如何在python中嗅探HTTP数据包?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15906308/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to sniff HTTP packets in python?
提问by Aviv
I want to sniff all the HTTP packets in my computer via python(version2.6.. is this possible? can I do it with scapy, or without other external modules?
我想通过 python 嗅探计算机中的所有 HTTP 数据包(版本 2.6 .. 这可能吗?我可以用 scapy 来做,还是不用其他外部模块?
回答by Dave Hite
Scrapyis only for extracting data from webpages or similar structured documents.
Scrapy仅用于从网页或类似结构化文档中提取数据。
To actually read the packets coming from the NIC your best performance option would probably be to use a C/C++ API that has python bindings.
要实际读取来自 NIC 的数据包,您的最佳性能选项可能是使用具有 python 绑定的 C/C++ API。
For example WireShark has a Python API.
例如 WireShark 有一个Python API。
Pcapyis a module for packet capture using libpcap.
Pcapy是一个使用 libpcap 进行数据包捕获的模块。
LibPCAPis the packet capture library written for TCPDUMP and also used in WireShark.
LibPCAP是为 TCPDUMP 编写的数据包捕获库,也用于 WireShark。
Another option is to try the dpkt python module. Here is a nice write up. Here's an exampleusing using dpkt and pcap to sniff HTTP packets.
另一种选择是尝试 dpkt python 模块。这里是一个很好的写了。下面是一个使用 dpkt 和 pcap 来嗅探 HTTP 数据包的示例。
EDIT: oops, I misread scapy. Thanks root!
编辑:哎呀,我误读了 scapy。感谢根!
As you mentioned, Scapyis another python module that also uses LibPCAP. This documentationhas an example of sniffing.
正如您提到的,Scapy是另一个也使用 LibPCAP 的 Python 模块。本文档有一个嗅探示例。
If you are having trouble running on Python 2.7 check out this post.
如果您在 Python 2.7 上运行时遇到问题,请查看这篇文章。
回答by pigletfly
pypcap,https://code.google.com/p/pypcap/simplified object-oriented Python extension module for libpcap - the current tcpdump.org version, the legacy version shipping with some of the BSD operating systems, and the WinPcap port for Windows.This is a Windows version.And if you are using #nix,just install pcapand dpktmodule.
pypcap, https://code.google.com/p/pypcap/libpcap 的简化面向对象 Python 扩展模块 - 当前 tcpdump.org 版本,一些 BSD 操作系统附带的旧版本,以及 WinPcap 端口Windows。这是一个 Windows 版本。如果您使用的是#nix,只需安装pcap和dpkt模块。
回答by u4751247
https://github.com/KimiNewt/pyshark
https://github.com/KimiNewt/pyshark
Python wrapper for tshark
Python 包装器 tshark
Usage:
用法:
>>> capture = pyshark.LiveCapture(interface='eth0')
>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (5 packets)>
>>> capture[3]
<UDP/HTTP Packet>
for packet in capture.sniff_continuously(packet_count=5):
print 'Just arrived:', packet
回答by Cukic0d
FTR, Scapy will support HTTP packets starting from 2.4.3: https://scapy.readthedocs.io/en/latest/layers/http.html
FTR,Scapy 从 2.4.3 开始支持 HTTP 数据包:https://scapy.readthedocs.io/en/latest/layers/http.html
>>> HTTPRequest().show()
###[ HTTP Request ]###
Method= 'GET'
Path= '/'
Http_Version= 'HTTP/1.1'
A_IM= None
Accept= None
Accept_Charset= None
Accept_Datetime= None
Accept_Encoding= None
[...]
Sniff demo:
嗅探演示:
from scapy.layers.http import * # read the doc
from scapy.sendrecv import sniff
sniff(lfilter=lambda x: HTTP in x, prn=lambda x: x.summary())
