First, Introduction
Recently, I've been trying to get a proxy and read the data packets to sniff through traffic. So today I learned how to use Python to grab and unpack the package.
Two modules are used first
Dpkt (My Side ubuntu16.04 LTS) Python2.7 installed in the default
PCAP Installation
1 Install Pypcap
Then say, pypcap mainly used to grab packets or sniffer, DPKT used to unpack, I know dpkt is to unpack the transport layer and the transmission layer of the data is quite good, but for the application layer data interpretation is slag slag. Especially HTTP, so the HTTP part unpacked, was my own rewrite, and did not use Dpkt.http.Request and dpkt.http.Response. (The total of his mother error).
Second, the current to do:
(1) Normal decoding of request and response packets.
(2) Failure to interpret packet interpretation for long connection data transmission.
Third, the first to grasp the bag
1 ImportPcap2 Importdpkt3 4Sniffer = Pcap.pcap (name="eth1")#Name parameter = Interface Name5Sniffer.setfilter ("TCP")#Filter Sentence6 forPacket_time Packet_datainchSniifer:7 Pass8 9 #packet_time = packet Receive timeTen #Packet_data = Ethernet level Data
Four, unpacking:
1Packet = dpkt.ethernet.Ethernet (pdata)#Two-layer data message.2 Print "SRC ip:%d.%d.%d.%d"%Tuple (Map (ord,list (PACKET.DATA.SRC)))3 Print "DST ip:%d.%d.%d.%d"%Tuple (Map (ord,list (PACKET.DATA.DST)))4 Print "SRC port:%s"%Packet.data.data.sport5 Print "DST port:%s"%packet.data.data.dport
The HTTP part is the package I have solved myself:
1 defHttp_request_analyst (String):2string = String[1:-1]3method = String.Split (" ") [0]4 Print "Method:", Method5Path = String.Split (" ") [1]6 Print "Path:", Urllib.unquote (path)7Protover = String.Split (" ") [2].split ("\\r\\n") [0]8 Print "Protocol Version:", Protover9headers = String.Split ("\\r\\n\\r\\n") [0].split ("\\r\\n") [1:]Ten Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" One Print "Header:" A forHeaderinchheaders: -Header = Header.split (":") - Try: theHstr ="%s:%s"% (str (header[0]), str (header[1]))ifHEADER[0] not inch["Referer"]Else "%s:%s:%s"% (str (header[0]), str (header[1]), str (header[2])) - exceptException,ex: - Print "[*]", ex - PrintHeader + raw_input () - PrintHstr + Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" A Print "Data:", String.Split ("\\r\\n") [-1]
1 defHttp_response_analyst (String):2string = String[1:-1]3Protover = String.Split (" ") [0]4 Print "Protocol Version:", Protover5Status_code = String.Split (" ") [1]6 Print "Response Code:", Status_code7status_string = String.Split (" ") [2].split ("\\r\\n") [0]8 Print "Reposne String:", Status_string9headers = String.Split ("\\r\\n\\r\\n") [0].split ("\\r\\n") [1:]Ten Printrepr (Headers) One Printrepr (String) A Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" - Print "Header:" - forHeaderinchheaders: theHeader = Header.split (":") - Try: -Hstr ="%s:%s"% (str (header[0]), str (header[1]))ifHEADER[0] not inch["Referer"]Else "%s:%s:%s"% (str (header[0]), str (header[1]), str (header[2])) - exceptException,ex: + Print "[*]", ex - PrintHeader + raw_input () A PrintHstr at Print "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" - Print "Data:", String.Split ("\\r\\n") [-1]
Six, the effect of:
Python sniffing with packet capture