2020-10-28 18:49:15 +01:00
|
|
|
{% macro taxonomy_table(tree_uuid, categories_info, add_category) %}
|
|
|
|
<div class="table-responsive">
|
|
|
|
<table id="table" class="table">
|
|
|
|
<thead>
|
|
|
|
<tr>
|
|
|
|
<th>Name</th>
|
|
|
|
<th>Description</th>
|
|
|
|
<th>Machinetag</th>
|
|
|
|
{% if add_category %}
|
|
|
|
<th>Click to add category</th>
|
|
|
|
{% else %}
|
|
|
|
<th>Click to remove category</th>
|
|
|
|
{% endif %}
|
|
|
|
</tr>
|
|
|
|
</thead>
|
|
|
|
<tbody>
|
|
|
|
{% for mt, val in categories_info.items() %}
|
|
|
|
<tr>
|
|
|
|
<td><a href="https://www.misp-project.org/taxonomies.html#_{{ val[0].name }}">{{ val[0].name }}</a></td>
|
|
|
|
<td>
|
|
|
|
{% if val|length == 3 %}
|
|
|
|
{% if val[2].description %}
|
|
|
|
{{ val[2].description }}
|
|
|
|
{% elif val[2].expanded %}
|
|
|
|
{{ val[2].expanded }}
|
|
|
|
{%endif%}
|
|
|
|
{% elif val[1].description %}
|
|
|
|
{{ val[1].description }}
|
|
|
|
{% else %}
|
|
|
|
{{ val[1].predicate }}
|
|
|
|
{%endif%}
|
|
|
|
</td>
|
|
|
|
<td>{{ mt }}</td>
|
|
|
|
<td>
|
2020-11-30 20:26:50 +01:00
|
|
|
<button type="button" class="btn btn-info {% if add_category %}categorize_capture{% else %}uncategorize_capture{% endif %}" value="{{ mt }}">
|
2020-10-28 18:49:15 +01:00
|
|
|
{% if add_category %}
|
|
|
|
Categorize capture.
|
|
|
|
{% else %}
|
|
|
|
Uncategorize capture.
|
|
|
|
{% endif %}
|
|
|
|
</button>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
{% endfor %}
|
|
|
|
</tbody>
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
<script>
|
|
|
|
$('.categorize_capture').on('click',function(e){
|
|
|
|
var button = $(this);
|
|
|
|
$.get("{{ url_for('categorize_capture', tree_uuid=tree_uuid) }}" + button.val())
|
|
|
|
$('.modal-body').load("{{ url_for('categories_capture', tree_uuid=tree_uuid) }}")
|
|
|
|
});
|
|
|
|
$('.uncategorize_capture').on('click',function(e){
|
|
|
|
var button = $(this);
|
|
|
|
$.get("{{ url_for('uncategorize_capture', tree_uuid=tree_uuid) }}" + button.val())
|
|
|
|
$('.modal-body').load("{{ url_for('categories_capture', tree_uuid=tree_uuid) }}")
|
|
|
|
});
|
|
|
|
</script>
|
|
|
|
{% endmacro %}
|
|
|
|
|
|
|
|
|
2020-08-25 18:00:16 +02:00
|
|
|
{% macro known_content_details(details) %}
|
2020-07-12 01:56:29 +02:00
|
|
|
<div>
|
|
|
|
{% if details is string %}
|
|
|
|
<b>{{ details }} </b>
|
|
|
|
{% else %}
|
|
|
|
This file is known as part of <b>{{ details[0] }}</b>
|
|
|
|
version <b>{{ details[1] }}</b>: <b>{{ details[2] }}</b>.
|
|
|
|
{% if details[3] > 1%}
|
|
|
|
It is also present in <b>{{ details[3] -1 }}</b> other libraries.
|
|
|
|
{%endif%}
|
|
|
|
{%endif%}
|
|
|
|
</div>
|
|
|
|
{% endmacro %}
|
|
|
|
|
2020-09-03 16:31:45 +02:00
|
|
|
{% macro context_form(tree_uuid, urlnode_uuid, hostnode_uuid, hash, callback_str) %}
|
2020-11-30 20:26:50 +01:00
|
|
|
<button class="btn btn-info collapsed" type="button" data-toggle="collapse" data-target="#context_response_{{ urlnode_uuid }}" aria-expanded="false" aria-controls="collapseContextForm">
|
2020-09-03 16:31:45 +02:00
|
|
|
<span class="if-collapsed">Add context</span>
|
|
|
|
<span class="if-not-collapsed">Hide context form</span>
|
|
|
|
</button>
|
|
|
|
<div class="collapse" id="context_response_{{ urlnode_uuid }}">
|
|
|
|
<div class="card card-body">
|
2020-10-09 18:05:04 +02:00
|
|
|
<form role="form" action="{{ url_for('add_context', tree_uuid=tree_uuid, node_uuid=urlnode_uuid) }}" method=post enctype=multipart/form-data>
|
2020-09-03 16:31:45 +02:00
|
|
|
<div class="form-group">
|
|
|
|
<div class="form-check">
|
|
|
|
<input class="form-check-input" type="checkbox" name="legitimate" id="legitimate">
|
|
|
|
<label for="legitimate" class="form-check-label">Legitimate</label>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="legitimate_domain">Domain serving the file when considered legitimate:</label>
|
|
|
|
<input type="text" class="form-control" name="legitimate_domain" id="legitimate_domain" placeholder="Domain name">
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="legitimate_description">Other context for this content (library name, owner, ...):</label>
|
|
|
|
<input type="text" class="form-control" name="legitimate_description" id="legitimate_description" placeholder="Description">
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<div class="form-check">
|
|
|
|
<input class="form-check-input" type="checkbox" name="malicious"></input>
|
|
|
|
<label for="malicious" class="form-check-label">Malicious</label>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="malicious_type">Type of malicious content (phishing, malware, ...):</label>
|
|
|
|
<input type="text" class="form-control" name="malicious_type" id="malicious_type" placeholder="Type of malicious content">
|
|
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
|
|
<label for="malicious_target">Legitimate target of the malicious content (expecially for phishing):</label>
|
|
|
|
<input type="text" class="form-control" name="malicious_target" id="malicious_target" placeholder="Target">
|
|
|
|
</div>
|
|
|
|
<input type="hidden" id="hash_to_contextualize" name="hash_to_contextualize" value="{{ hash }}">
|
|
|
|
<input type="hidden" id="hostnode_uuid" name="hostnode_uuid" value="{{ hostnode_uuid }}">
|
|
|
|
<input type="hidden" id="callback_str" name="callback_str" value="{{ callback_str }}">
|
2020-11-30 20:26:50 +01:00
|
|
|
<button type="submit" class="btn btn-info" id="btn-looking">Submit context</button>
|
2020-09-03 16:31:45 +02:00
|
|
|
</form>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
{% endmacro %}
|
|
|
|
|
2021-02-09 22:01:20 +01:00
|
|
|
{% macro get_ressource_button(capture_uuid, urlnode_uuid, hash, text, can_preview=False) %}
|
2020-09-03 14:39:38 +02:00
|
|
|
<form method="post" action="{{ url_for('get_ressource', tree_uuid=capture_uuid, node_uuid=urlnode_uuid) }}">
|
2021-02-09 22:01:20 +01:00
|
|
|
<button class="btn btn-info" name="ressource_hash" value="{{ hash }}"
|
|
|
|
{% if can_preview %}
|
|
|
|
data-toggle="tooltip" data-placement="bottom" data-html="true"
|
2021-05-12 02:14:28 +02:00
|
|
|
title='<img class="ressource_preview" src="{{ url_for('get_ressource_preview', tree_uuid=capture_uuid, node_uuid=urlnode_uuid, h_ressource=hash) }}"/>'
|
2021-02-09 22:01:20 +01:00
|
|
|
{% endif %}
|
|
|
|
>{{ text }}</button>
|
2020-09-03 14:39:38 +02:00
|
|
|
</form>
|
|
|
|
{% endmacro %}
|
|
|
|
|
2020-08-27 12:57:10 +02:00
|
|
|
{% macro ressource_legitimacy_details(details, ressource_size) %}
|
|
|
|
{% if details and details[0] == False %}
|
|
|
|
<img src="/static/bomb.svg" title="Known malicious content in the response." width="21" height="21"/>
|
|
|
|
{%endif%}
|
2020-12-07 13:25:47 +01:00
|
|
|
<b>Body size</b>: {{ sizeof_fmt(ressource_size) }}
|
2020-08-27 12:57:10 +02:00
|
|
|
{% if details %}
|
|
|
|
{% if details[0] %}
|
2020-09-01 17:33:36 +02:00
|
|
|
- This file is known <b>legitimate</b> on the following domains: {{ ', '.join(details[1]) }}.
|
2020-08-27 12:57:10 +02:00
|
|
|
{% elif details[0] == False %}
|
2020-09-01 17:33:36 +02:00
|
|
|
</br>
|
2020-09-08 19:18:55 +02:00
|
|
|
<p>
|
2020-09-01 17:33:36 +02:00
|
|
|
The response sould be considered as
|
|
|
|
{% if details[1] is mapping and details[1].get('tag') %}
|
|
|
|
<b>{{ ', '.join(details[1]['tag']) }}</b>
|
|
|
|
{% else %}
|
|
|
|
<b>phishing</b>
|
|
|
|
{%endif%}
|
|
|
|
{% if details[1] is mapping and details[1].get('target') %}
|
2020-09-14 14:12:22 +02:00
|
|
|
and is targeting <b>the following domain(s)</b>: {{ ', '.join(details[1]['target']) }}
|
2020-08-27 12:57:10 +02:00
|
|
|
{% else %}
|
2020-09-01 17:33:36 +02:00
|
|
|
unless it is served by <b>the following domain(s)</b>: {{ ', '.join(details[1]) }}
|
2020-08-27 12:57:10 +02:00
|
|
|
{%endif%}
|
2020-09-08 19:18:55 +02:00
|
|
|
</p>
|
2020-08-27 12:57:10 +02:00
|
|
|
{%endif%}
|
|
|
|
{%endif%}
|
|
|
|
{% endmacro %}
|
|
|
|
|
2020-07-12 01:56:29 +02:00
|
|
|
{% macro indexed_hash(details, identifier_for_toggle) %}
|
2020-09-01 17:33:36 +02:00
|
|
|
{% set total_captures = details[0] %}
|
|
|
|
{% set other_captures = details[1] %}
|
2020-07-12 01:56:29 +02:00
|
|
|
{# Only show details if the hits are in an other capture #}
|
|
|
|
{% if total_captures > 0 %}
|
|
|
|
<p>
|
2020-07-16 01:08:39 +02:00
|
|
|
The same file was seen in <b>{{ total_captures }}</b> other captures.
|
2021-05-12 02:14:28 +02:00
|
|
|
</br>
|
2020-11-30 20:26:50 +01:00
|
|
|
<button class="btn btn-info collapsed" type="button" data-toggle="collapse" data-target="#captureslist_{{ identifier_for_toggle }}" aria-expanded="false" aria-controls="collapseExample">
|
2020-07-17 18:39:50 +02:00
|
|
|
<span class="if-collapsed">Show other captures</span>
|
|
|
|
<span class="if-not-collapsed">Hide other captures</span>
|
2020-07-12 01:56:29 +02:00
|
|
|
</button>
|
|
|
|
</p>
|
|
|
|
{# Lists of other captures loading the same content... #}
|
|
|
|
<div class="collapse" id="captureslist_{{ identifier_for_toggle }}">
|
|
|
|
<div class="card card-body">
|
2020-09-04 18:40:51 +02:00
|
|
|
{% if total_captures > 20 %}
|
|
|
|
Note that only 20 captures are displayed here.
|
|
|
|
{% endif %}
|
2020-09-01 17:33:36 +02:00
|
|
|
{% if other_captures['different_url']|length > 0 %}
|
2020-07-12 01:56:29 +02:00
|
|
|
{# ... on other URLs #}
|
|
|
|
<div>
|
|
|
|
<p>The following captures get the same file from a <b>different URL</b></p>
|
2020-09-01 17:33:36 +02:00
|
|
|
{{ other_captures_table(other_captures['different_url']) }}
|
2020-07-12 01:56:29 +02:00
|
|
|
</div>
|
|
|
|
{% endif %}
|
|
|
|
</br>
|
2020-09-01 17:33:36 +02:00
|
|
|
{% if other_captures['same_url']|length > 0 %}
|
2020-07-12 01:56:29 +02:00
|
|
|
{# ... on the same URL #}
|
|
|
|
<div>
|
|
|
|
<p>The following captures get the same file from the <b>same URL</b></p>
|
2020-09-01 17:33:36 +02:00
|
|
|
{{ other_captures_table(other_captures['same_url']) }}
|
2020-07-12 01:56:29 +02:00
|
|
|
</div>
|
2020-07-16 01:08:39 +02:00
|
|
|
{% endif %}
|
2020-07-12 01:56:29 +02:00
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
{% endif %}
|
|
|
|
{% endmacro %}
|
2020-07-12 14:59:01 +02:00
|
|
|
|
2020-08-10 15:42:26 +02:00
|
|
|
{% macro other_captures_table(entries) %}
|
|
|
|
<div class="table-responsive">
|
|
|
|
<table id="table_other_captures" class="table">
|
|
|
|
<thead>
|
|
|
|
<tr>
|
|
|
|
<th>Title</th>
|
|
|
|
<th>Timestamp</th>
|
|
|
|
<th>Domain</th>
|
|
|
|
</tr>
|
|
|
|
</thead>
|
|
|
|
<tbody>
|
|
|
|
{% for capture_uuid, urlnode_uuid, title, timestamp, hostname in entries %}
|
|
|
|
<tr>
|
|
|
|
<td>
|
|
|
|
<a href="#/" onclick="openTreeInNewTab('{{ capture_uuid }}', '{{ urlnode_uuid }}')">{{ title }}</a>
|
|
|
|
</td>
|
|
|
|
<td>{{ timestamp }}</td>
|
|
|
|
<td>{{ hostname }}</td>
|
|
|
|
</tr>
|
|
|
|
{% endfor %}
|
|
|
|
</tbody>
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
{% endmacro %}
|
|
|
|
|
2020-07-12 14:59:01 +02:00
|
|
|
{% macro indexed_cookies(header_text, button_text, cookies) %}
|
|
|
|
{% if cookies %}
|
|
|
|
<div>{{ header_text }}</div>
|
|
|
|
<ul>
|
|
|
|
{% for cookie, details in cookies.items() %}
|
|
|
|
{% set cookie_name_value = cookie.split('=', 1) %}
|
|
|
|
{% for detail in details %}
|
|
|
|
{% if detail|length == 1 %}
|
|
|
|
<li>
|
|
|
|
{{ detail[0] }}: <a href="{{ url_for('cookies_name_detail', cookie_name=cookie_name_value[0]) }}">
|
2020-07-17 18:39:50 +02:00
|
|
|
{{ cookie_name_value[0] }}</a>={{ shorten_string(cookie_name_value[1], 200) }}
|
2020-07-12 14:59:01 +02:00
|
|
|
</li>
|
|
|
|
{% else %}
|
|
|
|
<li>
|
|
|
|
{{ detail[0] }}: <a href="{{ url_for('cookies_name_detail', cookie_name=cookie_name_value[0]) }}">
|
2020-07-17 18:39:50 +02:00
|
|
|
{{ cookie_name_value[0] }}</a>={{ shorten_string(cookie_name_value[1], 200) }} -
|
2020-07-23 17:47:12 +02:00
|
|
|
</br>
|
|
|
|
{{ button_text }}
|
|
|
|
<button type="button" class="btn btn-info" onclick="whereAmI('{{ detail[1] }}')">Locate</button>
|
2020-07-12 14:59:01 +02:00
|
|
|
</li>
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endfor %}
|
|
|
|
</ul>
|
|
|
|
{% endif %}
|
|
|
|
{% endmacro %}
|
2020-07-15 13:51:45 +02:00
|
|
|
|
|
|
|
{% macro popup_icons(lookup_dict, urlnode, tree_uuid) %}
|
|
|
|
<div>
|
2021-01-01 22:47:34 +01:00
|
|
|
{% for key, icon_info in lookup_dict.items() %}
|
2020-07-15 13:51:45 +02:00
|
|
|
{% if urlnode[key] %}
|
|
|
|
{% if key == "request_cookie" %}
|
2021-01-01 22:47:34 +01:00
|
|
|
<a href="{{ url_for('urlnode_request_cookies', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}"
|
|
|
|
title="Download all the cookies in the request to the server">
|
|
|
|
<img src="{{ url_for('static', filename=icon_info['icon']) }}" alt="{{ icon_info['tooltip'] }}"
|
|
|
|
width="21" height="21"/>
|
2020-07-15 13:51:45 +02:00
|
|
|
</a>
|
|
|
|
{% elif key == "response_cookie"%}
|
2021-01-01 22:47:34 +01:00
|
|
|
<a href="{{ url_for('urlnode_response_cookies', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}"
|
|
|
|
title="Download all the cookies in the response from the server">
|
|
|
|
<img src="{{ url_for('static', filename=icon_info['icon']) }}" alt="{{ icon_info['tooltip'] }}"
|
|
|
|
width="21" height="21"/>
|
2020-07-15 13:51:45 +02:00
|
|
|
</a>
|
2021-01-01 22:47:34 +01:00
|
|
|
{% elif key in ["js", "exe", "css", "font", "html", "json", "image", "video",
|
|
|
|
"unknown_mimetype", "text", "unset_mimetype", "octet-stream", "livestream"]
|
|
|
|
and not urlnode.empty_response %}
|
2020-12-22 18:23:26 +01:00
|
|
|
<a href="{{ url_for('get_ressource', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}">
|
2021-01-01 22:47:34 +01:00
|
|
|
<img src="{{ url_for('static', filename=icon_info['icon']) }}" alt="{{ icon_info['tooltip'] }}"
|
|
|
|
width="21" height="21"
|
2020-12-22 18:23:26 +01:00
|
|
|
{% if key == "image" %}
|
2021-05-12 02:14:28 +02:00
|
|
|
data-toggle="tooltip" data-placement="bottom" data-html="true" title='<img class="ressource_preview" src="{{ url_for('get_ressource_preview', tree_uuid=tree_uuid, node_uuid=urlnode.uuid) }}"/> </br>Click to download.'
|
2021-01-01 22:47:34 +01:00
|
|
|
{% else %}
|
2021-05-12 02:14:28 +02:00
|
|
|
data-toggle="tooltip" data-placement="bottom" data-html="true" title="{{icon_info['tooltip']}} <br/>Click to download."
|
2020-12-22 18:23:26 +01:00
|
|
|
{% endif %}
|
|
|
|
/>
|
2020-07-16 01:08:39 +02:00
|
|
|
</a>
|
2020-12-07 13:25:47 +01:00
|
|
|
{% elif key != "redirect" %}
|
2021-01-01 22:47:34 +01:00
|
|
|
<img src="{{ url_for('static', filename=icon_info['icon']) }}"
|
|
|
|
alt="{{ icon_info['tooltip'] }}" title="{{ icon_info['tooltip'] }}" width="21" height="21"/>
|
2020-07-15 13:51:45 +02:00
|
|
|
{%endif%}
|
|
|
|
{%endif%}
|
|
|
|
{% endfor %}
|
|
|
|
</div>
|
2020-12-07 13:25:47 +01:00
|
|
|
|
|
|
|
<div>
|
|
|
|
{% if "redirect" in lookup_dict and urlnode["redirect"] %}
|
|
|
|
{% for child in urlnode.children if child.name == urlnode.redirect_url %}
|
|
|
|
<div title='{{ urlnode.redirect_url }}'>
|
|
|
|
<b>Redirect to</b>: {{ shorten_string(urlnode.redirect_url, 50) }}
|
|
|
|
<a href="#/" role="button" onclick="whereAmI('{{ child.hostnode_uuid }}')" title="See the node the URL redirects to.">
|
2021-01-01 22:47:34 +01:00
|
|
|
<img src="{{ url_for('static', filename=lookup_dict['redirect']['icon']) }}" alt="{{ lookup_dict['redirect']['tooltip'] }}" width="21" height="21"/>
|
2020-12-07 13:25:47 +01:00
|
|
|
</a>
|
|
|
|
</div>
|
|
|
|
{% else %}
|
2021-01-01 22:47:34 +01:00
|
|
|
<img src="{{ url_for('static', filename=lookup_dict['redirect']['icon']) }}"
|
|
|
|
alt="{{ lookup_dict['redirect']['tooltip'] }}" title="{{ lookup_dict['redirect']['tooltip'] }}"
|
|
|
|
width="21" height="21"/>
|
2020-12-07 13:25:47 +01:00
|
|
|
{% endfor %}
|
|
|
|
{%endif%}
|
|
|
|
</div>
|
2020-07-15 13:51:45 +02:00
|
|
|
{% endmacro %}
|
2020-07-15 18:04:34 +02:00
|
|
|
|
2020-12-10 11:56:44 +01:00
|
|
|
{% macro shorten_string(string, cut_length, with_title=False) %}
|
|
|
|
{% if with_title %}
|
|
|
|
<div title={{string}}>
|
|
|
|
{%endif%}
|
|
|
|
|
2020-07-15 18:04:34 +02:00
|
|
|
{% if string|length > cut_length %}
|
|
|
|
{{ string[:cut_length] }} [...]
|
|
|
|
{% else %}
|
|
|
|
{{ string }}
|
|
|
|
{%endif%}
|
2020-12-10 11:56:44 +01:00
|
|
|
|
|
|
|
{% if with_title %}
|
|
|
|
</div>
|
|
|
|
{%endif%}
|
|
|
|
|
2020-07-15 18:04:34 +02:00
|
|
|
{% endmacro %}
|