The context.utils object

When writing JavaScript code for a filter, you always have the context.utils object available. This object has the following methods:


byte[] getUTF8BytesForString(string)

Returns the UTF-8 bytes for the given string.

For example, to compute the hash for a string:

let sqlBytes = context.utils.getUTF8BytesForString(context.packet.sql);

let DigestUtils = Java.type("org.apache.commons.codec.digest.DigestUtils");

let sqlHash = DigestUtils.sha1Hex(sqlBytes);


string stringFromUTF8Bytes(byte[])

Builds a string from a byte array, which should contain UTF-8 encoded characters.

Example:

let byteArray = [72, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100];

let str = context.utils.stringFromUTF8Bytes(byteArray);


object createObject()

Creates a new empty object, which (unlike JavaScript objects) can be stored in long-lived contexts. For example:

context.connectionContext.qres = context.utils.createObject();

See the JavaScript environment page for details.


string getBinaryDump(byte[] bytes)

Returns a readable string for the specified set of bytes. This is useful for debugging mostly, e.g.:

let bytes = context.utils.getUTF8BytesForString("Four score and seven years ago, our forefathers");

log.debug(context.utils.getBinaryDump(bytes));

The returned string looks like:

46 6F 75 72 20 73 63 6F 72 65 20 61 6E 64 20 73 Four score and s
65 76 65 6E 20 79 65 61 72 73 20 61 67 6F 2C 20 even years ago,
6F 75 72 20 66 6F 72 65 66 61 74 68 65 72 73 our forefathers


string getBinaryDump(byte[] bytes, int offset, int length)

Returns a readable string for the specified set of bytes, starting at the specified offset, for the specified number of bytes. This is useful mostly for debugging.