python抓包截取http記錄日誌

標籤：

#!/usr/bin/python

 

import pcap

import dpkt

import re

 

 

 

 

def main():

        pc=pcap.pcap(name="eth1")                                             # 抓取 eth1

        pc.setfilter(‘tcp port 80‘)                                                       # 過濾運算式 tcp port 80

 

        for p_time, p_data in pc:                                                      # 

                  ret = main_pcap(p_time, p_data)

                        if ret:

                                print ret 

               

def main_pcap(p_time, p_data):                                                 # 解碼

        out_format = "%s\t%s\t%s\t%s\t%s\tHTTP/%s"

        p = dpkt.ethernet.Ethernet(p_data)                                     # 

        ret = None

        if p.data.__class__.__name__ == ‘IP‘:

                ip_data = p.data

                src_ip = ‘%d.%d.%d.%d‘ % tuple(map(ord,list(ip_data.src)))

                dst_ip = ‘%d.%d.%d.%d‘ % tuple(map(ord,list(ip_data.dst)))

                if p.data.data.__class__.__name__==‘TCP‘:

                        tcp_data = p.data.data

                        if tcp_data.dport==80:

                                if tcp_data.data:

                                        h = dpkt.http.Request(tcp_data.data)                                            # http解碼

                                        pre = "^/.*$"

                                        if match(pre, h.uri):                                                                           # url 重寫

                                                http_headers = h.headers

                                                host = h.headers[‘host‘]

                                                url = "http://" + host + h.uri

                                        else:

                                                url = h.uri

 

                                        # datetime srcip dstip GET /index.htm HTTP/1.1                       # 輸出日誌格式

                                        ret = out_format % (p_time, src_ip, dst_ip, h.method, url, h.version)

 

        

        return ret

 

def match(pre, line):

        p = re.compile(pre)

        m = p.match(line)

        return m

 

# 指令碼運行也達到了武星預期的要求，OK。

# 後續記錄下referer 還是很有必要的。

======================================================================================

安裝

1. python 2.5

2. pypcap               python的抓包函數庫

http://code.google.com/p/pypcap/downloads/list

3. dpkt                     python的解包函數庫

http://code.google.com/p/dpkt/downloads/list

4. winpcap             python支援pacp的驅動

如果有wireshark的話，就直接安裝wireshark吧，裡面帶著winpcap

 

在Linux中有個庫叫做libpcap可以勝任。libpcap是一個簡單而又強大的資料包捕獲函數庫，可以在多種作業系統上運行。

關於libpcap有幾個很好的教程：

http://www.tcpdump.org/pcap.htm （官方嚮導，英文，寫得很適合新手）

http://blog.csdn.net/bat603/archive/2006/09/04/1175729.aspx （主要函數中文說明）

http://blog.csdn.net/bat603/archive/2006/09/04/1176251.aspx （入亹源碼）

python抓包截取http記錄日誌