以以下利用一段代碼讀取http數據包裏的request內容:
#!/usr/bin/env python
import scapy_http.http as http
from scapy.all import *
def process_tcp_packet(packet):
if not packet.haslayer(http.HTTPRequest):
return
http_layer = packet.getlayer(http.HTTPRequest)
print http_layer.show()
ip_layer = packet.getlayer(IP)
print '\n{0[src]} just requested a {1[Method]} {1[Host]}{1[Path]}'.format(ip_layer.fields, http_layer.fields)
sniff(filter='tcp and port 80',prn=process_tcp_packet)運行結果如下:
###[ HTTP Request ]###
Method = 'GET'
Path = '/'
Http-Version= 'HTTP/1.1'
Host = '192.168.32.142'
User-Agent= 'curl/7.60.0'
Accept = '*/*'
Accept-Language= None
Accept-Encoding= None
Accept-Charset= None
Referer = None
Authorization= None
Expect = None
From = None
If-Match = None
If-Modified-Since= None
If-None-Match= None
If-Range = None
If-Unmodified-Since= None
Max-Forwards= None
Proxy-Authorization= None
Range = None
TE = None
Cache-Control= None
Connection= None
Date = None
Pragma = None
Trailer = None
Transfer-Encoding= None
Upgrade = None
Via = None
Warning = None
Keep-Alive= None
Allow = None
Content-Encoding= None
Content-Language= None
Content-Length= None
Content-Location= None
Content-MD5= None
Content-Range= None
Content-Type= None
Expires = None
Last-Modified= None
Cookie = None
Headers = 'Host: 192.168.32.142\r\nAccept: */*\r\nUser-Agent: curl/7.60.0'
Additional-Headers= None
192.168.32.10 just requested a GET 192.168.32.142/