Merge pull request #6 from doronz88/improve/filters

sniffers: improve `filters`
doronz88 · Jul 12, 2023 · 87b43d8 · 87b43d8
2 parents 144aae7 + ca08b1b
commit 87b43d8
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/harlogger/__main__.py b/harlogger/__main__.py
@@ -18,13 +18,14 @@ def cli():
 @click.option('--request/--no-request', is_flag=True, default=True, help='show requests')
 @click.option('--response/--no-response', is_flag=True, default=True, help='show responses')
 @click.option('-u', '--unique', is_flag=True, help='show only unique requests per image/pid/method/uri combination')
-def cli_profile(lockdown: LockdownClient, pids, process_names, color, request, response, images, unique):
+@click.option('--black-list/--white-list', default=True, is_flag=True)
+def cli_profile(lockdown: LockdownClient, pids, process_names, color, request, response, images, unique, black_list):
     """
     Sniff using CFNetworkDiagnostics.mobileconfig profile.
 
     This requires the specific Apple profile to be installed for the sniff to work.
     """
-    filters = Filters(pids, process_names, images)
+    filters = Filters(pids, process_names, images, black_list)
     SnifferProfile(lockdown, filters=filters, request=request, response=response, color=color, unique=unique).sniff()
 
 
@@ -37,14 +38,15 @@ def cli_profile(lockdown: LockdownClient, pids, process_names, color, request, r
 @click.option('--request/--no-request', is_flag=True, default=True, help='show requests')
 @click.option('--response/--no-response', is_flag=True, default=True, help='show responses')
 @click.option('-u', '--unique', is_flag=True, help='show only unique requests per image/pid/method/uri combination')
-def cli_preference(lockdown: LockdownClient, out, pids, process_names, images, request, response, color, unique):
+@click.option('--black-list/--white-list', default=True, is_flag=True)
+def cli_preference(lockdown: LockdownClient, out, pids, process_names, images, request, response, color, unique, black_list):
     """
     Sniff using the secret com.apple.CFNetwork.plist configuration.
 
     This sniff includes the request/response body as well but requires the device to be jailbroken for
     the sniff to work
     """
-    filters = Filters(pids, process_names, images)
+    filters = Filters(pids, process_names, images, black_list)
     SnifferPreference(lockdown, filters=filters, request=request, response=response, out=out, color=color,
                       unique=unique).sniff()
 

diff --git a/harlogger/sniffers.py b/harlogger/sniffers.py
@@ -27,11 +27,20 @@ class EntryHash:
     url: str
 
 
-@dataclass
+@dataclass(repr=True)
 class Filters:
     pids: Tuple = None
     process_names: Tuple = None
     images: Tuple = None
+    black_list: bool = True
+
+    def should_keep(self, entry_hash: EntryHash) -> bool:
+        """ Filter out entry if one of the criteria specified (pid,image,process_name) """
+        in_filters = self.pids is not None and entry_hash.pid in self.pids or \
+            self.process_names is not None and entry_hash.process_name in self.process_names or \
+            self.images is not None and entry_hash.image in self.images
+
+        return self.black_list and not in_filters or not self.black_list and in_filters
 
 
 class SnifferBase(ABC):
@@ -60,17 +69,6 @@ def show(self, entry_hash: EntryHash, transaction: str, direction: str, extra: s
         else:
             print(transaction)
 
-    def should_keep(self, entry_hash: EntryHash) -> bool:
-        if self._filters.pids and entry_hash.pid in self._filters.pids:
-            return False
-
-        if self._filters.images and entry_hash.image in self._filters.images:
-            return False
-
-        if self._filters.process_names and entry_hash.process_name in self._filters.process_names:
-            return False
-        return True
-
     @abstractmethod
     def sniff(self) -> None:
         pass
@@ -124,7 +122,7 @@ def _sniff(self) -> None:
                                        os.path.basename(line.image_name),
                                        entry.url)
 
-                if not self.should_keep(entry_hash):
+                if not self._filters.should_keep(entry_hash):
                     continue
 
                 self.har['log']['entries'].append(entry)
@@ -175,7 +173,7 @@ def sniff(self):
                                    os.path.basename(entry.image_name),
                                    http_transaction.url)
 
-            if not self.should_keep(entry_hash):
+            if not self._filters.should_keep(entry_hash):
                 continue
 
             if self._request and isinstance(http_transaction, HTTPRequest):