A-A+
Thread 多线程 scapy AsyncSniffer 处理流量
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 | from scapy.all import * from scapy.layers.http import * from scapy.layers.dns import * import time from time import sleep from threading import Thread from queue import Queue # Intialization of global variables packet_num = 0 username = '' password = '' start_time = time.time() # This module utilizes a scapy utility to captures packet on specified network interface. # On class intialization run funciton starts async scapy function "AsyncSniffer" in a new thread a captures communication on ports 80, 53 and 21. # In order to pass captured packets into the gui module and the recorder module, two queues(graphicalQueue and fileQueue) are filled. class Sniffer(Thread): def __init__(self, graphicalQueue: Queue, fileQueue: Queue, interface): super().__init__() self.gq = graphicalQueue self.fq = fileQueue self.pauseFlag = False self.stopFlag = False self.interface = interface def run(self): print("Spousteni Snifferu... ") self.sniff_packet(self.interface) print("Ukonceni Snifferu...") def sniff_packet(self,iface=None): global packet_num packet_num =0 data = None if iface: data = AsyncSniffer(filter="port 80 or port 21 or port 53",prn=self.process_packet, iface=iface, store=False) else: data = AsyncSniffer(filter="port 80 or port 21 or port 53",prn=self.process_packet, store=False) data.start() while not self.stopFlag: if self.pauseFlag: sleep(0.05) data.stop() break def process_packet(self,packet): timestmap = time.time() - start_time timestmap = int(timestmap * 1000)/1000.0 packet_len = len(packet) dst_ip = packet[IP].dst src_ip = packet[IP].src dst_port = packet.dport src_port = packet.sport protocol = '' payload = '' if packet.haslayer(TCP) or packet.haslayer(UDP): global packet_num credentials = '' if packet.haslayer(TCP): if packet.haslayer(HTTP): protocol = "HTTP" if packet.haslayer(HTTPRequest): url = packet[HTTPRequest].Host.decode() + packet[HTTPRequest].Path.decode() packet_num +=1 # # get the requester's IP Address # # get the request method method = packet[HTTPRequest].Method.decode() version = packet[HTTPRequest].Http_Version.decode() payload = method+" "+url+" "+version if packet.haslayer(Raw) and method == "POST": postedData = str(packet[Raw].load) keywords = ["login", "password", "username", "user", "pass"] for keyword in keywords: if keyword in postedData: credentials = "&".join(postedData.split("&",2)[:2]) payload+=postedData self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials]) self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials]) elif packet.haslayer(HTTPResponse): code = packet[HTTPResponse].Status_Code.decode() reason_phrase = packet[HTTPResponse].Reason_Phrase.decode() version = packet[HTTPResponse].Http_Version.decode() packet_num +=1 payload = code+" "+reason_phrase+" "+version self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials]) self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials]) if (dst_port == 21 or src_port == 21) and (packet.haslayer(Raw)): packet_num +=1 protocol = "FTP" payload= str(packet[Raw].load) global username, password if 'USER' in payload: username = payload.split('USER ')[1].strip().replace("\\r\\n'","") elif 'PASS' in payload: password = payload.split('PASS ')[1].strip().replace("\\r\\n'","") else: if '230' in payload: credentials = username+"&"+password username = '' password = '' self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials]) self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials]) if packet.haslayer(UDP): if packet.haslayer(DNS): packet_num +=1 protocol = "DNS" if packet.haslayer(DNSQR): payload = "Standard query " + str(dnstypes[packet[DNSQR].qtype])+ " " + str(packet[DNSQR].qname) if packet.haslayer(DNSRR): payload = "Standard response " + str(dnstypes[packet[DNSRR].type]) + " " + str(packet[DNSRR].rrname)+ " " + str(packet[DNSRR].rdata) self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials]) self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials]) sleep(0.012) |
文章来源:https://github.com/JakubP1/Packet_sniffer/blob/b4565f5b1f4c2502612a44aac98d9ec9b5df0e06/sniffer.py#L23
布施恩德可便相知重
微信扫一扫打赏
支付宝扫一扫打赏