- 通过Anaconda安装scapy
pip install scapy-http
- Python源码如下,实现功能:
1)读取本地pcap文件(文件内容为Wirshark捕获的数据二进制流);
2)通过scapy将二进制数据流解析为有结构的paket包;
3)输出Http数据报的头部信息
try:
import scapy.all as scapy
except ImportError:
import scapy
try:
import scapy_http.http as http
except ImportError:
from scapy.layers import http
import re
def processStr(data):
pattern = re.compile('^b\'(.*?)\'$', re.S)
res = re.findall(pattern, str(data))
final = re.split('\\\\r\\\\n', res[0])
return final
packets = scapy.rdpcap('exampledata.pcap')
for p in packets:
if p.haslayer(http.HTTPRequest) or p.haslayer(http.HTTPRequest):
if 'TCP' in p:
print('=' * 78)
Ether_name = p.name
Ether_dst = p.dst
Ether_src = p.src
IP_name = p.payload.name
IP_src = p.payload.src
IP_dst = p.payload.dst
print(Ether_name)
print('dst : ' + Ether_dst)
print('src : ' + Ether_src)
print(IP_name)
print('src : ' + IP_src)
print('dst : ' + IP_dst)
if p.haslayer(http.HTTPRequest):
print("*********request******")
http_name = 'HTTP Request'
http_header = p[http.HTTPRequest].fields
headers = http_header['Headers']
items = processStr(headers)
for i in items:
print(i)
methods = http_header['Method']
items = processStr(methods)
print('Method:' + items[0])
paths = http_header['Path']
items = processStr(paths)
print('Path:' + items[0])
versions = http_header['Http-Version']
items = processStr(versions)
print('Http-Version:' + items[0])
elif p.haslayer(http.HTTPResponse):
print("*********response******")
http_name = 'HTTP Response'
http_header = p[http.HTTPResponse].fields
headers = http_header['Headers']
items = processStr(headers)
for i in items:
print(i)
methods = http_header['Method']
items = processStr(methods)
print('Method:' + items[0])
paths = http_header['Path']
items = processStr(paths)
print('Path:' + items[0])
versions = http_header['Http-Version']
items = processStr(versions)
print('Http-Version:' + items[0])
if 'Raw' in p:
load = p['Raw'].load
items = processStr(load)
for i in items:
print(i)
else:
continue
- 输出结果如下
- 参考文章列表:
1)https://blog.csdn.net/jjonger/article/details/81275120
2)http://fivezh.github.io/2016/05/31/Python-http-packet-parsing/
3)https://github.com/invernizzi/scapy-http