如何在 scapy 中使用 import_hexcap()
[英]How to use import_hexcap() in scapy
问题描述
I want to modify some values in ICMP.
我想修改 ICMP 中的一些值。 However, after multiple tests in wireshark, that value(unused) just stuck with 0. So I want to directly modify the bytes in the packet associate with that value.但是,在wireshark中进行多次测试后,该值(未使用)只是停留在0。所以我想直接修改与该值关联的数据包中的字节。 I found that hexdump() may be helpful.我发现 hexdump() 可能会有所帮助。 I want to get the dump and change from there.我想得到转储并从那里改变。 Then turn the changed bytes back to a packet.然后将更改后的字节转回数据包。 From spec, I should use import_hexcap().根据规范,我应该使用 import_hexcap()。 But the description of the function is not clear enough.但是function的描述不够清楚。 It doesn't have input.它没有输入。 When I used it in a py file, the program just stuck there.当我在 py 文件中使用它时,程序就卡在那里了。
packet1 = scapy.Ether(scapy.import_hexcap())
>>>hexdump(pkt)
0000 00 50 56 FC CE 50 00 0C 29 2B 53 19 08 00 45 00 .PV..P..)+S...E.
0010 00 54 00 00 40 00 40 01 5A 7C C0 A8 19 82 04 02 .T..@.@.Z|......
0020 02 01 08 00 9C 90 5A 61 00 01 E6 DA 70 49 B6 E5 ......Za....pI..
0030 08 00 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 ................
0040 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 .......... !"#$%
0050 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 &'()*+,-./012345
0060 36 37
>>>pkt_hex = Ether(import_hexcap())
0000 00 50 56 FC CE 50 00 0C 29 2B 53 19 08 00 45 00 .PV..P..)+S...E.
0010 00 54 00 00 40 00 40 01 5A 7C C0 A8 19 82 04 02 .T..@.@.Z|......
0020 02 01 08 00 9C 90 5A 61 00 01 E6 DA 70 49 B6 E5 ......Za....pI..
0030 08 00 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 ................
0040 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 .......... !"#$%
0050 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 &'()*+,-./012345
0060 36 37 67
1 个解决方案
解决方案1
0 2022-09-17 12:45:25
After some time I figure out that import_hexcap is expecting me to paste the string.一段时间后,我发现 import_hexcap 期望我粘贴字符串。 I need to paste the output from hexdump into the terminal and the packet turns out fine.我需要将 hexdump 中的 output 粘贴到终端中,数据包结果很好。
0000 08 00 27 78 FE 4B 52 54 00 12 35 00 08 00 45 00 ..'x.KRT..5...E.
0010 00 38 00 01 00 00 40 01 31 6D C0 A8 64 01 C0 A8 .8....@.1m..d...
0020 64 05 03 04 41 5E 00 00 05 14 45 00 00 1C 00 01 d...A^....E.....
0030 00 00 40 11 31 74 C0 A8 64 05 C0 A8 64 06 FC F1 ..@.1t..d...d...
0040 00 35 00 08 B9 5A .5...Z
0000 08 00 27 78 FE 4B 52 54 00 12 35 00 08 00 45 00 ..'x.KRT..5...E.
0010 00 38 00 01 00 00 40 01 31 6D C0 A8 64 01 C0 A8 .8....@.1m..d...
0020 64 05 03 04 41 5E 00 00 05 14 45 00 00 1C 00 01 d...A^....E.....
0030 00 00 40 11 31 74 C0 A8 64 05 C0 A8 64 06 FC F1 ..@.1t..d...d...
0040 00 35 00 08 B9 5A .5...Z
###[ Ethernet ]###
dst = 08:00:27:78:fe:4b
src = 52:54:00:12:35:00
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 56
id = 1
flags =
frag = 0
ttl = 64
proto = icmp
chksum = 0x316d
src = 192.168.100.1
dst = 192.168.100.5
\options \
###[ ICMP ]###
type = dest-unreach
code = fragmentation-needed
chksum = 0x415e
reserved = 0
length = 0
nexthopmtu= 1300
###[ IP in ICMP ]###
version = 4
ihl = 5
tos = 0x0
len = 28
id = 1
flags =
frag = 0
ttl = 64
proto = udp
chksum = 0x3174
src = 192.168.100.5
dst = 192.168.100.6
\options \
###[ UDP in ICMP ]###
sport = 64753
dport = domain
len = 8
chksum = 0xb95a
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.