python实现抓包、解析流程,超过瘾!
时间:03-29来源:作者:点击数:
今日又无聊~~~感觉浏览器检查太麻烦,于是乎想搞个抓包脚本监听本地网卡~~~~代码贴上,复制即可使用~不行那就装个包哦!嘿嘿
import os
import dpkt
import socket
import datetime
import uuid
from scapy.sendrecv import sniff
from scapy.utils import wrpcap
def get_local_ip():
hostname = socket.gethostname()
# 获取本机内网ip
local_ips = socket.gethostbyname_ex(hostname)[-1]
return local_ips
def body_transfer(body):
str_body = body.decode()
body_ls = str_body.split("&")
for item in body_ls:
key_, value_ = item.split("=")
print(" %s: %s"% (key_, value_))
def get_dpkt():
dpkt_ = sniff(count = 100) #这里是针对单网卡的机子,多网卡的可以在参数中指定网卡,例:iface=Qualcomm QCA9377 802.11ac Wireless Adapter
_uuid = uuid.uuid1()
filename = f"{_uuid}.pcap"
wrpcap(filename, dpkt_)
return filename
def print_pcap(pcap):
try:
local_ips = get_local_ip()
for timestamp, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf) #获得以太包,即数据链路层包
# print("ip layer:"+eth.data.__class__.__name__) #以太包的数据既是网络层包
# print("tcp layer:"+eth.data.data.__class__.__name__) #网络层包的数据既是传输层包
# print("http layer:" + eth.data.data.data.__class__.__name__) #传输层包的数据既是应用层包
#
# print('Timestamp: ',str(datetime.datetime.utcfromtimestamp(timestamp))) #打印出包的抓取时间
if not isinstance(eth.data, dpkt.ip.IP):
print('Non IP Packet type not supported %s' % eth.data.__class__.__name__)
continue
ip = eth.data
src_ip = socket.inet_ntoa(ip.src)
dst_ip = socket.inet_ntoa(ip.dst)
do_not_fragment =bool(ip.off & dpkt.ip.IP_DF)
more_fragments =bool(ip.off & dpkt.ip.IP_MF)
fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
if isinstance(ip.data, dpkt.tcp.TCP):
# Set the TCP data
tcp = ip.data
# Now see if we can parse the contents as a HTTP request
# 看看是否可以将内容解析为HTTP请求
try:
request = dpkt.http.Request(tcp.data)
print('IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)' % (src_ip + "(本机)" if src_ip in local_ips else src_ip, dst_ip, ip.len, ip.ttl, do_not_fragment, more_fragments,fragment_offset))
print("URL: %s" % request.headers.get("host") + request.uri)
print("METHOD: %s" % request.method.upper())
print("Headers: ")
for key, value in request.headers.items():
print(" %s: %s" %(key, value))
print("Body:")
body_transfer(request.body)
print("Data:")
body_transfer(request.data)
# print('HTTP request: %s\n' % repr(request))
print()
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
continue
# Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
except Exception as error:
pass
def main():
while True:
filename = get_dpkt()
with open(filename, "rb") as f:
pcap = dpkt.pcap.Reader(f)
print_pcap(pcap)
os.remove(filename)
if __name__ =='__main__':
main()
实现输出:
IP: 192.168.8.4(本机) -> 101.226.211.223 (len=770 ttl=128 DF=1 MF=0 offset=0)
URL: client.show.qq.com/cgi-bin/qqshow_user_props_info
METHOD: POST
Headers:
accept: */*
accept-language: zh-CN
x-flash-version: 32,0,0,330
content-type: application/x-www-form-urlencoded
content-length: 115
accept-encoding: gzip, deflate
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)
host: client.show.qq.com
connection: Keep-Alive
cache-control: no-cache
cookie: pgv_pvid=3799000690; euin_cookie=640439D46CDC58665AB4F5F3B323373956EAFBBF9BF51FDF; ptcz=5d07117027510d320908125b0ef4126ddda91a6d014acaf2f052391f96270a23; pgv_pvi=2758768640; uin_cookie=207223216; RK=3QRly54pcL
Body:
senduin: 24350438
uin: 20722321
sVersion: 2014
ckey: B2A96E6CCA568A891AA2FEFF214DC03A73FC7D583079467F01117641FAD33BA9
Data:
方便获取更多学习、工作、生活信息请关注本站微信公众号
推荐内容
相关内容
栏目更新
栏目热门
湘公网安备 43102202000103号