使用 Scapy 过滤 HTTP 数据包
[英]Using Scapy to fitler HTTP packets
问题描述
I am trying to make a filter for packets that contain HTTP data, yet I don't have a clue on how to do so.
我正在尝试为包含 HTTP 数据的数据包制作过滤器,但我不知道如何执行此操作。
IE Is there a way to filter packets using Scapy that are only HTTP? IE 有没有办法使用只有 HTTP 的 Scapy 过滤数据包?
3 个解决方案
解决方案1
4
Yes there is, with the .haslayer function and a bit of parsing:是的,使用 .haslayer 函数和一些解析:
methods=['GET','POST','HEAD','PUT','DELETE','CONNECT','OPTIONS','TRACE']#Define http methods
s=sniff(1)#sniff one packet to parse you can put this in a loop
a=[]
a.append(s[0])
if a[0].haslayer(TCP):#Checks for TCP protocol
if a[0].dport == 80:#Checks for http port 80
if a[0].haslayer(Raw):#Checks if packet has payload
r=a[0][0][Raw].load
for i in methods:#Checks if any of the http methods are present in load, if there are it prints to screen
if i in r:
print r
解决方案2
2 已采纳 2020-07-18 19:48:33
The other answers give you a solution that can only be so much accurate, as you can use HTTP in other ports than 80, and as for version 2.4.3 scapy team has released a new HTTP layer , so we don't have to rely on those assumptions anymore:其他答案给你一个解决方案,只能是这么多精确的,因为你可以使用HTTP的其它端口比80,并以此为版本2.4.3 Scapy的团队已经发布了一个新的HTTP层,所以我们不必依靠不再基于这些假设:
>>> import scapy.all as S
>>> S.load_layer("http")
>>> HTTPRequest
<class 'scapy.layers.http.HTTPRequest'>
>>> def filter_get_requests(pkg):
return pkg.haslayer(HTTPRequest) and pkg[HTTPRequest].Method==b'GET'
>>> s = S.sniff(lfilter=filter_get_requests)
Then make a GET request to your favorite HTTP site and there you have it :) You can read the whole HTTP layer doc in here .然后向您最喜欢的 HTTP 站点发出 GET 请求,您就拥有了 :) 您可以在此处阅读整个 HTTP 层文档。
解决方案3
1 2017-06-22 15:34:08
Yes, you can.是的,你可以。 You can filter by TCP port 80 (checking each packet or using BPF) and then check the TCP payload to ensure there is an HTTP header.您可以通过 TCP 端口 80(检查每个数据包或使用 BPF)进行过滤,然后检查 TCP 负载以确保存在 HTTP 标头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.