用scapy解析出pcap文件的http报文
2017-03-20 11:30
543 查看
p.show函数可以分层次打印pcap文件的内容
例程序1:
输出结果:
src = 48:0f:cf:38:05:e4
type = 0x800
HTTP/1.1\r\nHost: s2-im-notify.csdn.net\r\nUser-Agent: Mozilla/5.0
(X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nAccept-Language:
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065\r\norigin:
http://blog.csdn.net\r\nConnection: keep-alive\r\n\r\n’ None “`
第一层是网络层,包含源、目的mac、ip协议号,第二层是tcp层,第三层包含端口号、http报文。其中每一层均为上一层的payload成员
及将例程序1中注释掉的代码加上如
例程序2
输出结果:
src = 48:0f:cf:38:05:e4
type = 0x800
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection:
keep-alive\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nUser-Agent:
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0\r\nHost: s2-im-notify.csdn.net\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065’
Additional-Headers= u’origin: http://blog.csdn.net\r\n’ None
第三层和程序一大不相同,显示了http层,http 请求。
另一种解析http报文的方法片段
输出片段:
……
‘GET http://s10-im-notify.csdn.net/socket.io/1/xhr-polling/J_mGkmq5vHoAn5yOJtWK?t=1489831343548
HTTP/1.1 Host: s10-im-notify.csdn.net User-Agent: Mozilla/5.0 (X11;
Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate
Referer: http://blog.csdn.net/vah101/article/details/46445883 origin:
http://blog.csdn.net Connection: keep-alive
’ ‘HTTP/1.1 200 OK
引用块内容
例程序1:
#encoding=utf-8
import scapy.all as scapy
'''
try:
# This import works from the project directory
import scapy_http.http
except ImportError:
# If you installed this package via pip, you just need to execute this
from scapy.layers import http
'''
packets = scapy.rdpcap("/home/amos/learn_data/tump_http.pcap") # 读取pcap文件
'''
rdpcap(filename, count=-1)
Read a pcap file and return a packet list
count: read only <count> packets
'''
print packets[46].show()输出结果:
[ Ethernet ]
dst = 00:19:21:11:2e:90src = 48:0f:cf:38:05:e4
type = 0x800
[ IP ]
version = 4L ihl = 5L tos = 0x0 len = 524 id = 6597 flags = DF frag = 0L ttl = 64 proto = tcp chksum = 0xf246 src = 219.245.186.241 dst = 219.245.186.3 \options \
[ TCP ]
sport = 57447
dport = http
seq = 1199195183
ack = 1123214974
dataofs = 8L
reserved = 0L
flags = PA
window = 501
chksum = 0x2edf
urgptr = 0
options = [('NOP', None), ('NOP', None), ('Timestamp', (1040357825, 1152646))][ Raw ]
load = 'GET http://s2-im-notify.csdn.net/socket.io/1/xhr-polling/NZRfBbB022nNBsAeJqPa?t=1489831347653
HTTP/1.1\r\nHost: s2-im-notify.csdn.net\r\nUser-Agent: Mozilla/5.0
(X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nAccept-Language:
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065\r\norigin:
http://blog.csdn.net\r\nConnection: keep-alive\r\n\r\n’ None “`
第一层是网络层,包含源、目的mac、ip协议号,第二层是tcp层,第三层包含端口号、http报文。其中每一层均为上一层的payload成员
及将例程序1中注释掉的代码加上如
例程序2
#encoding=utf-8
import scapy.all as scapy
try:
# This import works from the project directory
import scapy_http.http
except ImportError:
# If you installed this package via pip, you just need to execute this
from scapy.layers import http
packets = scapy.rdpcap("/home/amos/learn_data/tump_http.pcap") # 读取pcap文件
'''
rdpcap(filename, count=-1)
Read a pcap file and return a packet list
count: read only <count> packets
'''
print packets[46].show()输出结果:
[ Ethernet ]
dst = 00:19:21:11:2e:90src = 48:0f:cf:38:05:e4
type = 0x800
[ IP ]
version = 4L ihl = 5L tos = 0x0 len = 524 id = 6597 flags = DF frag = 0L ttl = 64 proto = tcp chksum = 0xf246 src = 219.245.186.241 dst = 219.245.186.3 \options \
[ TCP ]
sport = 5744
a5ab
7
dport = http
seq = 1199195183
ack = 1123214974
dataofs = 8L
reserved = 0L
flags = PA
window = 501
chksum = 0x2edf
urgptr = 0
options = [('NOP', None), ('NOP', None), ('Timestamp', (1040357825, 1152646))][ HTTP ]
[ HTTP Request ]
Method = u'GET' Path = u'http://s2-im-notify.csdn.net/socket.io/1/xhr-polling/NZRfBbB022nNBsAeJqPa?t=1489831347653' Http-Version= u'HTTP/1.1' Host = u's2-im-notify.csdn.net' User-Agent= u'Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0' Accept = u'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language= u'en-US,en;q=0.5' Accept-Encoding= u'gzip, deflate' Accept-Charset= None Referer = u'http://blog.csdn.net/nixawk/article/details/38535065' Authorization= None Expect = None From = None If-Match = None If-Modified-Since= None If-None-Match= None If-Range = None If-Unmodified-Since= None Max-Forwards= None Proxy-Authorization= None Range = None TE = None Cache-Control= None Connection= u'keep-alive' Date = None Pragma = None Trailer = None Transfer-Encoding= None Upgrade = None Via = None Warning = None Keep-Alive= None Allow = None Content-Encoding= None Content-Language= None Content-Length= None Content-Location= None Content-MD5= None Content-Range= None Content-Type= None Expires = None Last-Modified= None Cookie = None Headers = u'origin: http://blog.csdn.net\r\nAccept-Language:
en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection:
keep-alive\r\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\nUser-Agent:
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0\r\nHost: s2-im-notify.csdn.net\r\nReferer:
http://blog.csdn.net/nixawk/article/details/38535065’
Additional-Headers= u’origin: http://blog.csdn.net\r\n’ None
第三层和程序一大不相同,显示了http层,http 请求。
另一种解析http报文的方法片段
#encoding=utf-8
import scapy.all as scapy
packets = scapy.rdpcap("/home/amos/learn_data/tump_http.pcap") # 读取pcap文件
'''
rdpcap(filename, count=-1)
Read a pcap file and return a packet list
count: read only <count> packets
'''
for p in packets:
for f in p.payload.payload.payload.fields_desc:
fvalue = p.payload.payload.getfieldval(f.name)
reprval = f.i2repr(p.payload.payload, fvalue)# 转换成十进制字符串
if 'HTTP' in reprval:
lst = str(reprval).split(r'\r\n')
for l in lst:
print l输出片段:
……
‘GET http://s10-im-notify.csdn.net/socket.io/1/xhr-polling/J_mGkmq5vHoAn5yOJtWK?t=1489831343548
HTTP/1.1 Host: s10-im-notify.csdn.net User-Agent: Mozilla/5.0 (X11;
Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate
Referer: http://blog.csdn.net/vah101/article/details/46445883 origin:
http://blog.csdn.net Connection: keep-alive
’ ‘HTTP/1.1 200 OK
引用块内容
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- C语言解析pcap文件得到HTTP信息实例(原创,附源码)
- C语言解析pcap文件得到HTTP信息实例(原创,附源码)
- C语言解析pcap文件得到HTTP信息实例
- python解析pcap文件中的http数据包
- C语言解析pcap文件得到HTTP信息实例
- C语言解析pcap文件得到HTTP信息实例
- C语言解析pcap文件得到HTTP信息实例(原创,附源码)
- scapy 解析pcap文件总结
- python解析pcap文件中的http数据包
- HTTP报文解析及其状态码
- Windows Server 2003 IIS配置: HTTP错误 404 - 文件或目录未找到[可以解析aspx,但不能
- oracle存储过程通过http接收xml文件并解析入库
- http上传文件深度解析-高性能http传输
- pcap文件解析
- httpclient通过POST来上传文件,而不是通过流的形式,并在服务端进行解析(通过httpmime.jar来操作)
- httpclient通过POST来上传文件,而不是通过流的形式,并在服务端进行解析(通过htt...
- 使用GHashTable和strsep()函数解析http报文
- pcap文件格式解析
- HTTP报文解析及其状态码
- HTTP报文解析及其状态码(转)