用scapy解析出pcap文件的http报文
2017-03-20 11:30
543 查看
p.show函数可以分层次打印pcap文件的内容
例程序1:
输出结果:
src = 48:0f:cf:38:05:e4
type = 0x800
HTTP/1.1\r\nHost: s2-im-notify.csdn.net\r\nUser-Agent: Mozilla/5.0
(X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nAccept-Language:
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065\r\norigin:
http://blog.csdn.net\r\nConnection: keep-alive\r\n\r\n’ None “`
第一层是网络层,包含源、目的mac、ip协议号,第二层是tcp层,第三层包含端口号、http报文。其中每一层均为上一层的payload成员
及将例程序1中注释掉的代码加上如
例程序2
输出结果:
src = 48:0f:cf:38:05:e4
type = 0x800
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection:
keep-alive\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nUser-Agent:
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0\r\nHost: s2-im-notify.csdn.net\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065’
Additional-Headers= u’origin: http://blog.csdn.net\r\n’ None
第三层和程序一大不相同,显示了http层,http 请求。
另一种解析http报文的方法片段
输出片段:
……
‘GET http://s10-im-notify.csdn.net/socket.io/1/xhr-polling/J_mGkmq5vHoAn5yOJtWK?t=1489831343548
HTTP/1.1 Host: s10-im-notify.csdn.net User-Agent: Mozilla/5.0 (X11;
Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate
Referer: http://blog.csdn.net/vah101/article/details/46445883 origin:
http://blog.csdn.net Connection: keep-alive
’ ‘HTTP/1.1 200 OK
引用块内容
例程序1:
#encoding=utf-8 import scapy.all as scapy ''' try: # This import works from the project directory import scapy_http.http except ImportError: # If you installed this package via pip, you just need to execute this from scapy.layers import http ''' packets = scapy.rdpcap("/home/amos/learn_data/tump_http.pcap") # 读取pcap文件 ''' rdpcap(filename, count=-1) Read a pcap file and return a packet list count: read only <count> packets ''' print packets[46].show()
输出结果:
[ Ethernet ]
dst = 00:19:21:11:2e:90src = 48:0f:cf:38:05:e4
type = 0x800
[ IP ]
version = 4L ihl = 5L tos = 0x0 len = 524 id = 6597 flags = DF frag = 0L ttl = 64 proto = tcp chksum = 0xf246 src = 219.245.186.241 dst = 219.245.186.3 \options \
[ TCP ]
sport = 57447 dport = http seq = 1199195183 ack = 1123214974 dataofs = 8L reserved = 0L flags = PA window = 501 chksum = 0x2edf urgptr = 0 options = [('NOP', None), ('NOP', None), ('Timestamp', (1040357825, 1152646))]
[ Raw ]
load = 'GET http://s2-im-notify.csdn.net/socket.io/1/xhr-polling/NZRfBbB022nNBsAeJqPa?t=1489831347653
HTTP/1.1\r\nHost: s2-im-notify.csdn.net\r\nUser-Agent: Mozilla/5.0
(X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nAccept-Language:
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065\r\norigin:
http://blog.csdn.net\r\nConnection: keep-alive\r\n\r\n’ None “`
第一层是网络层,包含源、目的mac、ip协议号,第二层是tcp层,第三层包含端口号、http报文。其中每一层均为上一层的payload成员
及将例程序1中注释掉的代码加上如
例程序2
#encoding=utf-8 import scapy.all as scapy try: # This import works from the project directory import scapy_http.http except ImportError: # If you installed this package via pip, you just need to execute this from scapy.layers import http packets = scapy.rdpcap("/home/amos/learn_data/tump_http.pcap") # 读取pcap文件 ''' rdpcap(filename, count=-1) Read a pcap file and return a packet list count: read only <count> packets ''' print packets[46].show()
输出结果:
[ Ethernet ]
dst = 00:19:21:11:2e:90src = 48:0f:cf:38:05:e4
type = 0x800
[ IP ]
version = 4L ihl = 5L tos = 0x0 len = 524 id = 6597 flags = DF frag = 0L ttl = 64 proto = tcp chksum = 0xf246 src = 219.245.186.241 dst = 219.245.186.3 \options \
[ TCP ]
sport = 5744 a5ab 7 dport = http seq = 1199195183 ack = 1123214974 dataofs = 8L reserved = 0L flags = PA window = 501 chksum = 0x2edf urgptr = 0 options = [('NOP', None), ('NOP', None), ('Timestamp', (1040357825, 1152646))]
[ HTTP ]
[ HTTP Request ]
Method = u'GET' Path = u'http://s2-im-notify.csdn.net/socket.io/1/xhr-polling/NZRfBbB022nNBsAeJqPa?t=1489831347653' Http-Version= u'HTTP/1.1' Host = u's2-im-notify.csdn.net' User-Agent= u'Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0' Accept = u'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language= u'en-US,en;q=0.5' Accept-Encoding= u'gzip, deflate' Accept-Charset= None Referer = u'http://blog.csdn.net/nixawk/article/details/38535065' Authorization= None Expect = None From = None If-Match = None If-Modified-Since= None If-None-Match= None If-Range = None If-Unmodified-Since= None Max-Forwards= None Proxy-Authorization= None Range = None TE = None Cache-Control= None Connection= u'keep-alive' Date = None Pragma = None Trailer = None Transfer-Encoding= None Upgrade = None Via = None Warning = None Keep-Alive= None Allow = None Content-Encoding= None Content-Language= None Content-Length= None Content-Location= None Content-MD5= None Content-Range= None Content-Type= None Expires = None Last-Modified= None Cookie = None Headers = u'origin: http://blog.csdn.net\r\nAccept-Language:
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection:
keep-alive\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nUser-Agent:
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0\r\nHost: s2-im-notify.csdn.net\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065’
Additional-Headers= u’origin: http://blog.csdn.net\r\n’ None
第三层和程序一大不相同,显示了http层,http 请求。
另一种解析http报文的方法片段
#encoding=utf-8 import scapy.all as scapy packets = scapy.rdpcap("/home/amos/learn_data/tump_http.pcap") # 读取pcap文件 ''' rdpcap(filename, count=-1) Read a pcap file and return a packet list count: read only <count> packets ''' for p in packets: for f in p.payload.payload.payload.fields_desc: fvalue = p.payload.payload.getfieldval(f.name) reprval = f.i2repr(p.payload.payload, fvalue)# 转换成十进制字符串 if 'HTTP' in reprval: lst = str(reprval).split(r'\r\n') for l in lst: print l
输出片段:
……
‘GET http://s10-im-notify.csdn.net/socket.io/1/xhr-polling/J_mGkmq5vHoAn5yOJtWK?t=1489831343548
HTTP/1.1 Host: s10-im-notify.csdn.net User-Agent: Mozilla/5.0 (X11;
Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate
Referer: http://blog.csdn.net/vah101/article/details/46445883 origin:
http://blog.csdn.net Connection: keep-alive
’ ‘HTTP/1.1 200 OK
引用块内容
相关文章推荐
- C语言解析pcap文件得到HTTP信息实例(原创,附源码)
- C语言解析pcap文件得到HTTP信息实例(原创,附源码)
- C语言解析pcap文件得到HTTP信息实例
- python解析pcap文件中的http数据包
- C语言解析pcap文件得到HTTP信息实例
- C语言解析pcap文件得到HTTP信息实例
- C语言解析pcap文件得到HTTP信息实例(原创,附源码)
- scapy 解析pcap文件总结
- python解析pcap文件中的http数据包
- HTTP报文解析及其状态码
- Windows Server 2003 IIS配置: HTTP错误 404 - 文件或目录未找到[可以解析aspx,但不能
- oracle存储过程通过http接收xml文件并解析入库
- http上传文件深度解析-高性能http传输
- pcap文件解析
- httpclient通过POST来上传文件,而不是通过流的形式,并在服务端进行解析(通过httpmime.jar来操作)
- httpclient通过POST来上传文件,而不是通过流的形式,并在服务端进行解析(通过htt...
- 使用GHashTable和strsep()函数解析http报文
- pcap文件格式解析
- HTTP报文解析及其状态码
- HTTP报文解析及其状态码(转)