Merge pull request #41 from Security-Onion-Solutions/dev

2.3.70 merge

html/index.html

@@ -1050,6 +1050,9 @@ <h2>{{ i18n.viewJob }}</h2>
                 <v-icon>fa-window-maximize</v-icon>
               </v-btn>
               <v-spacer></v-spacer>
+              <v-btn text icon @click="transcriptCyberChef()" :title="i18n.transcriptCyberChefHelp">
+                <v-icon>fas fa-bread-slice</v-icon>
+              </v-btn>
               <v-btn text icon :href="downloadUrl()" download :title="i18n.downloadPackets">
                 <v-icon>fa-download</v-icon>
               </v-btn>

html/js/i18n.js

@@ -200,7 +200,7 @@ const i18n = {
       noData: 'No information is currently available.',
       nodeExpandHelp: 'Show node details',
       nodeExpand: 'Expand',
-      nodeImageUnavailable: 'Appliance images unavailable.',
+      nodeImageUnavailable: 'Appliance images are only displayed for official Security Onion Solutions appliances.',
       nodeStatusConnection: 'Connection Status:',
       nodeStatusProcess: 'Process Status:',
       nodeStatusRaid: 'Raid Status:',
@@ -301,6 +301,7 @@ const i18n = {
       toolPlaybookHelp: 'Detection Playbook',
       toolTheHive: 'TheHive',
       toolTheHiveHelp: 'Case Management',
+      transcriptCyberChefHelp: 'Send the transcript to CyberChef',
       type: 'Type',
       unknown: 'Unknown',
       unwrapHelp: 'Unwrap packets from encapsulation (Ex: VXLAN)',

html/js/routes/job.js

@@ -178,6 +178,21 @@ routes.push({ path: '/job/:jobId', name: 'job', component: {
     downloadUrl() {
       return this.$root.apiUrl + "stream?jobId=" + this.job.id + "&ext=pcap&unwrap=" + this.isOptionEnabled('unwrap');
     },
+    packetArrayTranscript() {
+      return this.packets
+        .filter(packet => packet.payload && packet.payloadOffset > 0)
+        .map(packet => {
+          const bytes = atob(packet.payload).slice(packet.payloadOffset);
+          return this.formatHexView(bytes);
+        })
+        .join("");
+    },
+    transcriptCyberChef() {
+      const transcript = this.packetArrayTranscript();
+
+      const win = window.open("/cyberchef/#recipe=From_Hexdump()");
+      win.onload = () => { win.app.setInput(transcript); };
+    },
     toggleWrap() {
       this.packets = [];
       var unwrap = !this.isOptionEnabled('unwrap'); // option hasn't been flipped yet

html/js/routes/job.test.js

@@ -0,0 +1,28 @@
+require('../test_common.js')
+require('./job.js')
+
+const comp = getComponent('job') // What component do I want to get?
+
+test('packetArrayTranscript', () => {
+
+    const packetArr = [
+        { }, // no payload, should be filtered
+        { payload: 'SUdOT1JFLlRISVMuVGVzdC5TdHJpbmcuMTIzLmFzZGZhc2RmLmFzZGZhc2Q=', payloadOffset: 0 }, // payloadOffset == 0, should be filtered
+        { payload: 'SUdOT1JFLlRISVMuVGVzdC5TdHJpbmcuMTIzLmFzZGZhc2RmLmFzZGZhc2Q=', payloadOffset: 12 },
+        { payload: 'SUdOT1JFLlRISVMuVGhpcy5pcy5hLnNlY29uZC50ZXN0LnBhY2tldC4xMjM=', payloadOffset: 12 }
+
+    ]
+    comp.packets = packetArr
+
+    expectedTranscript = `\
+0000  54 65 73 74 2E 53 74 72  69 6E 67 2E 31 32 33 2E   Test.String.123.
+0016  61 73 64 66 61 73 64 66  2E 61 73 64 66 61 73 64   asdfasdf.asdfasd
+0000  54 68 69 73 2E 69 73 2E  61 2E 73 65 63 6F 6E 64   This.is.a.second
+0016  2E 74 65 73 74 2E 70 61  63 6B 65 74 2E 31 32 33   .test.packet.123
+`
+
+    const transcript = comp.packetArrayTranscript()
+
+    expect(transcript).toBe(expectedTranscript)
+});
+

html/js/test_common.js

@@ -18,6 +18,9 @@ global.localStorage = {};
 global.btoa = function(content) {
 	return Buffer.from(content, 'binary').toString('base64');
 };
+global.atob = function(content) {
+	return Buffer.from(content, 'base64').toString('binary')
+};
 
 ////////////////////////////////////
 // Mock jQuery

html/login/index.html

@@ -61,7 +61,7 @@
             <v-row>
               <v-col xs12>
                 <v-text-field name="password_identifier" v-model="form.email" :placeholder="i18n.email" :hint="i18n.emailHelp" autofocus="true" :rules="[rules.required]"></v-text-field>
-                <v-text-field name="password" v-model="form.password" :placeholder="i18n.password" :type="showPassword ? 'text' : 'password'" @click:append="showPassword = !showPassword" :append-icon="showPassword ? 'mdi-eye' : 'mdi-eye-off'" :rules="[rules.required]"></v-text-field>
+                <v-text-field name="password" v-model="form.password" :placeholder="i18n.password" :type="showPassword ? 'text' : 'password'" @click:append="showPassword = !showPassword" :append-icon="showPassword ? 'fa-eye-slash' : 'fa-eye'" :rules="[rules.required]"></v-text-field>
                 <v-text-field name="csrf_token" v-model="form.csrfToken" class="d-none"></v-text-field>
                 <v-text-field name="method" v-model="form.method" class="d-none"></v-text-field>
               </v-col>

model/node.go

@@ -65,6 +65,9 @@ func (node *Node) SetModel(model string) {
   case "SOS4000", "SOSSN7200":
     node.ImageFront = "sos-2u-front-thumb.jpg"
     node.ImageBack = "sos-2u-back-thumb.jpg"
+  case "SO2AMI01":
+  case "SO2AZI01":
+  case "SO2GCI01":
   default:
     node.Model = "N/A"
   }

model/node_test.go

@@ -40,6 +40,9 @@ func TestSetModel(tester *testing.T) {
   testModel(tester, "SOS10K", "SOS10K", "sos-1u-front-thumb.jpg", "sos-1u-sfp-back-thumb.jpg");
   testModel(tester, "SOS4000", "SOS4000", "sos-2u-front-thumb.jpg", "sos-2u-back-thumb.jpg");
   testModel(tester, "SOSSN7200", "SOSSN7200", "sos-2u-front-thumb.jpg", "sos-2u-back-thumb.jpg");
+  testModel(tester, "SO2AMI01", "SO2AMI01", "", "");
+  testModel(tester, "SO2AZI01", "SO2AZI01", "", "");
+  testModel(tester, "SO2GCI01", "SO2GCI01", "", "");
 }
 
 func testStatus(tester *testing.T,