NetWitness Community

RSAAdmin · ‎2014-12-03

for example

function pdfParser:onToken(token, first, last)

local file = io.open("payload.txt", "w+")

io.output(file)

local payload = nw.getPayload(1,200)

io.write(payload)

io.close(file)

nw.createMeta(self.keys['filetype'], "pdf Archive" )

end

Can i save the payload as a file?

Does Lua parser support IO.open and other standard function?

Anonymous · ‎2014-12-03

The way that Lua was implemented on the decoders does not support all the functionality for performance reasons. It does not support the IO functions, nor can you add-in additional modules, such as DNS Resolving.

RSAAdmin · ‎2014-12-08

Hi, wbn,

We are trying to achieve the same thing in lua or flex - to be able to store attachments and files (some of them are not recognized by SA) on disk and for example make a link to them through meta. But IO is locked and we can't find a workaround, maybe there are some other means, not parsers, that can achieve this. For example some custom handlers for built-in "extract files" or "view files" functionality.

Anonymous · ‎2014-12-08

If you se looking for extraction, look to the REST API. However, if there are specific file types that you need to parse and identify that aren't parsed now, you could look at file headers and footers and some other checks and build your parser that way.

Once those files are tagged with meta, then focusing on those with. REST call should be pretty straight forward.

Chris

Sent from my iPhone

RSAAdmin · ‎2014-12-08

i tried REST api to download the pcap file , then extract the file from pcap,

and it works.

thanks.

NetWitness Community

does Lua parser support standard Lua library?