionArived(TransportLayerSession session)
+        private void OnSessionArived(PcapProcessor.TcpSession session)
+        {
+            _sessionsExplorerUserControl.AddSession(session);
+            this.modulesTreeView.Nodes["NetworkNode"].Nodes["SessionsNode"].Text = $"Sessions ({_sessionsExplorerUserControl.SessionsCount})";
+        }
+
+        private void OnSessionArived(PcapProcessor.UdpSession session)
         {
             _sessionsExplorerUserControl.AddSession(session);
             this.modulesTreeView.Nodes["NetworkNode"].Nodes["SessionsNode"].Text = $"Sessions ({_sessionsExplorerUserControl.SessionsCount})";
@@ -219,7 +225,7 @@ private void OnParsedItemDetected(object sender, PcapAnalyzer.ParsedItemDetected
             else if (e.ParsedItem is PcapAnalyzer.NetworkConnection)
             {
                 var connection = e.ParsedItem as PcapAnalyzer.NetworkConnection;
-                _connections.Add(connection);
+                _networkContext.HandleNetworkConection(connection);
                 _networkMapUserControl.AddEdge(connection.Source, connection.Destination);
                 this.modulesTreeView.Nodes["NetworkNode"].Nodes["NetworkMapNode"].Text = $"Network Map ({_networkMapUserControl.NodesCount})";
             }
@@ -386,7 +392,7 @@ private void BuildUdpSessionsCheckBox_CheckedChanged(object sender, EventArgs e)
 
         private void MessageOnBuildSessionsConfigurationChanged()
         {
-            ShowInfoMessageBox(@"NOTE, Disabling sessions reconstruction means that BruteShark will not analyze full sessions,
+            Utilities.ShowInfoMessageBox(@"NOTE, Disabling sessions reconstruction means that BruteShark will not analyze full sessions,
 This means a faster processing but also that some obects may not be extracted.");
         }
 
@@ -427,27 +433,14 @@ private async void StartLiveCaptureAsync()
             // We wait here until the sniffing will be stoped (by the stop button).
             this.progressBar.CustomText = string.Empty;
             this.progressBar.Refresh();
-            ShowInfoMessageBox("Capture Stoped");
+            Utilities.ShowInfoMessageBox("Capture Stoped");
         }
 
         private void StopCaptureButton_Click(object sender, EventArgs e)
         {
             _cts.Cancel();
         }
 
-        private void ShowInfoMessageBox(string text)
-        {
-            // NOTE: Info message box is also set up at front of the form, it solves the 
-            // problem of message box that is hidden under the form.
-            MessageBox.Show(
-                text: text, 
-                caption: "Info", 
-                buttons: MessageBoxButtons.OK, 
-                icon: MessageBoxIcon.Information,
-                defaultButton: MessageBoxDefaultButton.Button1, 
-                options: MessageBoxOptions.DefaultDesktopOnly);
-        }
-
         private void promiscuousCheckBox_CheckStateChanged(object sender, EventArgs e)
         {
             if (promiscuousCheckBox.CheckState == CheckState.Checked)
@@ -485,8 +478,9 @@ private void exportResutlsButton_Click(object sender, EventArgs e)
                     this.progressBar.CustomText = $"Exporting results to output folder: {outputDirectoryPath}...";
                     this.progressBar.Refresh();
                     CommonUi.Exporting.ExportFiles(outputDirectoryPath, _filesUserControl.Files);
-                    CommonUi.Exporting.ExportNetworkMap(outputDirectoryPath, _connections);
+                    CommonUi.Exporting.ExportNetworkMap(outputDirectoryPath, _networkContext.Connections);
                     CommonUi.Exporting.ExportVoipCalls(outputDirectoryPath, _voipCallsUserControl.VoipCalls);
+                    CommonUi.Exporting.ExportNetworkNodesData(outputDirectoryPath, _networkContext.GetAllNodes());
                     this.progressBar.CustomText = string.Empty;
 
                     MessageBox.Show($"Successfully exported results");
@@ -501,14 +495,14 @@ private void exportResutlsButton_Click(object sender, EventArgs e)
 
         private void clearResutlsButton_Click(object sender, EventArgs e)
         {
-            _connections = new HashSet<PcapAnalyzer.NetworkConnection>();
+            _networkContext = new CommonUi.NetworkContext();
             _analyzer.Clear();
 
             // Clear all modules user controls by recreating them. 
             InitilizeModulesUserControls();
 
             // Remove the items count of each module from the tree view (e.g "DNS (13)" -> "DNS").
-            foreach (var node in IterateAllNodes(modulesTreeView.Nodes))
+            foreach (var node in Utilities.IterateAllNodes(modulesTreeView.Nodes))
             {
                 var index = node.Text.LastIndexOf('(');
 
@@ -517,18 +511,9 @@ private void clearResutlsButton_Click(object sender, EventArgs e)
                     node.Text = node.Text.Substring(0, index);
                 }
             }
-        }
-
-        IEnumerable<TreeNode> IterateAllNodes(TreeNodeCollection nodes)
-        {
-            // Recursively iterate over all nodes and sub nodes.
-            foreach (TreeNode node in nodes)
-            {
-                yield return node;
 
-                foreach (var child in IterateAllNodes(node.Nodes))
-                    yield return child;
-            }
+            // Select the head of the modules tree view to force refreshing of the current user control.
+            modulesTreeView.SelectedNode = modulesTreeView.Nodes[0];
         }
 
     }