本帖最后由 wushaominkk 于 2024-3-16 08:44 编辑
f[Python] 纯文本查看 复制代码 rom scapy.all import *
from scapy.layers.http import HTTP
from scapy.layers.http import TCP
import codecs
import time
import requests
class PacketSniffer:
def __init__(self, interface, filter_expr):
self.interface = interface
self.filter_expr = filter_expr
self.packet_count = 0
def start_sniffing(self):
sniff(iface=self.interface, prn=self.process_packet, filter=self.filter_expr)
def list_start_sniffing(self):
sniff(iface=self.interface, prn=self.list_process_packet, filter=self.filter_expr)
def process_packet(self, packet):
self.parse_packet(packet)
def process_packet(self, packet):
global global_cookie
print(f"*****{self.packet_count}**BEGIN****")
print(f"数据包摘要:\n{packet.summary[i]()[/i]}")
print(f"摘要完毕")
[i]# if packet.haslayer(TCP) and packet.getlayer(TCP).payload:
[/i][i] [/i]if packet.haslayer(TCP):
raw_layer = packet.getlayer(Raw)
[i]# 打印源IP和目标IP
[/i][i] [/i]src_ip = packet.getlayer(IP).src
dst_ip = packet.getlayer(IP).dst
packet_size = len(str[i]([/i]packet[i])[/i])
if raw_layer is not None:
request = str(raw_layer.load)
[i]# result = hexdump(request)
[/i][i] [/i]result = (request)
time.sleep(1)
if result is not None:
print(f"request:{request.strip[i]()[/i]}", flush=True)[i]# 打印
[/i][i] # print(f"result:{result}", flush=True)# 打印
[/i][i]
[/i][i] # 使用正则表达式匹配b'...'的内容
[/i][i] [/i]pattern = r"b'(.*?)'"
match = re.search(pattern, request)
if match:
cookie_string = match.group(1)
print("提取的b'...'后面的内容:", match.group[i]([/i]1[i])[/i].strip[i]()[/i])
cookie_match = re.search(r'JSESSIONID=(.*?)\\r\\n\\r\\nsearch_page_size=', cookie_string)
if cookie_match:
session_id = cookie_match.group(1)
global_cookie = 'JSESSIONID='+session_id [i]#赋值给全局变量global_cookie
[/i][i] [/i]print(f'{global_cookie}')
print(f'JSESSIONID={session_id}')
if session_id!="" or session_id is not None:
print(f"返回:{session_id}")
[i]# return session_id
[/i][i] [/i]else:
print("No match found.")
else:
print("没有找到匹配的b'...'内容。")
[i]# 将字符串转换为字节对象
[/i][i] [/i]request_bytes = request.encode('gbk')
[i]# 使用 codecs 库解码字节对象
[/i][i] [/i]decoded_data = codecs.decode(request_bytes, 'gbk')
[i]# 计算发送和接收的数据包大小
[/i][i] [/i]send_size = len(request)
if 'GET' in request:
self.packet_count += 1
print(f"******GET*====={self.packet_count}=====*****")
print(f"Packet {self.packet_count}:")
[i]# if 'GET' in request or 'POST' in request:
[/i][i] [/i]if 'POST' in request:
self.packet_count += 1
print(f"****** POST*====={self.packet_count}=====*****")
print(f"Packet {self.packet_count}:")
[i] [/i]result = (request)
print(f"HTTP Payload: ") [i]# 打印
[/i][i] [/i]time.sleep(1)
if result is not None:
print(f"request:{request.strip[i]()[/i]}", flush=True) [i]# 打印
[/i][i] # print(f"result:{result}", flush=True) # 打印
[/i][i]
[/i][i] # 使用正则表达式匹配b'...'的内容
[/i][i] [/i]pattern = r"b'(.*?)'"
match = re.search(pattern, request)
if match:
print("提取的b'...'后面的内容:", match.group[i]([/i]1[i])[/i])
else:
print("没有找到匹配的b'...'内容。")
print(f"Source IP: {src_ip}")
print(f"Destination IP: {dst_ip}")
print(f"Send Size: {send_size} bytes")
print(f"Packet Size: {packet_size}")
print(f"*****{self.packet_count}**END****")
print()
def list_process_packet(self, packet):
print(f"*****{self.packet_count}**BEGIN****")
print(f"数据包摘要:\n{packet.summary[i]()[/i]}") [i]# 打印数据包摘要
[/i][i] [/i]print(f"摘要完毕")
[i] [/i]if packet.haslayer(TCP):
raw_layer = packet.getlayer(Raw)
[i]# 打印源IP和目标IP
[/i][i] [/i]src_ip = packet.getlayer(IP).src
dst_ip = packet.getlayer(IP).dst
packet_size = len(str[i]([/i]packet[i])[/i])
if raw_layer is not None:
request = str(raw_layer.load)
[i] [/i]result = (request.strip[i]()[/i])
time.sleep(1)
if result is not None:
print(f"request:{request.strip[i]()[/i]}", flush=True)[i]# 打印
[/i][i]
[/i][i] # 使用正则表达式匹配b'...'的内容
[/i][i] [/i]pattern = r"b'(.*?)'"
match = re.search(pattern, request)
if match:
cookie_string = match.group(1).strip()
print("提取的b'...'后面的内容:", match.group[i]([/i]1[i])[/i])
cookie_match = re.search(r'JSESSIONID=(.*?)\\r\\n\\r\\nsearch_page_size=', cookie_string)
if cookie_match:
session_id = cookie_match.group(1)
print(f'JSESSIONID={session_id}')
if session_id!="" or session_id is not None:
print(f"返回:{session_id}")
[i]# return session_id
[/i][i] [/i]else:
print("No match found.")
else:
print("没有找到匹配的b'...'内容。")
[i]# 将字符串转换为字节对象
[/i][i] [/i]request_bytes = request.encode('gb2312')
[i]# 使用 codecs 库解码字节对象
[/i][i] [/i]decoded_data = codecs.decode(request_bytes, 'gb2312')
[i]# 计算发送和接收的数据包大小
[/i][i] [/i]send_size = len(request)
if 'GET' in request or 'POST' in request:
self.packet_count += 1
print(f"******GET or POST*====={self.packet_count}=====*****")
print(f"Packet {self.packet_count}:")
[i]
[/i][i] [/i]result = (request)
print(f"HTTP Payload: ") [i]# 打印
[/i][i] [/i]time.sleep(1)
if result is not None:
print(f"request:{request.strip[i]()[/i]}", flush=True) [i]# 打印
[/i][i]
[/i][i] # 使用正则表达式匹配b'...'的内容
[/i][i] [/i]pattern = r"b'(.*?)'"
match = re.search(pattern, request)
if match:
print("提取的b'...'后面的内容:", match.group[i]([/i]1[i])[/i])
else:
print("没有找到匹配的b'...'内容。")
print(f"Source IP: {src_ip}")
print(f"Destination IP: {dst_ip}")
print(f"Send Size: {send_size} bytes")
print(f"Packet Size: {packet_size}")
print(f"*****{self.packet_count}**END****")
print()
if __name__ == '__main__':
[i]# 创建PacketSniffer实例并指定接口和过滤器表达式
[/i][i] [/i]print(f"先登录,然后进入,点击搜索")
print(f"生成内容中有cookie,需要哪个浏览器就按上述步骤,拷贝cookie到global_data")
print(f"")
filter_expr = 'tcp and port 8004'
sniffer = PacketSniffer(r"本地连接", filter_expr) [i]# 使用eth0='本地连接'接口进行抓包,并过滤HTTP协议数据包
[/i][i]
[/i][i] # 开始抓包并解析数据包,获取每次登陆后的cookie,存到全局变量global_cookie,手动更新到info中的Cookie
[/i][i] [/i]sniffer.start_sniffing()
[i]# MA待处理清单获取之后显示,现在的显示暂时无法获取数据,乱码,需要改进
[/i][i] [/i]sniffer.list_start_sniffing() | 
发表于 2024-3-15 08:37
|
发表于 2024-3-15 11:13
