How to sniff HTTP packets in python?

Question

我想通过 python 嗅探计算机中的所有 HTTP 数据包（版本 2.6 .. 这可能吗？我可以用 scapy 来做，还是不用其他外部模块？

Answer 1

Scrapy is only for extracting data from webpages or similar structured documents.

To actually read the packets coming from the NIC your best performance option would probably be to use a C/C++ API that has python bindings.

For example WireShark has a Python API .

Pcapy is a module for packet capture using libpcap.

LibPCAP is the packet capture library written for TCPDUMP and also used in WireShark.

Another option is to try the dpkt python module. Here is a nice write up . Here's an example using using dpkt and pcap to sniff HTTP packets.

EDIT : oops, I misread scapy. Thanks root!

As you mentioned, Scapy is another python module that also uses LibPCAP. This documentation has an example of sniffing.

If you are having trouble running on Python 2.7 check out this post .

Answer 2

https://github.com/KimiNewt/pyshark

Python wrapper for tshark

Usage:

>>> capture = pyshark.LiveCapture(interface='eth0')
>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (5 packets)>
>>> capture[3]
<UDP/HTTP Packet>

for packet in capture.sniff_continuously(packet_count=5):
    print 'Just arrived:', packet

Answer 3

pypcap , https://code.google.com/p/pypcap/用于 libpcap 的简化的面向对象 Python 扩展模块 - 当前 tcpdump.org 版本，一些 BSD 操作系统附带的旧版本，以及用于Windows。这是 Windows 版本。如果您使用的是#nix ，只需安装pcap和dpkt模块。

Answer 4

FTR, Scapy will support HTTP packets starting from 2.4.3: https://scapy.readthedocs.io/en/latest/layers/http.html

>>> HTTPRequest().show()
###[ HTTP Request ]###
  Method= 'GET'
  Path= '/'
  Http_Version= 'HTTP/1.1'
  A_IM= None
  Accept= None
  Accept_Charset= None
  Accept_Datetime= None
  Accept_Encoding= None
  [...]

Sniff demo:

from scapy.layers.http import * # read the doc
from scapy.sendrecv import sniff
sniff(lfilter=lambda x: HTTP in x, prn=lambda x: x.summary())