跳至主要內容

scapy网络抓包

实例

from scapy.all import *
from io import StringIO
import json
def fun_scapy():
    print('start sniff packet')
    if os.path.isfile('./packet.txt'):
        os.remove('./packet.txt')
    sniff(filter='port 8083',prn=callback)


def callback(packet):
    global buff

    with open('./packet.txt','a') as f:
        s = packet.summary()
        if packet.haslayer('TCP'):
            tcp_seq = packet['TCP'].seq
            tcp_ack = packet['TCP'].ack
            last_seq_ack_key = str(packet['IP'].src) + str(packet['IP'].sport) +          str(packet['IP'].dst) + str(packet['IP'].dport)
            if 'buff' in globals().keys():
                last_seq_ack = buff.getvalue()
                last_seq_ack = json.loads(last_seq_ack)
            else:
                last_seq_ack={last_seq_ack_key:('','')}
            if packet.haslayer('Raw'):
                raw_data = packet['Raw'].load
                index = raw_data.find('\r\n\r\n'.encode())

                if index !=-1:
                    try:
                        r= raw_data[:index+4]
                        r = r.decode('utf-8')
                        pattern_request = re.compile(r"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "r"(?:.+?) "r"(HTTP/\d\.\d)")
                        pattern_reponse = re.compile(r"^HTTP/\d\.\d \d\d\d .*")
                        if pattern_request.match(r):
                            f.write(s + ' seq:' + str(tcp_seq) + ' ack:' + str(tcp_ack) + ' len:' + str(len(raw_data)) +' HTTP Request'+'\n')
                        elif pattern_reponse.match(r):
                            f.write(s + ' seq:' + str(tcp_seq) + ' ack:' + str(tcp_ack) + ' len:' + str(len(raw_data)) + ' HTTP Reponse' + '\n')
                        else:
                            f.write(s + ' seq:' + str(tcp_seq) + ' ack:' + str(tcp_ack) + ' len:' + str(len(raw_data)) +'\n')
                        try:
                            r = r + raw_data[index+4:].decode()

                        except Exception as e:
                            r = r + str(raw_data[index+4:])
                        print('body:'+r+'\n')
                        f.write(r + '\n')
                    except:
                        pass

                else:
                    last_seq = last_seq_ack[last_seq_ack_key][0]
                    last_ack = last_seq_ack[last_seq_ack_key][1]
                    if tcp_seq != last_seq and tcp_ack == last_ack:
                        append_info = ' [TCP segment]'
                    else:
                        append_info = ''
                    try:
                        r = raw_data.decode()
                    except Exception as e:
                        r = str(raw_data)
                    f.write(s + ' seq:' + str(tcp_seq) + ' ack:' + str(tcp_ack) + ' len:' + str(len(raw_data)) +append_info+ '\n')
                    f.write(r +'\n')
            else:
                f.write(s+' seq:'+str(tcp_seq)+' ack:'+str(tcp_ack)+' len:0'+'\n')


            last_seq_ack[last_seq_ack_key] = (tcp_seq,tcp_ack)
            last_seq_ack = json.dumps(last_seq_ack)
            buff = StringIO(last_seq_ack)
        else:
            f.write(s+'\n')
        f.write('\n')
    print(packet.summary())


if __name__ == '__main__':
    fun_scapy()

抓取网络包生成文件

from scapy.all import *

def packet_callback(packet):
    try:
        mypacket = packet['Raw'].load
        print(mypacket)
        index = mypacket.find('\r\n\r\n'.encode())
        r= mypacket[:index+4]
        r = r.decode('utf-8')
        print(r + mypacket[index+4:].decode())
        with open('output.txt', 'a') as f:
            f.write(r + mypacket[index+4:].decode()+'\n')
    except:
        pass

def main():
    sniff(filter='tcp',
          prn=packet_callback, store=0)

if __name__ == "__main__":
    main()
上次编辑于:
贡献者: liuhuan
文档页脚
Copyright © 2025 liuhuan