概述
我试图在Scapy中编写一个简单的嗅探器,它只使用GET方法打印HTTP数据包.这是代码:
#!/usr/bin/python
from scapy.all import *
def http_header(packet):
http_packet=str(packet)
if http_packet.find('GET'):
print GET_print(packet)
print packet
def GET_print(packet1):
print "***************************************GET PACKET****************************************************"
print packet1
print "*****************************************************************************************************"
sniff(iface='eth0',prn=http_header)
这是输出:
*****************************************************************************************************
None
T??Г
)?pEa??@@???h??#/??t
?}LGku???U
oTE??I(????9qi???S?????
XuW?F=???-?k=X:?
***************************************GET PACKET****************************************************
T??Г
)?pE???@@???h??#/??t
?LGku????
oTE??I?K??AH?*?e??>?v1#D?(mG5T?o????8??喷╭?????"?KT^?'?mB???]?????k>
?_x?X?????8V???w/?Z?=???N?À??\r?????)+}???l?c?9??j;???h??5?T?9H?/O??)??P
?Y?qf爂?%?_`??6x??5D?I3???O?
t??tpI#?????$IC??E??
?G?
J??α???=?]??v????b5^|P??DK?)uq?2????w?
tB??????y=???n?i?r?.D6?kI?a???6iC???c'??0dPqED?4????[?[??hGh???~|Y/?>`\6yP Dq??T??M????f?;??????? gY???di?_x?8|
eo?p?xW9??=???v?Ye?}?T??ɑy?^?C
-?_(?<?{????}???????r
$??J?k-?9????}??f?27??QK??`?GY?8??Sh???Y@8?E9?R??&a?/vkф??6?DF`?/9?I?d( ??-??[A
??)pP??y\?j]???8?_???vf?b????I7???????+?P<_`
*****************************************************************************************************
我期待的是:
GET / HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140722 Firefox/24.0 Iceweasel/24.7.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip,deflate
Cookie: PREF=ID=758a20b5fbd4eac9:U=2b2dedf6c84b001f:FF=0:TM=1412150291:LM=1415430021:S=Q-QemmrLqsSsEA9i; NID=67=mRdkPVhtImrOTLi5I1e5JM22J7g26jAcdiDEjj9C5q0H5jj0DWRX27hCM7gLJBeiowW-8omSv-1ycH595SW2InWX2n1JMMNh6b6ZrRsZ9zOCC2a-vstOQnBDSJu6K9LO
Connection: keep-alive
我该怎么做才能获得预期的产量?
#!/usr/bin/python
from scapy.all import *
def http_header(packet):
http_packet=str(packet)
if http_packet.find('GET'):
return GET_print(packet)
def GET_print(packet1):
ret = "***************************************GET PACKET****************************************************\n"
ret += "\n".join(packet1.sprintf("{Raw:%raw.load%}\n").split(r"\r\n"))
ret += "*****************************************************************************************************\n"
return ret
sniff(iface='eth0',prn=http_header,filter="tcp port 80")
我还为TCP端口80添加了一个过滤器,但如果需要,可以将其删除.
示例输出:
***************************************GET PACKET****************************************************
'GET /projects/scapy/doc/usage.html HTTP/1.1
Host: www.secdev.org
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/39.0.2171.65 Safari/537.36
Referer: https://www.google.co.uk/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6
If-None-Match: "28c84-48498d5654df67640-gzip"
If-Modified-Since: Mon,19 Apr 2010 15:44:17 GMT
'
*****************************************************************************************************
Pierre指出你可以通过使用sniff()的lfilter参数完全取消http_header函数.我冒昧地在同一时间使代码更简洁:
#!/usr/bin/python
from scapy.all import *
stars = lambda n: "*" * n
def GET_print(packet):
return "\n".join((
stars(40) + "GET PACKET" + stars(40),"\n".join(packet.sprintf("{Raw:%raw.load%}").split(r"\r\n")),stars(90)))
sniff(
iface='eth0',prn=GET_print,lfilter=lambda p: "GET" in str(p),filter="tcp port 80")
总结
以上是编程之家为你收集整理的python – Scapy中的HTTP GET数据包嗅探器全部内容,希望文章能够帮你解决python – Scapy中的HTTP GET数据包嗅探器所遇到的程序开发问题。
如果您也喜欢它,动动您的小指点个赞吧