还有一个包,好像是叫scapy-http,不过我没用,我觉得scapy已经够用了。
当你用tcpdump抓到数据包后,以下为一部分代码:
packet_list = rdpcap(pcap_file)
for packet in packet_list:
http_header = bytes.decode(packet['Raw'].load).split('\r\n')
for item in http_header:
if item.find('X-Real-IP') != -1:
x_real_ip = item.split(':')[1]
return x_real_ip
如果packet是一个http get包,print(http_header), 得到如下结果:
['GET / HTTP/1.1',
'Host: www.webserver1.com',
'Connection: keep-alive',
'Cache-Control: max-age=0',
'Upgrade-Insecure-Requests: 1',
'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36',
'Accept: text/html,applica