A-A+

Thread 多线程 scapy AsyncSniffer 处理流量

2023年01月10日 13:41 汪洋大海 暂无评论 共3905字 (阅读34 views次)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
from scapy.all import *
from scapy.layers.http import *
from scapy.layers.dns import *
 
import time
from time import sleep
from threading import Thread
from queue import Queue
 
# Intialization of global variables
 
packet_num = 0
username = ''
password = ''
start_time = time.time()
 
# This module utilizes a scapy utility to captures packet on specified network interface. 
# On class intialization run funciton starts async scapy function "AsyncSniffer" in a new thread a captures communication on ports 80, 53 and 21.
# In order to pass captured packets into the gui module and the recorder module, two queues(graphicalQueue and fileQueue) are filled.
 
class Sniffer(Thread):
 
    def __init__(self, graphicalQueue: Queue, fileQueue: Queue, interface):
     super().__init__()
     self.gq = graphicalQueue
     self.fq = fileQueue
     self.pauseFlag = False
     self.stopFlag = False
 
     self.interface = interface
 
    def run(self):
        print("Spousteni Snifferu... ")
        self.sniff_packet(self.interface)
        print("Ukonceni Snifferu...")
 
    def sniff_packet(self,iface=None):
        global packet_num
        packet_num =0
        data = None
 
        if iface:
          data = AsyncSniffer(filter="port 80 or port 21 or port 53",prn=self.process_packet, iface=iface, store=False)
 
        else:
          data = AsyncSniffer(filter="port 80 or port 21 or port 53",prn=self.process_packet, store=False)
 
        data.start()
 
        while not self.stopFlag:
            if self.pauseFlag:
                sleep(0.05)
                data.stop()
                break
 
 
    def process_packet(self,packet):
 
        timestmap = time.time() - start_time
        timestmap = int(timestmap * 1000)/1000.0
        packet_len = len(packet)
 
        dst_ip = packet[IP].dst
        src_ip = packet[IP].src
 
        dst_port = packet.dport
        src_port = packet.sport
 
        protocol = ''
        payload = ''
 
        if packet.haslayer(TCP) or packet.haslayer(UDP):
            global packet_num
            credentials = ''
        if packet.haslayer(TCP):
 
 
            if packet.haslayer(HTTP):
                protocol = "HTTP"
                if packet.haslayer(HTTPRequest):
                    url = packet[HTTPRequest].Host.decode() + packet[HTTPRequest].Path.decode()
                    packet_num +=1
                #     # get the requester's IP Address
                #     # get the request method
                    method = packet[HTTPRequest].Method.decode()
                    version = packet[HTTPRequest].Http_Version.decode()
                    payload = method+" "+url+" "+version
 
                    if packet.haslayer(Raw) and method == "POST":
                        postedData = str(packet[Raw].load)
                        keywords = ["login", "password", "username", "user", "pass"]
                        for keyword in keywords:
                            if keyword in postedData:
                                credentials = "&".join(postedData.split("&",2)[:2])
                            payload+=postedData
                    self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials])
                    self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials])
 
                elif packet.haslayer(HTTPResponse):
                    code = packet[HTTPResponse].Status_Code.decode()
                    reason_phrase = packet[HTTPResponse].Reason_Phrase.decode()
                    version = packet[HTTPResponse].Http_Version.decode()
                    packet_num +=1
                    payload = code+" "+reason_phrase+" "+version 
                    self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials])
                    self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials])
 
            if (dst_port == 21 or src_port == 21) and (packet.haslayer(Raw)):
                packet_num +=1
                protocol = "FTP"
                payload= str(packet[Raw].load)
                global username, password
 
                if 'USER' in payload:
                    username = payload.split('USER ')[1].strip().replace("\\r\\n'","")
                elif 'PASS' in payload:
                    password = payload.split('PASS ')[1].strip().replace("\\r\\n'","")
                else:
                    if '230' in payload:
                        credentials = username+"&"+password
                        username = ''
                        password = ''
 
                self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials])
                self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials])
 
        if packet.haslayer(UDP):    
            if packet.haslayer(DNS):
                packet_num +=1
                protocol = "DNS"
 
                if packet.haslayer(DNSQR):
                    payload = "Standard query " + str(dnstypes[packet[DNSQR].qtype])+ " " + str(packet[DNSQR].qname)
 
                if packet.haslayer(DNSRR):
                    payload = "Standard response " + str(dnstypes[packet[DNSRR].type]) + " " + str(packet[DNSRR].rrname)+ " " + str(packet[DNSRR].rdata)
 
            self.gq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,credentials])
            self.fq.put([packet_num,timestmap,src_ip,dst_ip,protocol,packet_len,payload,packet_num,credentials])
            sleep(0.012)

文章来源:https://github.com/JakubP1/Packet_sniffer/blob/b4565f5b1f4c2502612a44aac98d9ec9b5df0e06/sniffer.py#L23

布施恩德可便相知重

微信扫一扫打赏

支付宝扫一扫打赏

×

给我留言