1#!/usr/local/bin/bash 2## 3## Copyright (C) 2015 Cisco and/or its affiliates. All rights reserved. 4## 5## This script is free software; you can redistribute it and/or modify 6## it under the terms of the GNU General Public License Version 2 as 7## published by the Free Software Foundation. You may not use, modify or 8## distribute this script under any other version of the GNU General 9## Public License. 10## 11## This script is distributed in the hope that it will be useful, 12## but WITHOUT ANY WARRANTY; without even the implied warranty of 13## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14## GNU General Public License for more details. 15## 16## You should have received a copy of the GNU General Public License 17## along with this script; if not, write to the Free Software 18## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19## 20echo "Snort Application Id - Detector Creation Tool" 21echo "" 22function protocol_prompt() 23{ 24local retval="zzz" 25local choice_list=( "TCP" "UDP" "HTTP" "SSL" "SIP" "RTMP" ) 26echo "" 27if [[ "$protocol_loop" = "atleastonce" ]]; then 28 choice_list=( "Save Detector" "${choice_list[@]}" ) 29 echo -e "Choose \"Save Detector\" or choose an additional Detection Protocol:" 30else 31 echo "Detection Protocol:" 32fi 33PS3="Selection: " 34select retval in "${choice_list[@]}"; 35do 36case $retval in 37 "TCP") 38 protocol_string="proto" 39 protocol_choice=$retval 40 break 41 ;; 42 "UDP") 43 protocol_string="DC.ipproto.udp" 44 protocol_choice=$retval 45 break 46 ;; 47 "HTTP") 48 protocol_choice=$retval 49 break 50 ;; 51 "SSL") 52 protocol_choice=$retval 53 break 54 ;; 55 "SIP") 56 protocol_choice=$retval 57 break 58 ;; 59 "RTMP") 60 protocol_choice=$retval 61 break 62 ;; 63 "Save Detector") 64 protocol_choice="Q" 65 break 66 ;; 67 * ) 68 # go around again, repeating the preamble 69 if [[ "$protocol_loop" = "atleastonce" ]]; then 70 echo "enter a number between 1-7" 71 else 72 echo "enter a number between 1-6" 73 fi 74 echo "" 75 ;; 76esac 77done 78protocol_loop="atleastonce" 79} 80function pattern_type_prompt() 81{ 82local answer="zzz" 83echo "Pattern Type:" 84PS3="Selection: " 85select answer in "ASCII" "HEX"; do 86case "$answer" in 87 "ASCII" | "HEX") 88 pattern_type_choice=$answer 89 break 90 ;; 91 *) 92 echo "enter a number between 1-2" 93 echo "" 94 ;; 95esac 96done 97} 98function pattern_prompt() 99{ 100 read -p "Enter $1 pattern: " pattern_string 101} 102function hex_pattern_prompt() 103{ 104local retval="==0==" 105while [[ "$retval" = "==0==" ]]; do 106 echo "Enter pattern, (1 or 2 hex digits per byte, separated by spaces):" 107#read the bytes as parsed words of two letters into an array 108 read retval 109if [[ "$retval" = "" ]]; then 110 retval="==0==" 111else 112local pattern_bytes=($retval) 113unset pattern_string 114i=0; 115while [[ ${#pattern_bytes[i]} -gt 0 ]]; do 116 if [[ ${#pattern_bytes[i]} -eq 1 ]]; then 117 pattern_string=${pattern_string}\\x0${pattern_bytes[i]} 118 else 119 pattern_string=${pattern_string}\\x${pattern_bytes[i]} 120 fi 121 i=$(( i + 1 )) 122done 123 unset retval 124fi 125done 126} 127function offset_number_prompt() 128{ 129local decimal_answer 130 read -p "Enter Offset (decimal): " decimal_answer 131 pattern_offset=${decimal_answer:=-1} 132} 133function port_numbers_prompt() 134{ 135 local decimal_answer 136 read -p "Enter Port(s) (decimal, separated by spaces): " decimal_answer 137 port=($decimal_answer) 138 if [[ "$decimal_answer" = "" ]]; then 139 unset port 140 port="-1" 141 fi 142} 143function set_client_vs_server() 144{ 145if [[ "$client_vs_server" != "BOTH" ]]; then 146 if [[ "$client_vs_server" = "" ]]; then 147 client_vs_server=$1 148 else 149 if [[ "$client_vs_server" != "$1" ]]; then 150 client_vs_server="BOTH" 151 fi 152 fi 153fi 154} 155function direction_prompt() 156{ 157echo "Direction:" 158echo "1) Client" 159echo "2) Server (default)" 160read -p "Selection: " answer 161case "$answer" in 162 1) 163 direction_choice="CLIENT" 164 ;; 165 *) 166 direction_choice="SERVER" 167 ;; 168esac 169# we need to remember this as we add patterns for client and/or server 170set_client_vs_server "$direction_choice" 171} 172function http_pattern_type_prompt() 173{ 174local answer="zzz" 175echo "HTTP Pattern Type:" 176PS3="Selection: " 177select answer in "URL" "User Agent" "Content Type"; do 178case "$answer" in 179 "URL" | "User Agent" | "Content Type") 180 pattern_type_choice="$answer" 181 break 182 ;; 183 *) 184 echo "enter a number between 1-3" 185 echo "" 186 ;; 187esac 188done 189} 190function ssl_pattern_type_prompt() 191{ 192local answer="zzz" 193echo "SSL Pattern Type:" 194PS3="Selection: " 195select answer in "Host" "Common Name" "Organizational Unit"; do 196case "$answer" in 197 "Host" | "Common Name" | "Organizational Unit") 198 pattern_type_choice="$answer" 199 break 200 ;; 201 *) 202 echo "enter a number between 1-3" 203 echo "" 204 ;; 205esac 206done 207} 208function sip_pattern_type_prompt() 209{ 210local answer="zzz" 211echo "SIP Pattern Type:" 212PS3="Selection: " 213select answer in "SIP Server" "User Agent"; do 214case "$answer" in 215 "SIP Server" | "User Agent") 216 pattern_type_choice="$answer" 217 break 218 ;; 219 *) 220 echo "enter a number between 1-2" 221 echo "" 222 ;; 223esac 224done 225} 226function output_preamble() 227{ 228echo -e "--[[" >"${OUTPUTFILE}" 229echo -e "detection_name: $APPDETECTORNAME" >>"${OUTPUTFILE}" 230echo -e "version: 1" >>"${OUTPUTFILE}" 231echo -e "description: $APPDETECTORDESC" >>"${OUTPUTFILE}" 232echo -e "--]]" >>"${OUTPUTFILE}" 233echo -e "" >>"${OUTPUTFILE}" 234echo -e "require \"DetectorCommon\"" >>"${OUTPUTFILE}" 235echo -e "local DC = DetectorCommon" >>"${OUTPUTFILE}" 236echo -e "" >>"${OUTPUTFILE}" 237echo -e "local proto = DC.ipproto.tcp;" >>"${OUTPUTFILE}" 238echo -e "DetectorPackageInfo = {" >>"${OUTPUTFILE}" 239echo -e "\tname = \"$APPDETECTORNAME\"," >>"${OUTPUTFILE}" 240echo -e "\tproto = proto," >>"${OUTPUTFILE}" 241case "$client_vs_server" in 242 "CLIENT") 243 echo -e "\tclient = {" >>"${OUTPUTFILE}" 244 echo -e "\t\tinit = 'DetectorInit'," >>"${OUTPUTFILE}" 245 echo -e "\t\tclean = 'DetectorClean'," >>"${OUTPUTFILE}" 246 echo -e "\t\tminimum_matches = 1" >>"${OUTPUTFILE}" 247 echo -e "\t}" >>"${OUTPUTFILE}" 248 ;; 249 "SERVER") 250 echo -e "\tserver = {" >>"${OUTPUTFILE}" 251 echo -e "\t\tinit = 'DetectorInit'," >>"${OUTPUTFILE}" 252 echo -e "\t\tclean = 'DetectorClean'," >>"${OUTPUTFILE}" 253 echo -e "\t\tminimum_matches = 1" >>"${OUTPUTFILE}" 254 echo -e "\t}" >>"${OUTPUTFILE}" 255 ;; 256 "BOTH") 257 echo -e "\tclient = {" >>"${OUTPUTFILE}" 258 echo -e "\t\tinit = 'DetectorInit'," >>"${OUTPUTFILE}" 259 echo -e "\t\tclean = 'DetectorClean'," >>"${OUTPUTFILE}" 260 echo -e "\t\tminimum_matches = 1" >>"${OUTPUTFILE}" 261 echo -e "\t}," >>"${OUTPUTFILE}" 262 echo -e "\tserver = {" >>"${OUTPUTFILE}" 263 echo -e "\t\tminimum_matches = 1" >>"${OUTPUTFILE}" 264 echo -e "\t}" >>"${OUTPUTFILE}" 265 ;; 266esac 267echo -e "}" >>"${OUTPUTFILE}" 268echo -e "" >>"${OUTPUTFILE}" 269} 270function output_detectorinit_preamble() 271{ 272echo -e "function DetectorInit(detectorInstance)" >>"${OUTPUTFILE}" 273echo -e "" >>"${OUTPUTFILE}" 274echo -e "\tgDetector = detectorInstance;" >>"${OUTPUTFILE}" 275echo -en "\tgAppId = gDetector:open_createApp(\"" >>"${OUTPUTFILE}" 276echo -n "${APPIDSTRING}" >>"${OUTPUTFILE}" 277echo -e "\");" >>"${OUTPUTFILE}" 278echo -e "" >>"${OUTPUTFILE}" 279} 280function output_detectorinit_postlude() 281{ 282echo -e "" >>"${OUTPUTFILE}" 283echo -e "\treturn gDetector;" >>"${OUTPUTFILE}" 284echo -e "end" >>"${OUTPUTFILE}" 285} 286function output_detectorclean_preamble() 287{ 288echo -e "" >>"${OUTPUTFILE}" 289echo -e "function DetectorClean()" >>"${OUTPUTFILE}" 290} 291function output_detectorclean_postlude() 292{ 293echo -e "end" >>"${OUTPUTFILE}" 294} 295function output_port_pattern_client() 296{ 297echo -en "\t\tgDetector:addPortPatternClient($protocol_string,\"" >>"${INTERMEDIATEFILE_CLIENT}" 298echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_CLIENT}" 299echo -e "\",$pattern_offset, gAppId);" >>"${INTERMEDIATEFILE_CLIENT}" 300} 301function output_optional_client() 302{ 303if [[ -f "$INTERMEDIATEFILE_CLIENT" ]]; then 304echo -e "\tif gDetector.addPortPatternClient then" >>"${OUTPUTFILE}" 305cat "${INTERMEDIATEFILE_CLIENT}" >>"${OUTPUTFILE}" 306echo -e "\tend" >>"${OUTPUTFILE}" 307rm "${INTERMEDIATEFILE_CLIENT}" 308fi 309} 310function output_port_pattern_server() 311{ 312if [[ "$port" = "-1" ]]; then 313echo -en "\t\tgDetector:addPortPatternService($protocol_string,0,\"" >>"${INTERMEDIATEFILE_SERVER}" 314echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_SERVER}" 315echo -e "\",$pattern_offset, gAppId);" >>"${INTERMEDIATEFILE_SERVER}" 316else 317local i=0; 318while [[ "${port[i]}" != "" ]]; do 319echo -en "\t\tgDetector:addPortPatternService($protocol_string,${port[i]},\"" >>"${INTERMEDIATEFILE_SERVER}" 320echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_SERVER}" 321echo -e "\",$pattern_offset, gAppId);" >>"${INTERMEDIATEFILE_SERVER}" 322i=$(( $i + 1 )) 323done 324fi 325} 326function output_optional_server() 327{ 328if [[ -f "$INTERMEDIATEFILE_SERVER" ]]; then 329 echo -e "\tif gDetector.addPortPatternService then" >>"${OUTPUTFILE}" 330 cat "${INTERMEDIATEFILE_SERVER}" >>"${OUTPUTFILE}" 331 echo -e "\tend" >>"${OUTPUTFILE}" 332 rm "${INTERMEDIATEFILE_SERVER}" 333fi 334} 335function output_http_url_pattern() 336{ 337# the URL protocol component (e.g. "http://"), if provided is removed. 338pattern_string=${pattern_string#*://} 339# the URL path component is everything after the first "/" so keep everything to the right in pattern_path 340pattern_path=${pattern_string#*/} 341# the URL host component is everything before the first "/" so keep everything to the left in pattern_host 342pattern_host=${pattern_string%%/*} 343if [[ "${pattern_host}" == "${pattern_string}" ]]; then 344 # no path included 345 pattern_path="/" 346else 347 pattern_path="/${pattern_path}" 348 while [[ $pattern_path == *"//"* ]] 349 do 350 pattern_path=${pattern_path//\/\//\/} 351 done 352fi 353echo -en "\t\tgDetector:addAppUrl(0, 0, 0, gAppId, 0, \"" >>"${INTERMEDIATEFILE_HTTP_URL}" 354echo -n "${pattern_host}" >>"${INTERMEDIATEFILE_HTTP_URL}" 355echo -en "\", \"" >>"${INTERMEDIATEFILE_HTTP_URL}" 356echo -n "${pattern_path}" >>"${INTERMEDIATEFILE_HTTP_URL}" 357echo -e "\", \"http:\", \"\", gAppId);" >>"${INTERMEDIATEFILE_HTTP_URL}" 358} 359function output_optional_http_url() 360{ 361if [[ -f "$INTERMEDIATEFILE_HTTP_URL" ]]; then 362echo -e "\tif gDetector.addAppUrl then" >>"${OUTPUTFILE}" 363cat "${INTERMEDIATEFILE_HTTP_URL}" >>"${OUTPUTFILE}" 364echo -e "\tend" >>"${OUTPUTFILE}" 365rm "${INTERMEDIATEFILE_HTTP_URL}" 366fi 367} 368function output_http_useragent_pattern() 369{ 370echo -en "\t\tgDetector:addHttpPattern(2, 5, 0, gAppId, 0, 0, 0, \"" >>"${INTERMEDIATEFILE_HTTP_USER_AGENT}" 371echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_HTTP_USER_AGENT}" 372echo -e "\", gAppId);" >>"${INTERMEDIATEFILE_HTTP_USER_AGENT}" 373} 374function output_optional_http_useragent() 375{ 376if [[ -f "$INTERMEDIATEFILE_HTTP_USER_AGENT" ]]; then 377echo -e "\tif gDetector.addHttpPattern then" >>"${OUTPUTFILE}" 378cat "${INTERMEDIATEFILE_HTTP_USER_AGENT}" >>"${OUTPUTFILE}" 379echo -e "\tend" >>"${OUTPUTFILE}" 380rm "${INTERMEDIATEFILE_HTTP_USER_AGENT}" 381fi 382} 383function output_http_contenttype_pattern() 384{ 385echo -en "\t\tgDetector:addContentTypePattern(\"" >>"${INTERMEDIATEFILE_HTTP_CONTENT_TYPE}" 386echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_HTTP_CONTENT_TYPE}" 387echo -e "\", gAppId);" >>"${INTERMEDIATEFILE_HTTP_CONTENT_TYPE}" 388} 389function output_optional_http_contenttype() 390{ 391if [[ -f "$INTERMEDIATEFILE_HTTP_CONTENT_TYPE" ]]; then 392echo -e "\tif gDetector.addContentTypePattern then" >>"${OUTPUTFILE}" 393cat "${INTERMEDIATEFILE_HTTP_CONTENT_TYPE}" >>"${OUTPUTFILE}" 394echo -e "\tend" >>"${OUTPUTFILE}" 395rm "${INTERMEDIATEFILE_HTTP_CONTENT_TYPE}" 396fi 397} 398function output_ssl_host_pattern() 399{ 400echo -en "\t\tgDetector:addSSLCertPattern(0, gAppId, \"" >>"${INTERMEDIATEFILE_SSL_HOST}" 401echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_SSL_HOST}" 402echo -e "\");" >>"${INTERMEDIATEFILE_SSL_HOST}" 403} 404function output_optional_ssl_host() 405{ 406if [[ -f "$INTERMEDIATEFILE_SSL_HOST" ]]; then 407echo -e "\tif gDetector.addSSLCertPattern then" >>"${OUTPUTFILE}" 408cat "${INTERMEDIATEFILE_SSL_HOST}" >>"${OUTPUTFILE}" 409echo -e "\tend" >>"${OUTPUTFILE}" 410rm "${INTERMEDIATEFILE_SSL_HOST}" 411fi 412} 413function output_ssl_cn_pattern() 414{ 415echo -en "\t\tgDetector:addSSLCnamePattern(0, gAppId, \"" >>"${INTERMEDIATEFILE_SSL_CN}" 416echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_SSL_CN}" 417echo -e "\");" >>"${INTERMEDIATEFILE_SSL_CN}" 418} 419function output_optional_ssl_cn() 420{ 421if [[ -f "$INTERMEDIATEFILE_SSL_CN" ]]; then 422echo -e "\tif gDetector.addSSLCnamePattern then" >>"${OUTPUTFILE}" 423cat "${INTERMEDIATEFILE_SSL_CN}" >>"${OUTPUTFILE}" 424echo -e "\tend" >>"${OUTPUTFILE}" 425rm "${INTERMEDIATEFILE_SSL_CN}" 426fi 427} 428function output_sip_server_pattern() 429{ 430echo -en "\t\tgDetector:addSipServer(gAppId, \"\", \"" >>"${INTERMEDIATEFILE_SIP_SERVER}" 431echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_SIP_SERVER}" 432echo -e "\");" >>"${INTERMEDIATEFILE_SIP_SERVER}" 433} 434function output_optional_sip_server() 435{ 436if [[ -f "$INTERMEDIATEFILE_SIP_SERVER" ]]; then 437echo -e "\tif gDetector.addSipServer then" >>"${OUTPUTFILE}" 438cat "${INTERMEDIATEFILE_SIP_SERVER}" >>"${OUTPUTFILE}" 439echo -e "\tend" >>"${OUTPUTFILE}" 440rm "${INTERMEDIATEFILE_SIP_SERVER}" 441fi 442} 443function output_sip_useragent_pattern() 444{ 445echo -en "\t\tgDetector:addSipUserAgent(gAppId, \"\", \"" >>"${INTERMEDIATEFILE_SIP_USER_AGENT}" 446echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_SIP_USER_AGENT}" 447echo -e "\");" >>"${INTERMEDIATEFILE_SIP_USER_AGENT}" 448} 449function output_optional_sip_useragent() 450{ 451if [[ -f "$INTERMEDIATEFILE_SIP_USER_AGENT" ]]; then 452echo -e "\tif gDetector.addSipUserAgent then" >>"${OUTPUTFILE}" 453cat "${INTERMEDIATEFILE_SIP_USER_AGENT}" >>"${OUTPUTFILE}" 454echo -e "\tend" >>"${OUTPUTFILE}" 455rm "${INTERMEDIATEFILE_SIP_USER_AGENT}" 456fi 457} 458function output_rtmp_url_pattern() 459{ 460echo -en "\t\tgDetector:addRTMPUrl(0, 0, 0, gAppId, 0, \"" >>"${INTERMEDIATEFILE_RTMP_URL}" 461echo -n "${pattern_string}" >>"${INTERMEDIATEFILE_RTMP_URL}" 462echo -e "\", \"/\", \"http:\", \"\", gAppId);" >>"${INTERMEDIATEFILE_RTMP_URL}" 463} 464function output_optional_rtmp_url() 465{ 466if [[ -f "$INTERMEDIATEFILE_RTMP_URL" ]]; then 467echo -e "\tif gDetector.addRTMPUrl then" >>"${OUTPUTFILE}" 468cat "${INTERMEDIATEFILE_RTMP_URL}" >>"${OUTPUTFILE}" 469echo -e "\tend" >>"${OUTPUTFILE}" 470rm "${INTERMEDIATEFILE_RTMP_URL}" 471fi 472} 473function clean_up_APPIDSTRING() 474{ 475 APPIDSTRING=${APPIDSTRING// / } 476 while [[ $APPIDSTRING == *" "* ]] 477 do 478 APPIDSTRING=${APPIDSTRING// / } 479 done 480 APPIDSTRING=${APPIDSTRING/# /} 481 APPIDSTRING=${APPIDSTRING/% /} 482 APPIDSTRING=${APPIDSTRING//[\\\'\"]/} 483} 484function clean_up_APPDETECTORDESC() 485{ 486 APPDETECTORDESC=${APPDETECTORDESC// / } 487 while [[ $APPDETECTORDESC == *" "* ]] 488 do 489 APPDETECTORDESC=${APPDETECTORDESC// / } 490 done 491 APPDETECTORDESC=${APPDETECTORDESC/# /} 492 APPDETECTORDESC=${APPDETECTORDESC/% /} 493} 494function derive_cleaned_up_APPDETECTORNAME() 495{ 496 APPDETECTORNAME=$1 497 # convert spaces to underscores. Leading and trailing are already removed. 498 APPDETECTORNAME=${APPDETECTORNAME// /_} 499 # watch out for previously existing underscores next to the spaces 500 while [[ $APPDETECTORNAME == *"__"* ]] 501 do 502 APPDETECTORNAME=${APPDETECTORNAME//__/_} 503 done 504 # convert taboo filename characters to '." 505 APPDETECTORNAME=${APPDETECTORNAME//[\/><|:&]/.} 506 # watch out for multiples next to each other 507 while [[ $APPDETECTORNAME == *".."* ]] 508 do 509 APPDETECTORNAME=${APPDETECTORNAME//../.} 510 done 511 # watch for leading '.' since we will not want a name ls can't see by default. 512 APPDETECTORNAME=${APPDETECTORNAME/#./} 513 # watch for trailing '.' since "something..lua" is ugly. 514 APPDETECTORNAME=${APPDETECTORNAME/%./} 515} 516###### begin main ######## 517echo -e "Enter below, the AppId string to be associated with the Detector." 518echo -e "(e.g. \"CNN.com\", \"Yahoo!\", \"Avira Download/Update\", etc.)" 519echo -e "AppId strings MUST NOT INCLUDE tab, backslash, apostrophe, or double-quote." 520echo -e "" 521read -p "Enter AppId string: " APPIDSTRING 522clean_up_APPIDSTRING 523if [[ "z${APPIDSTRING// /}" = "z" ]]; then 524 echo "requires a non-empty string." 525 exit 0 526fi 527derive_cleaned_up_APPDETECTORNAME "$APPIDSTRING" 528echo -e "" 529read -p "Enter its optional description: " APPDETECTORDESC 530clean_up_APPDETECTORDESC 531if [[ "z${APPDETECTORDESC// /}" = "z" ]]; then 532 # give it a default and move on 533 APPDETECTORDESC="$APPDETECTORNAME wants a better description." 534fi 535### Name the output file, deriving if from APPDETECTORNAME 536APPDETECTORFNAME="$APPDETECTORNAME" 537 538MYHOME=$PWD 539OUTPUTFILE="$MYHOME/$APPDETECTORFNAME.lua" 540### Name all of the temporary files which will be merged into the output 541INTERMEDIATEFILE_CLIENT="$MYHOME/$APPDETECTORFNAME.client.temp" 542INTERMEDIATEFILE_SERVER="$MYHOME/$APPDETECTORFNAME.server.temp" 543INTERMEDIATEFILE_HTTP_URL="$MYHOME/$APPDETECTORFNAME.http.url.temp" 544INTERMEDIATEFILE_HTTP_USER_AGENT="$MYHOME/$APPDETECTORFNAME.http.user.agent.temp" 545INTERMEDIATEFILE_HTTP_CONTENT_TYPE="$MYHOME/$APPDETECTORFNAME.http.content.type.temp" 546INTERMEDIATEFILE_SSL_HOST="$MYHOME/$APPDETECTORFNAME.ssl.host.temp" 547INTERMEDIATEFILE_SSL_CN="$MYHOME/$APPDETECTORFNAME.ssl.cn.temp" 548INTERMEDIATEFILE_SIP_SERVER="$MYHOME/$APPDETECTORFNAME.sip.server.temp" 549INTERMEDIATEFILE_SIP_USER_AGENT="$MYHOME/$APPDETECTORFNAME.sip.user.agent.temp" 550INTERMEDIATEFILE_RTMP_URL="$MYHOME/$APPDETECTORFNAME.rtmp.url.temp" 551if [[ -f "$OUTPUTFILE" ]]; then 552 echo "$OUTPUTFILE will be overwritten." 553 read -p "Is this acceptable? [n]: " answer 554 answer=${answer:=n} 555 if [[ "$answer" != "Y" ]] ; then 556 if [[ "$answer" != "y" ]] ; then 557 echo "cancelling..." 558 exit 0 559 fi 560 fi 561fi 562# Guarantee that the intermediate files start empty so we can append into them 563rm -f "${INTERMEDIATEFILE_CLIENT}" 564rm -f "${INTERMEDIATEFILE_SERVER}" 565rm -f "${INTERMEDIATEFILE_HTTP_URL}" 566rm -f "${INTERMEDIATEFILE_HTTP_USER_AGENT}" 567rm -f "${INTERMEDIATEFILE_HTTP_CONTENT_TYPE}" 568rm -f "${INTERMEDIATEFILE_SSL_HOST}" 569rm -f "${INTERMEDIATEFILE_SSL_CN}" 570rm -f "${INTERMEDIATEFILE_SIP_SERVER}" 571rm -f "${INTERMEDIATEFILE_SIP_USER_AGENT}" 572rm -f "${INTERMEDIATEFILE_RTMP_URL}" 573#### outer menu loop #### 574protocol_prompt 575while [[ "$protocol_choice" != "Q" ]]; do 576case "$protocol_choice" in 577"TCP") 578 pattern_type_prompt 579 case "$pattern_type_choice" in 580 "ASCII") 581 pattern_prompt "ASCII" 582 ;; 583 "HEX") 584 hex_pattern_prompt 585 ;; 586 esac 587 offset_number_prompt 588 direction_prompt 589 case "$direction_choice" in 590 "CLIENT" ) 591 output_port_pattern_client 592 ;; 593 "SERVER" ) 594 port_numbers_prompt 595 output_port_pattern_server 596 ;; 597 esac 598 ;; 599"UDP") 600 pattern_type_prompt 601 case "$pattern_type_choice" in 602 "ASCII") 603 pattern_prompt "ASCII" 604 ;; 605 "HEX") 606 hex_pattern_prompt 607 ;; 608 esac 609 offset_number_prompt 610 direction_prompt 611 case "$direction_choice" in 612 "CLIENT") 613 output_port_pattern_client 614 ;; 615 "SERVER") 616 port_numbers_prompt 617 output_port_pattern_server 618 ;; 619 esac 620 ;; 621"HTTP") 622 http_pattern_type_prompt 623 pattern_prompt "$pattern_type_choice" 624 case "$pattern_type_choice" in 625 "URL") 626 output_http_url_pattern 627 ;; 628 "User Agent") 629 output_http_useragent_pattern 630 ;; 631 "Content Type") 632 output_http_contenttype_pattern 633 ;; 634 esac 635 # we need to remember this as we add patterns for client and/or server 636 set_client_vs_server "SERVER" 637 ;; 638"SSL") 639 ssl_pattern_type_prompt 640 pattern_prompt "$pattern_type_choice" 641 case "$pattern_type_choice" in 642 "Host") 643 output_ssl_host_pattern 644 ;; 645 "Common Name" | "Organizational Unit") 646 output_ssl_cn_pattern 647 ;; 648 esac 649 # we need to remember this as we add patterns for client and/or server 650 set_client_vs_server "SERVER" 651 ;; 652"SIP") 653 sip_pattern_type_prompt 654 pattern_prompt "$pattern_type_choice" 655 case "$pattern_type_choice" in 656 "SIP Server") 657 output_sip_server_pattern 658 ;; 659 "User Agent") 660 output_sip_useragent_pattern 661 ;; 662 esac 663 # we need to remember this as we add patterns for client and/or server 664 set_client_vs_server "SERVER" 665 ;; 666"RTMP") 667 pattern_prompt "RTMP URL" 668 output_rtmp_url_pattern 669 # we need to remember this as we add patterns for client and/or server 670 set_client_vs_server "SERVER" 671 ;; 672esac 673# Ask if they want more than one protocol filter 674protocol_prompt 675done 676##### Output the file with the optional pieces in this order 677output_preamble 678output_detectorinit_preamble 679output_optional_client 680output_optional_server 681output_optional_http_url 682output_optional_http_useragent 683output_optional_http_contenttype 684output_optional_ssl_host 685output_optional_ssl_cn 686output_optional_sip_useragent 687output_optional_sip_server 688output_optional_rtmp_url 689output_detectorinit_postlude 690output_detectorclean_preamble 691output_detectorclean_postlude 692 693echo "Successfully completed construction of:" 694echo " ${OUTPUTFILE}" 695echo "When you add the .lua file, the AppId," 696echo -en " \"" 697echo -n "${APPIDSTRING}" 698echo -e "\"," 699echo " will be the name reported as detected." 700### end ### 701