blob: 19eaf6929c9200ee55256c0f90d561fd6c4a2b13 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#!/usr/bin/python3
#
# Usage
#
# ./example/ndpiReader -K JSON -k /tmp/a.json -L lists/public_suffix_list.dat -i packets.pcap
#
# ./parse_reader_json.py /tmp/a.json
#
import json
import sys
if(len(sys.argv) != 2):
print("Usage: parse_reader_json.py <ndpiReader>.json")
sys.exit()
fname = sys.argv[1]
fingeprints = {}
# Open and read the JSON file
with open(fname, 'r') as file:
for line in file:
data = json.loads(line)
# Print the data
if(('tcp_fingerprint' in data)
and ('tls' in data['ndpi'])
and ('hostname' in data['ndpi'])
and ('ja4' in data['ndpi']['tls'])
):
tcp_fingerprint = data['tcp_fingerprint']
ja4 = data['ndpi']['tls']['ja4']
domainame = data['ndpi']['domainame']
hostname = data['ndpi']['hostname']
key = tcp_fingerprint+"-"+ja4
if(not(key in fingeprints)):
fingeprints[key] = {}
value = hostname
fingeprints[key][value] = True
for k in fingeprints.keys():
print(k, end =" [ ")
for host in fingeprints[k]:
print(host, end =" ")
print("]")
|