我正在嘗試從python腳本的libpcap文件中重建網頁。我擁有所有的數據包,所以我猜想的目標是將一個libpcap文件作爲輸入,並且您可以找到所有必需的數據包,並以某種方式將網頁文件作爲輸出,並顯示來自該頁面的所有圖片和數據。任何人都可以讓我從正確的方向開始。我想我需要dkpt和/或scaPY。從libpcap python腳本重建HTTP網頁
更新1:代碼在下面!這是我在Python中已經出現的代碼。假設從單個HTTP會話中獲取第一組數據包,其中SYN和ACK標誌設置爲1,並且FIN標誌設置爲1的數據包結束。
假設只有在數據包捕獲期間訪問的一個網站是否附加了重建訪問網頁所需的所有必要數據包?
假設我有所有必需的數據包,我該如何重構網頁?
import scaPy
pktList = list() #create a list to store the packets we want to keep
pcap = rdpcap('myCapture.pcap') #returns a packet list with every packet in the pcap
count = 0 #will store the index of the syn-ack packet in pcap
for pkt in pcap: #loops through packet list named pcap one packet at a time
count = count + 1 #increments by 1
if pkt[TCP].flags == 0x12 and pkt[TCP].sport == 80: #if it is a SYN-ACK packet session has been initiated as http
break #breaks out of the for loop
currentPkt = count #loop from here
while pcap[currentPkt].flags&0x01 != 0x01: #while the FIN bit is set to 0 keep loops stop when it is a 1
if pcap[currentPkt].sport == 80 and pcap[currentPkt].dport == pcap[count].dport and pcap[currentPkt].src == pcap[count].src and pcap[currentPkt].dst == pcap[count].dst:
#if the src, dst ports and IP's are the same as the SYN-ACK packet then the http packets belong to this session and we want to keep them
pktList.append(pcap[currentPkt])
#once the loop exits we have hit the packet with the FIN flag set and now we need to reconstruct the packets from this list.
currentPkt = currentPkt + 1
您正朝着正確的方向發展,但問題太廣泛。請開始編寫代碼,然後讓我們知道您是否遇到任何問題。 –
您可能想嘗試將您的問題分解成一小組您可以設想的問題,然後在遇到問題時發佈。 – RyPeck