stackoom
  简体   繁体   中英

Getting HTTP response codes from a pcap with Scapy

 原文  2019-11-12 06:44:41       python/ tcp/ scapy/ http-status

Question

I'm reading a pcap file using scapy and I am interested in finding anomalies such as unusual TCP flags or HTTP codes like 403 , 429 etc.

I am able to find out using TCP ports that this traffic belongs to HTTP but how to get status codes of HTTP and flags of TCP?

This is what I have done so far:

for pkt in PcapReader(pcap):
    if (TCP in pkt and (pkt[TCP].sport == 80 or pkt[TCP].dport === 80)):
        pList.append(pkt)

1 answers

solution1
 0  2019-11-12 16:45:42

If you use Scapy 2.4.3+, you can enable the HTTP plugin and simplify your code. See:

Also, in order to use the TCPSession to automatically process HTTP packets, I'll use sniff(prn=) rather than PcapReader . They do the same thing.

from scapy.layers.http import *
from scapy.sessions import TCPSession
from scapy.sendrecv import sniff
plist = []

def func(pkt):
    # called on each packet
    if HTTP in pkt:
        if HTTPResponse in pkt:
            # status codes are only in responses
            status = pkt[HTTPResponse].Status_Code
            if int(status) in [403, 429]: # check code
                plist.append(pkt)

sniff(offline="./my_file.pcap", prn=func, store=False, session=TCPSession)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SCAPY HTTP Request URL PCAP Getting a particular package from the pcap file using the Scapy module (python) Select packets from pcap with Scapy Get second layer from PCAP with Python/Scapy Reading .pcap file from STDIN in Python Scapy Using Scapy to extract payload data from a PCAP no response for a http packet using scapy Reading PCAP file with scapy close pcap file with scapy Writing to a pcap with scapy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM