[python3_support] PCAP dump results in [Errno 21] Is a directory error. #20
Description
Testing the python3_support branch of CapTipper and attempted to follow your walkthrough to the letter. Got to the dump phase and tried both the dump all /tmp/ -e method and the CapTipper.py 2014-11-06-Nuclear-EK-traffic.pcap -d /tmp/ option and both got the same errors:
root@fb16f3336d75:/captipper# ./CapTipper.py 2014-11-06-Nuclear-EK-traffic.pcap -d /tmp
CapTipper v0.3 b14 - Malicious HTTP traffic explorer tool
Copyright 2015 Omri Herscovici <omriher@gmail.com>
[A] Analyzing PCAP: 2014-11-06-Nuclear-EK-traffic.pcap
[+] Traffic Activity Time: Thu, 11/06/14 15:02:35
[+] Conversations Found:
0: / -> text/html (0.html) [5.4 KB] (Magic: GZ)
1: /wp-includes/js/jquery/jquery.js?ver=1.7.2 -> application/javascript (jquery.js) [38.6 KB] (Magic: GZ)
2: /seedadmin17.html -> text/html (seedadmin17.html) [354.0 B] (Magic: HTML)
3: /wp-content/uploads/2014/01/MetroWest_COVER_Issue2_Feb2014.jpg -> image/jpeg (MetroWest_COVER_Issue2_Feb2014.jpg) [341.8 KB] (Magic: JPG)
4: /15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html -> text/html (15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html) [110.5 KB] (Magic: HTML)
5: /images/footer/3000melbourne.png -> image/png (3000melbourne.png) [2.9 KB] (Magic: PNG)
6: /images/footer/3207portmelbourne.png -> image/png (3207portmelbourne.png) [3.0 KB] (Magic: PNG)
7: /wp-content/uploads/2012/09/background1.jpg -> image/jpeg (background1.jpg) [32.3 KB] (Magic: JPG)
8: /00015d76d9b2rr9f/1415286120 -> application/octet-stream (00015d76.swf) [30.8 KB] (Magic: SWF)
9: /00015d766423rr9f/1415286120 -> application/pdf (XykpdWhZZ2.pdf) [9.7 KB] (Magic: PDF)
10: /00015d76rr9f/1415286120/5/x00809070554515d565b010b03510053535c0505;1;6 -> application/octet-stream (5.exe) [136.0 KB] (Magic: EXE)
11: /00015d76rr9f/1415286120/5/x00809070554515d565b010b03510053535c0505;1;6;1 -> application/octet-stream (5.exe) [136.0 KB] (Magic: EXE)
12: /00015d76rr9f/1415286120/7 -> application/octet-stream (7.exe) [136.0 KB] (Magic: EXE)
13: /00015d761709rr9f/1415286120 -> application/octet-stream (00015d76.swf) [7.9 KB] (Magic: XAP)
14: /00015d76rr9f/1415286120/8 -> application/octet-stream (8.exe) [136.0 KB] (Magic: EXE)
GZIP Decompression of object 0 (0.html) successful!
New object created: 15
GZIP Decompression of object 1 (jquery.js) successful!
New object created: 16
[Errno 21] Is a directory: '/tmp/0-0.html'
[Errno 21] Is a directory: '/tmp/1-jquery.js'
[Errno 21] Is a directory: '/tmp/2-seedadmin17.html'
[Errno 21] Is a directory: '/tmp/3-MetroWest_COVER_Issue2_Feb2014.jpg'
[Errno 21] Is a directory: '/tmp/4-15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html'
[Errno 21] Is a directory: '/tmp/5-3000melbourne.png'
[Errno 21] Is a directory: '/tmp/6-3207portmelbourne.png'
[Errno 21] Is a directory: '/tmp/7-background1.jpg'
[Errno 21] Is a directory: '/tmp/8-00015d76.swf'
[Errno 21] Is a directory: '/tmp/9-XykpdWhZZ2.pdf'
[Errno 21] Is a directory: '/tmp/10-5.exe'
[Errno 21] Is a directory: '/tmp/11-5.exe'
[Errno 21] Is a directory: '/tmp/12-7.exe'
[Errno 21] Is a directory: '/tmp/13-00015d76.swf'
[Errno 21] Is a directory: '/tmp/14-8.exe'
[Errno 21] Is a directory: '/tmp/15-ungzip-0.html'
[Errno 21] Is a directory: '/tmp/16-ungzip-jquery.js'
While the copy/paste from this test is from a Docker (Ubuntu 20.04), I have tested this in a physical Ubuntu 18.04 installation, and both a virtual 18.04 VM and 20.04 VM. The only change made to both was adding the '3' at the end of the shebang in CapTipper.py.
I did change the 'cgi.escape' to 'html.escape' in the Ubuntu 20 install, but this is only part of the jsontemplate, and does not (should not) affect the dump_all_files or dump_file function in CTCore.py