2020-10-28 18:49:15 +01:00
{% macro taxonomy_table(tree_uuid, categories_info, add_category) %}
< div class = "table-responsive" >
< table id = "table" class = "table" >
< thead >
< tr >
< th > Name< / th >
< th > Description< / th >
< th > Machinetag< / th >
{% if add_category %}
< th > Click to add category< / th >
{% else %}
< th > Click to remove category< / th >
{% endif %}
< / tr >
< / thead >
< tbody >
{% for mt, val in categories_info.items() %}
< tr >
< td > < a href = "https://www.misp-project.org/taxonomies.html#_{{ val[0].name }}" > {{ val[0].name }}< / a > < / td >
< td >
{% if val|length == 3 %}
{% if val[2].description %}
{{ val[2].description }}
{% elif val[2].expanded %}
{{ val[2].expanded }}
{%endif%}
{% elif val[1].description %}
{{ val[1].description }}
{% else %}
{{ val[1].predicate }}
{%endif%}
< / td >
< td > {{ mt }}< / td >
< td >
2020-11-30 20:26:50 +01:00
< button type = "button" class = "btn btn-info {% if add_category %}categorize_capture{% else %}uncategorize_capture{% endif %}" value = "{{ mt }}" >
2020-10-28 18:49:15 +01:00
{% if add_category %}
Categorize capture.
{% else %}
Uncategorize capture.
{% endif %}
< / button >
< / td >
< / tr >
{% endfor %}
< / tbody >
< / table >
< / div >
< script >
$('.categorize_capture').on('click',function(e){
var button = $(this);
$.get("{{ url_for('categorize_capture', tree_uuid=tree_uuid) }}" + button.val())
$('.modal-body').load("{{ url_for('categories_capture', tree_uuid=tree_uuid) }}")
});
$('.uncategorize_capture').on('click',function(e){
var button = $(this);
$.get("{{ url_for('uncategorize_capture', tree_uuid=tree_uuid) }}" + button.val())
$('.modal-body').load("{{ url_for('categories_capture', tree_uuid=tree_uuid) }}")
});
< / script >
{% endmacro %}
2020-08-25 18:00:16 +02:00
{% macro known_content_details(details) %}
2020-07-12 01:56:29 +02:00
< div >
{% if details is string %}
< b > {{ details }} < / b >
{% else %}
This file is known as part of < b > {{ details[0] }}< / b >
version < b > {{ details[1] }}< / b > : < b > {{ details[2] }}< / b > .
{% if details[3] > 1%}
It is also present in < b > {{ details[3] -1 }}< / b > other libraries.
{%endif%}
{%endif%}
< / div >
{% endmacro %}
2020-09-03 16:31:45 +02:00
{% macro context_form(tree_uuid, urlnode_uuid, hostnode_uuid, hash, callback_str) %}
2020-11-30 20:26:50 +01:00
< button class = "btn btn-info collapsed" type = "button" data-toggle = "collapse" data-target = "#context_response_{{ urlnode_uuid }}" aria-expanded = "false" aria-controls = "collapseContextForm" >
2020-09-03 16:31:45 +02:00
< span class = "if-collapsed" > Add context< / span >
< span class = "if-not-collapsed" > Hide context form< / span >
< / button >
< div class = "collapse" id = "context_response_{{ urlnode_uuid }}" >
< div class = "card card-body" >
2020-10-09 18:05:04 +02:00
< form role = "form" action = "{{ url_for('add_context', tree_uuid=tree_uuid, node_uuid=urlnode_uuid) }}" method = post enctype = multipart/form-data >
2020-09-03 16:31:45 +02:00
< div class = "form-group" >
< div class = "form-check" >
< input class = "form-check-input" type = "checkbox" name = "legitimate" id = "legitimate" >
< label for = "legitimate" class = "form-check-label" > Legitimate< / label >
< / div >
< / div >
< div class = "form-group" >
< label for = "legitimate_domain" > Domain serving the file when considered legitimate:< / label >
< input type = "text" class = "form-control" name = "legitimate_domain" id = "legitimate_domain" placeholder = "Domain name" >
< / div >
< div class = "form-group" >
< label for = "legitimate_description" > Other context for this content (library name, owner, ...):< / label >
< input type = "text" class = "form-control" name = "legitimate_description" id = "legitimate_description" placeholder = "Description" >
< / div >
< div class = "form-group" >
< div class = "form-check" >
< input class = "form-check-input" type = "checkbox" name = "malicious" > < / input >
< label for = "malicious" class = "form-check-label" > Malicious< / label >
< / div >
< / div >
< div class = "form-group" >
< label for = "malicious_type" > Type of malicious content (phishing, malware, ...):< / label >
< input type = "text" class = "form-control" name = "malicious_type" id = "malicious_type" placeholder = "Type of malicious content" >
< / div >
< div class = "form-group" >
< label for = "malicious_target" > Legitimate target of the malicious content (expecially for phishing):< / label >
< input type = "text" class = "form-control" name = "malicious_target" id = "malicious_target" placeholder = "Target" >
< / div >
< input type = "hidden" id = "hash_to_contextualize" name = "hash_to_contextualize" value = "{{ hash }}" >
< input type = "hidden" id = "hostnode_uuid" name = "hostnode_uuid" value = "{{ hostnode_uuid }}" >
< input type = "hidden" id = "callback_str" name = "callback_str" value = "{{ callback_str }}" >
2020-11-30 20:26:50 +01:00
< button type = "submit" class = "btn btn-info" id = "btn-looking" > Submit context< / button >
2020-09-03 16:31:45 +02:00
< / form >
< / div >
< / div >
{% endmacro %}
2021-02-09 22:01:20 +01:00
{% macro get_ressource_button(capture_uuid, urlnode_uuid, hash, text, can_preview=False) %}
2020-09-03 14:39:38 +02:00
< form method = "post" action = "{{ url_for('get_ressource', tree_uuid=capture_uuid, node_uuid=urlnode_uuid) }}" >
2021-02-09 22:01:20 +01:00
< button class = "btn btn-info" name = "ressource_hash" value = "{{ hash }}"
{% if can_preview %}
data-toggle="tooltip" data-placement="bottom" data-html="true"
title='< img src = "{{ url_for('get_ressource_preview', tree_uuid=capture_uuid, node_uuid=urlnode_uuid, h_ressource=hash) }}" / > '
{% endif %}
>{{ text }}< / button >
2020-09-03 14:39:38 +02:00
< / form >
{% endmacro %}
2020-08-27 12:57:10 +02:00
{% macro ressource_legitimacy_details(details, ressource_size) %}
{% if details and details[0] == False %}
< img src = "/static/bomb.svg" title = "Known malicious content in the response." width = "21" height = "21" / >
{%endif%}
2020-12-07 13:25:47 +01:00
< b > Body size< / b > : {{ sizeof_fmt(ressource_size) }}
2020-08-27 12:57:10 +02:00
{% if details %}
{% if details[0] %}
2020-09-01 17:33:36 +02:00
- This file is known < b > legitimate< / b > on the following domains: {{ ', '.join(details[1]) }}.
2020-08-27 12:57:10 +02:00
{% elif details[0] == False %}
2020-09-01 17:33:36 +02:00
< / br >
2020-09-08 19:18:55 +02:00
< p >
2020-09-01 17:33:36 +02:00
The response sould be considered as
{% if details[1] is mapping and details[1].get('tag') %}
< b > {{ ', '.join(details[1]['tag']) }}< / b >
{% else %}
< b > phishing< / b >
{%endif%}
{% if details[1] is mapping and details[1].get('target') %}
2020-09-14 14:12:22 +02:00
and is targeting < b > the following domain(s)< / b > : {{ ', '.join(details[1]['target']) }}
2020-08-27 12:57:10 +02:00
{% else %}
2020-09-01 17:33:36 +02:00
unless it is served by < b > the following domain(s)< / b > : {{ ', '.join(details[1]) }}
2020-08-27 12:57:10 +02:00
{%endif%}
2020-09-08 19:18:55 +02:00
< / p >
2020-08-27 12:57:10 +02:00
{%endif%}
{%endif%}
{% endmacro %}
2020-07-12 01:56:29 +02:00
{% macro indexed_hash(details, identifier_for_toggle) %}
2020-09-01 17:33:36 +02:00
{% set total_captures = details[0] %}
{% set other_captures = details[1] %}
2020-07-12 01:56:29 +02:00
{# Only show details if the hits are in an other capture #}
{% if total_captures > 0 %}
< p >
2020-07-16 01:08:39 +02:00
The same file was seen in < b > {{ total_captures }}< / b > other captures.
2020-11-30 20:26:50 +01:00
< button class = "btn btn-info collapsed" type = "button" data-toggle = "collapse" data-target = "#captureslist_{{ identifier_for_toggle }}" aria-expanded = "false" aria-controls = "collapseExample" >
2020-07-17 18:39:50 +02:00
< span class = "if-collapsed" > Show other captures< / span >
< span class = "if-not-collapsed" > Hide other captures< / span >
2020-07-12 01:56:29 +02:00
< / button >
< / p >
{# Lists of other captures loading the same content... #}
< div class = "collapse" id = "captureslist_{{ identifier_for_toggle }}" >
< div class = "card card-body" >
2020-09-04 18:40:51 +02:00
{% if total_captures > 20 %}
Note that only 20 captures are displayed here.
{% endif %}
2020-09-01 17:33:36 +02:00
{% if other_captures['different_url']|length > 0 %}
2020-07-12 01:56:29 +02:00
{# ... on other URLs #}
< div >
< p > The following captures get the same file from a < b > different URL< / b > < / p >
2020-09-01 17:33:36 +02:00
{{ other_captures_table(other_captures['different_url']) }}
2020-07-12 01:56:29 +02:00
< / div >
{% endif %}
< / br >
2020-09-01 17:33:36 +02:00
{% if other_captures['same_url']|length > 0 %}
2020-07-12 01:56:29 +02:00
{# ... on the same URL #}
< div >
< p > The following captures get the same file from the < b > same URL< / b > < / p >
2020-09-01 17:33:36 +02:00
{{ other_captures_table(other_captures['same_url']) }}
2020-07-12 01:56:29 +02:00
< / div >
2020-07-16 01:08:39 +02:00
{% endif %}
2020-07-12 01:56:29 +02:00
< / div >
< / div >
{% endif %}
{% endmacro %}
2020-07-12 14:59:01 +02:00
2020-08-10 15:42:26 +02:00
{% macro other_captures_table(entries) %}
< div class = "table-responsive" >
< table id = "table_other_captures" class = "table" >
< thead >
< tr >
< th > Title< / th >
< th > Timestamp< / th >
< th > Domain< / th >
< / tr >
< / thead >
< tbody >
{% for capture_uuid, urlnode_uuid, title, timestamp, hostname in entries %}
< tr >
< td >
< a href = "#/" onclick = "openTreeInNewTab('{{ capture_uuid }}', '{{ urlnode_uuid }}')" > {{ title }}< / a >
< / td >
< td > {{ timestamp }}< / td >
< td > {{ hostname }}< / td >
< / tr >
{% endfor %}
< / tbody >
< / table >
< / div >
{% endmacro %}
2020-07-12 14:59:01 +02:00
{% macro indexed_cookies(header_text, button_text, cookies) %}
{% if cookies %}
< div > {{ header_text }}< / div >
< ul >
{% for cookie, details in cookies.items() %}
{% set cookie_name_value = cookie.split('=', 1) %}
{% for detail in details %}
{% if detail|length == 1 %}
< li >
{{ detail[0] }}: < a href = "{{ url_for('cookies_name_detail', cookie_name=cookie_name_value[0]) }}" >
2020-07-17 18:39:50 +02:00
{{ cookie_name_value[0] }}< / a > ={{ shorten_string(cookie_name_value[1], 200) }}
2020-07-12 14:59:01 +02:00
< / li >
{% else %}
< li >
{{ detail[0] }}: < a href = "{{ url_for('cookies_name_detail', cookie_name=cookie_name_value[0]) }}" >
2020-07-17 18:39:50 +02:00
{{ cookie_name_value[0] }}< / a > ={{ shorten_string(cookie_name_value[1], 200) }} -
2020-07-23 17:47:12 +02:00
< / br >
{{ button_text }}
< button type = "button" class = "btn btn-info" onclick = "whereAmI('{{ detail[1] }}')" > Locate< / button >
2020-07-12 14:59:01 +02:00
< / li >
{% endif %}
{% endfor %}
{% endfor %}
< / ul >
{% endif %}
{% endmacro %}
2020-07-15 13:51:45 +02:00
{% macro popup_icons(lookup_dict, urlnode, tree_uuid) %}
< div >
2021-01-01 22:47:34 +01:00
{% for key, icon_info in lookup_dict.items() %}
2020-07-15 13:51:45 +02:00
{% if urlnode[key] %}
{% if key == "request_cookie" %}
2021-01-01 22:47:34 +01:00
< a href = "{{ url_for('urlnode_request_cookies', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}"
title="Download all the cookies in the request to the server">
< img src = "{{ url_for('static', filename=icon_info['icon']) }}" alt = "{{ icon_info['tooltip'] }}"
width="21" height="21"/>
2020-07-15 13:51:45 +02:00
< / a >
{% elif key == "response_cookie"%}
2021-01-01 22:47:34 +01:00
< a href = "{{ url_for('urlnode_response_cookies', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}"
title="Download all the cookies in the response from the server">
< img src = "{{ url_for('static', filename=icon_info['icon']) }}" alt = "{{ icon_info['tooltip'] }}"
width="21" height="21"/>
2020-07-15 13:51:45 +02:00
< / a >
2021-01-01 22:47:34 +01:00
{% elif key in ["js", "exe", "css", "font", "html", "json", "image", "video",
"unknown_mimetype", "text", "unset_mimetype", "octet-stream", "livestream"]
and not urlnode.empty_response %}
2020-12-22 18:23:26 +01:00
< a href = "{{ url_for('get_ressource', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}" >
2021-01-01 22:47:34 +01:00
< img src = "{{ url_for('static', filename=icon_info['icon']) }}" alt = "{{ icon_info['tooltip'] }}"
width="21" height="21"
2020-12-22 18:23:26 +01:00
{% if key == "image" %}
2021-01-01 22:47:34 +01:00
data-toggle="tooltip" data-placement="bottom" data-html="true" title='< img src = "{{ url_for('get_ressource_preview', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}" / > < / br > Click to download the content of the response in a zip file'
{% else %}
data-toggle="tooltip" data-placement="bottom" data-html="true" title="{{icon_info['tooltip']}} < br / > Click to download."
2020-12-22 18:23:26 +01:00
{% endif %}
/>
2020-07-16 01:08:39 +02:00
< / a >
2020-12-07 13:25:47 +01:00
{% elif key != "redirect" %}
2021-01-01 22:47:34 +01:00
< img src = "{{ url_for('static', filename=icon_info['icon']) }}"
alt="{{ icon_info['tooltip'] }}" title="{{ icon_info['tooltip'] }}" width="21" height="21"/>
2020-07-15 13:51:45 +02:00
{%endif%}
{%endif%}
{% endfor %}
< / div >
2020-12-07 13:25:47 +01:00
< div >
{% if "redirect" in lookup_dict and urlnode["redirect"] %}
{% for child in urlnode.children if child.name == urlnode.redirect_url %}
< div title = '{{ urlnode.redirect_url }}' >
< b > Redirect to< / b > : {{ shorten_string(urlnode.redirect_url, 50) }}
< a href = "#/" role = "button" onclick = "whereAmI('{{ child.hostnode_uuid }}')" title = "See the node the URL redirects to." >
2021-01-01 22:47:34 +01:00
< img src = "{{ url_for('static', filename=lookup_dict['redirect']['icon']) }}" alt = "{{ lookup_dict['redirect']['tooltip'] }}" width = "21" height = "21" / >
2020-12-07 13:25:47 +01:00
< / a >
< / div >
{% else %}
2021-01-01 22:47:34 +01:00
< img src = "{{ url_for('static', filename=lookup_dict['redirect']['icon']) }}"
alt="{{ lookup_dict['redirect']['tooltip'] }}" title="{{ lookup_dict['redirect']['tooltip'] }}"
width="21" height="21"/>
2020-12-07 13:25:47 +01:00
{% endfor %}
{%endif%}
< / div >
2020-07-15 13:51:45 +02:00
{% endmacro %}
2020-07-15 18:04:34 +02:00
2020-12-10 11:56:44 +01:00
{% macro shorten_string(string, cut_length, with_title=False) %}
{% if with_title %}
< div title = {{string}} >
{%endif%}
2020-07-15 18:04:34 +02:00
{% if string|length > cut_length %}
{{ string[:cut_length] }} [...]
{% else %}
{{ string }}
{%endif%}
2020-12-10 11:56:44 +01:00
{% if with_title %}
< / div >
{%endif%}
2020-07-15 18:04:34 +02:00
{% endmacro %}
