def test_from_datasources():
packets_1 = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
HTTP() /
HTTPRequest(Method="GET", Path="/foo", Host="https://google.com")
]
packets_2 = [
# HTTP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
HTTP() /
HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"),
# DNS Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) /
DNS(rd=1,
qd=DNSQR(qtype="A", qname="google.com"),
an=DNSRR(rdata="123.0.0.1")),
# TCP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355),
]
nx = NetworkX.from_datasources([
packets_to_datasource_events(packets)
for packets in [packets_1, packets_2]
])
# Make the graph
nx.graph()
assert not nx.is_empty()
def listen(self):
"""Poll the socket for requests, process them and send a response accordingly."""
req = self.s.recv(1024)
if req:
http_req = HTTPRequest(req)
self.process_request(http_req)
while True:
req = self.s.recv(1024)
if req:
http_req = HTTPRequest(req)
self.process_request(http_req)
if self.s.rtcp.end_event.is_set():
self.s.listen()
self.s.accept()
def deconstruct_packet(packet):
# print(packet)
packet = HTTPRequest(packet)
message = packet[HTTPRequest].Referer
message = unicode_to_binary(message)
message = binary_deconverter(message)
return message
def HTTP_ntlm_negotiate(ntlm_negotiate):
"""Create an HTTP NTLM negotiate packet from an NTLM_NEGOTIATE message"""
assert isinstance(ntlm_negotiate, NTLM_NEGOTIATE)
from scapy.layers.http import HTTP, HTTPRequest
return HTTP() / HTTPRequest(
Authorization=b"NTLM " + bytes_base64(bytes(ntlm_negotiate))
)
def send(self, op_type, version, **kwargs):
"""
Method to send and receive ipp request
"""
if len(kwargs) <= 0:
if op_type == "Get-Jobs":
kwargs = get_jobs(self.host)
else:
print(f"No default templates is available for {op_type} !!!")
sys.exit()
self.form_ipp_packet(op_type=op_type, version=version, **kwargs)
InternetPrintingProtocol.add_fields(self.ipp_field)
IPP_HTTP_REQUESTS['Content_Length'] = bytes(
str(len(InternetPrintingProtocol())), "utf-8")
IPP_HTTP_REQUESTS['Host'] = bytes(f"{self.host}:{self.port}", "utf-8")
IPP_HTTP_REQUESTS['Path'] = bytes(self.path, "utf-8")
ipp_request = HTTP() / HTTPRequest(
**IPP_HTTP_REQUESTS) / InternetPrintingProtocol()
self.my_stream.sr(ipp_request, timeout=5, verbose=0)
return InternetPrintingProtocol().get_results()
def create_get_request(host, path):
get_req = HTTP() / HTTPRequest(Accept_Encoding=b'gzip, deflate',
Cache_Control=b'no-cache',
Connection=b'keep-alive',
Host=host.encode(),
Path=path.encode(),
Pragma=b'no-cache')
return get_req
def create_post_request(host, path, data, content_type):
post_req = HTTP() / HTTPRequest(
Method=b'POST',
Path=path.encode(),
Host=host.encode(),
Connection=b'keep-alive',
Content_Length=str(len(data)).encode(),
Content_Type=content_type.encode()) / data
return post_req
def construct_packet(addr, input):
if input == None:
return
r_input = binary_converter(input)
if r_input == None:
return
r_input = binary_to_unicode(r_input)
if r_input == None:
return
packet = IP(dst=addr[0]) / HTTP() / HTTPRequest(Referer=r_input)
return bytes(packet)
def scapy_packet(addr, input):
if input == None:
return None
r_input = binary_converter(input)
if r_input == None:
return None
# print(r_input)
r_input = binary_to_unicode(r_input)
if r_input == None:
return None
# print(r_input)
packet = IP(dst=addr[0]) / HTTP() / HTTPRequest(Referer=r_input)
return packet
def check_protocol_on_port(_socket) -> str:
try:
_socket.send(HTTPRequest().build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if HTTPResponse(_pkt=pkt_response).Status_Code != 0:
return 'http'
except:
pass
try:
_socket.send('HELO'.encode())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
data = pkt_response.decode()
int(data[:3])
return 'smtp'
except:
pass
try:
_socket.send('USER mrose'.encode())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
data = pkt_response.decode()
if any(['+OK' in data, '-ERR' in data]):
return 'pop3'
except:
pass
try:
_socket.send(DNS(qr=0, qd=DNSQR()).build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if DNS(_pkt=pkt_response).qr == 1:
return 'dns'
except:
pass
try:
_socket.send(NTPHeader().build())
pkt_response = _socket.recv(BYTES_BUFFER_SIZE)
if NTPHeader(_pkt=pkt_response).recv != 0:
return 'ntp'
except:
pass
return ''
def cons_HTTP():
print("in ", cons_HTTP.__name__, " #######")
load_layer("http")
req = HTTP()/HTTPRequest(
Host=b'www.baidu.com',
User_Agent=b'curl/7.64.1',
Accept=b'*/*'
)
a = TCP_client.tcplink(HTTP, "www.baidu.com", 80)
answser = a.sr1(req, retry=3, timeout=1) ###maybe MISS response
a.close()
if answser is not None:
print(answser.load)
print()
print()
def main():
parser = ArgumentParser()
parser.add_argument('--content-type',
default='application/cbor',
help='The request content-type header')
parser.add_argument(
'--infile',
default='-',
help='The diagnostic text input file, or "-" for stdin')
parser.add_argument('--outfile',
default='-',
help='The PCAP output file, or "-" for stdout')
parser.add_argument('--intype',
default='cbordiag',
choices=['cbordiag', 'raw'],
help='The input data type.')
args = parser.parse_args()
# First get the CBOR data itself
infile_name = args.infile.strip()
if infile_name != '-':
infile = open(infile_name, 'rb')
else:
infile = sys.stdin.buffer
if args.intype == 'raw':
cbordata = infile.read()
elif args.intype == 'cbordiag':
cbordata = check_output('diag2cbor.rb', stdin=infile)
# Now synthesize an HTTP request with that body
req = HTTPRequest(
Method='POST',
Host='example.com',
User_Agent='scapy',
Content_Type=args.content_type,
Content_Length=str(len(cbordata)),
) / Raw(cbordata)
# Write the request directly into pcap
outfile_name = args.outfile.strip()
if outfile_name != '-':
outfile = open(outfile_name, 'wb')
else:
outfile = sys.stdout.buffer
pkt = Ether() / IP() / TCP() / HTTP() / req
wrpcap(outfile, pkt)
def test_multiple_packets():
packets = [
# HTTP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
HTTP() /
HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"),
# DNS Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) /
DNS(rd=1,
qd=DNSQR(qtype="A", qname="google.com"),
an=DNSRR(rdata="123.0.0.1")),
# TCP Packet
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355),
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 3
assert [e["event_type"] for e in events] == ["HTTPRequest", "DNS", "TCP"]
def test_single_http_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
HTTP() /
HTTPRequest(Method="GET", Path="/foo", Host="https://google.com")
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 12345
assert events[0]["dport"] == 80
assert events[0]["http_method"] == "GET"
assert events[0]["uri"] == "/foo"
assert events[0]["http_dest"] == "https://google.com"
assert events[0]["event_type"] == "HTTPRequest"
from scapy.all import *
from scapy.layers.http import HTTPRequest
from colorama import init, Fore
ip = input("insert target ip: ")
pkt = IP(dst=ip) / HTTPRequest()
try:
while True:
sendp(pkt)
except:
print("\nexit")
package_rosparam_get_rosdistro = (
IP(version=4, ihl=5, tos=0, flags=2, dst="12.0.0.2")
/ TCP(
sport=20000,
dport=11311,
seq=1,
flags="PA",
ack=1,
)
/ TCPROS()
/ HTTP()
/ HTTPRequest(
Accept_Encoding=b"gzip",
Content_Length=b"227",
Content_Type=b"text/xml",
Host=b"12.0.0.2:11311",
User_Agent=b"xmlrpclib.py/1.0.1 (by www.pythonware.com)",
Method=b"POST",
Path=b"/RPC2",
Http_Version=b"HTTP/1.1",
)
/ XMLRPC()
/ XMLRPCCall(
version=b"<?xml version='1.0'?>\n",
methodcall_opentag=b"<methodCall>\n",
methodname_opentag=b"<methodName>",
methodname=b"getParam",
methodname_closetag=b"</methodName>\n",
params_opentag=b"<params>\n",
params=b"<param>\n<value><string>/rosparam-92418</string></value>\n</param>\n<param>\n<value><string>/rosdistro</string></value>\n</param>\n",
params_closetag=b"</params>\n",
methodcall_closetag=b"</methodCall>\n",
from scapy import *
from scapy.layers.http import HTTPRequest,HTTPResponse,HTTP,http_request
from scapy.all import load_layer
from scapy.all import sr1,IP,ICMP,TCPSession,sr,srp,srp1,send,sendp,sendpfast,RandShort
from scapy.layers.inet import TCP_client,TCP,Ether,UDP
ans,unans = sr(IP(dst="8.8.8.8")/TCP(dport=[80,443],flags="S"),timeout=1)
p=sr1(IP(dst='8.8.8.8')/ICMP())
if p:
p.show()
dir(scapy.layers.http)
HTTPRequest().show()
HTTPResponse().show()
load_layer("http")
req = HTTP()/HTTPRequest(
Accept_Encoding=b'gzip, deflate',
Cache_Control=b'no-cache',
Connection=b'keep-alive',
Host=b'www.secdev.org',
Pragma=b'no-cache'
)
a = TCP_client.tcplink(HTTP, "secdev.org", 80)
answser = a.sr1(req,timeout=3)
a.close()
with open("www.secdev.org.html", "wb") as file: