Tags:流量分析,USB鼠标,gnuplot
0x00. 题目
附件路径:https://pan.baidu.com/s/1GyH7kitkMYywGC9YJeQLJA?pwd=Zmxh#list/path=/CTF附件
附件名称:202009_风二西_USB鼠标
0x01. WP
1. 脚本解析USB鼠标流量,导出点击轨迹
getUSBMouse.py
# -*- coding: utf-8 -*-
import pyshark, os# 尝试合并http响应的所有TCP包# 初始化pyshark参数
strTsharkPath = "D:\\=Green=\\Wireshark\\App\\Wireshark\\"
strCapPath = "test2.pcapng"
strFomula=""
strlog="output.log"
blnLog=Truedef file_remove(filepath):try:os.remove(filepath)except:passdef log_write(filecontent):# print(filecontent)if blnLog:file = open(strlog, "a", encoding='utf-8')file.write(filecontent + "\n")file.close()#清空日志文件
file_remove(strlog)cap= pyshark.FileCapture(strCapPath,display_filter=strFomula,tshark_path=strTsharkPath)
intTmp=0
strResult=""
posx = 0
posy = 0
result=open('result.txt','w')for pkt in cap:intRequestNumber=pkt.numberlog_write("="*32)log_write("Frame No.: %d"%int(intRequestNumber))for layer in pkt.layers:log_write("layer name: "+layer.layer_name)log_write("\t"+str(layer.field_names))# log_write(str(layer))strUSBData=""blnButton=0 #左键1右键2无键0if str(layer.layer_name)=="DATA": # 监控鼠标滑动流量协议try:strUSBData=str(layer.usbhid_data)print(strUSBData)lUSBData=strUSBData.split(":")# 01:00:fa:ff:ff:00blnButton=int(lUSBData[1],16) # 1左键2右键0无键x=int(lUSBData[2],16) # 横向位移y=int(lUSBData[3],16) # 纵向位移if x > 127:x -= 256if y > 120:y -= 264posx += xposy += yif blnButton == 1: #先过滤左键滑动轨迹result.write(str(posx) + ' ' + str(-posy) + '\n')#print(result)except:passintTmp+=1print(strResult)result.close()log_write("共分析出%d个请求。"%intTmp)2. 解析坐标轨迹
gnuplot.exe -e "plot 'result.txt'" -p
0x02. 附 gnuplot安装简易教程
下载地址:https://sourceforge.net/projects/gnuplot/files/gnuplot/