$vars['_SRCREPACTIVITY'] = $idm_data['rep_act_src']; $vars['_DSTREPACTIVITY'] = $idm_data['rep_act_dst']; $vars['_SRCREPRELIABILITY'] = (string) $idm_data['rep_rel_src']; $vars['_DSTREPRELIABILITY'] = (string) $idm_data['rep_rel_dst']; $vars = array_map(function ($a) { return str_replace("<span style='color:gray'>" . _("N/A") . "</span>", '', $a); }, $vars); $_SESSION['_kdb_vars'] = $vars; $kdb_hide = 'yes'; require_once '../repository/repository_view.php'; } /* PAYLOAD */ if ($is_snort) { echo '<div class="siem_detail_table"> <div class="siem_detail_section">' . _("Payload"); echo showShellcodeAnalysisLink($eid, $plugin_sid_name); echo '</div>'; } else { echo '<div class="siem_detail_table"> <div class="siem_detail_section">' . _("Raw Log") . '</div>'; } echo ' <div class="siem_detail_content siem_border">'; if ($payload) { /* print the packet based on encoding type */ PrintPacketPayload($payload, $encoding, 1, $plugin_id == $otx_plugin_id ? true : false); if ($layer4_proto == "1") { if ($ICMPitype == "4" && $ICMPicode == "0" || $ICMPitype == "5" || $ICMPitype == "12" && $ICMPicode == "0" || ($ICMPitype == "3" || $ICMPitype == "11") && $ICMPicode == "0" || $ICMPicode == "1" || $ICMPicode == "3" || $ICMPicode == "4" || $ICMPicode == "9" || $ICMPicode == "13") { /* 0 == hex, 1 == base64, 2 == ascii; cf. snort-2.4.4/src/plugbase.h */ if ($encoding == 1) { /* encoding is base64 */ $work = bin2hex(base64_decode(str_replace("\n", "", Util::htmlentities($payload))));
if ($myrow2 = $result2->baseFetchRow()) { $result2->baseFreeRows(); $kdb = $myrow2[0]; } if ($kdb != "") { echo '<br><TABLE BORDER=0 cellpadding=2 cellspacing=0 class="bborder" WIDTH="100%"> <TR><TD class="header3" WIDTH=50 ROWSPAN=2 ALIGN=CENTER>KDB</TD><TD class="header4" valign="top" style="padding-left:5px">' . $kdb . '</TD></TR></TABLE>'; } } if (in_array($plugin_id, $snort_ids)) { echo '<br><TABLE BORDER=0 cellpadding=2 cellspacing=0 class="bborder" WIDTH="100%"> <TR><TD class="header3" WIDTH=50 ROWSPAN=2 ALIGN=CENTER valign="top">Payload'; echo "<br><br>" . PrintCleanURL(); echo "<br>" . PrintBinDownload($db, $cid, $sid); echo "<br>" . PrintPcapDownload($db, $cid, $sid); echo "<br>" . showShellcodeAnalysisLink($cid, $sid, $plugin_sid_name); } else { echo '<br><TABLE BORDER=0 cellpadding=2 cellspacing=0 class="bborder" WIDTH="100%"> <TR><TD class="header3" WIDTH=50 ROWSPAN=2 ALIGN=CENTER>Log'; } echo ' <TD>'; if ($payload) { if (!in_array($plugin_id, $snort_ids)) { echo ' <TD>'; echo ' <TABLE BORDER=0 CELLPADDING=2>'; echo ' <TR><TD class="header"> filename </TD> <TD class="header"> username </TD> <TD class="header"> password </TD> <TD class="header"> userdata1 </TD> <TD class="header"> userdata2 </TD> <TD class="header"> userdata3 </TD>