def foo(in_filename, out_filename): # open the input file for reading f = PcapReader(in_filename) # open the output file for writing o = PcapWriter(out_filename) # read the first packet from the input file p = f.read_packet() # while we haven't processed the last packet while p: layer = p.firstlayer() while not isinstance(layer, NoPayload): if (type(layer) is IPv6): new_layer = IP() del new_layer.ihl new_layer.ttl = layer.hlim new_layer.proto = layer.nh new_layer.src = ".".join(map(str, six2four(layer.src))) new_layer.dst = ".".join(map(str, six2four(layer.dst))) new_layer.add_payload(layer.payload) prev_layer = layer.underlayer del layer prev_layer.remove_payload() prev_layer.add_payload(new_layer) if type(prev_layer) is Ether: prev_layer.type = ETH_P_IP layer = new_layer if layer.default_fields.has_key('chksum'): del layer.chksum if layer.default_fields.has_key('len'): del layer.len # advance to the next layer layer = layer.payload # write the packet we just dissected into the output file o.write(p) # read the next packet p = f.read_packet() # close the input file f.close() # close the output file o.close()
def run(self, args): self.sniff_sess = None filepath = None if self.client.is_windows(): from modules.lib.windows.winpcap import init_winpcap init_winpcap(self.client) pktwriter = None if args.save_pcap: config = self.client.pupsrv.config filepath = config.get_file('pcaps', {'%c': self.client.short_name()}) pktwriter = PcapWriter(filepath, append=True, sync=True) tcpdump = self.client.remote('tcpdump', 'run', False) self.wait.clear() try: name, self.terminate = tcpdump(self.printer(pcap_writer=pktwriter), self.on_error, args.iface, args.bpf, args.timeout, count=args.count) self.success(u'Scapy tcpdump on "{}" - started'.format(name)) self.wait.wait() self.success(u'Scapy tcpdump on "{}" - completed'.format(name)) if filepath: self.info('Pcap stored to: {}'.format(filepath)) except Exception, e: self.wait.set() self.error('Error: ' + ' '.join(x for x in e.args if type(x) in (str, unicode)))
def __init__(self, pcap_filename, *arg, **kw): self.pcapwriter = PcapWriter(pcap_filename, *arg, **kw)
def setup_packet_save(filename): """Sets up a global object that is used to save the files to a .pcap file""" global pktdump pktdump = PcapWriter(filename + '.pcap', append=False, sync=True)
#!/usr/bin/python3 try: from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP except ModuleNotFoundError as err: print(err + ": Scapy") import sys path = str(sys.argv[1]) + "/pcap/fuzzy.pcap" pktdump = PcapWriter(path, append=False, sync=True) for i in range(0, 2000): # Generate random protocol bases, use a fuzz() over the combined packet # for full fuzzing. eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() ipv4 = IP(src=RandIP(), dst=RandIP()) ipv6 = IPv6(src=RandIP6(), dst=RandIP6()) udp = UDP(dport=RandShort(), sport=RandShort()) tcp = TCP(dport=RandShort(), sport=RandShort()) # IPv4 packets with fuzzing pktdump.write(fuzz(eth / ipv4 / udp)) pktdump.write(fuzz(eth / ipv4 / tcp)) pktdump.write(fuzz(eth / vlan / ipv4 / udp)) pktdump.write(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pktdump.write(fuzz(eth / ipv6 / udp)) pktdump.write(fuzz(eth / ipv6 / tcp))
def packets_to_datasource_events(packets: List[Packet]) -> PCAP: f = BytesIO() PcapWriter(f).write(packets) f.seek(0) return PCAP(f) # type: ignore
def handle(self, input, interface=None, count=0, timeout=None, filter=None, regex=None, xregex=None, monitor=False, pcap=False, debug=False): self.debug = debug # Compile expressions if regex: self.regex = [ re.compile(r.encode(), re.DOTALL | re.MULTILINE) for r in list(regex) ] if xregex: self.xregex = [ re.compile(x.encode(), re.DOTALL | re.MULTILINE) for x in list(xregex) ] # Output pcap to infinitely iterable file with IterWriter() as output: if pcap: self.pcap = PcapWriter(output, sync=True) # Configure sniffer and produce sniffer stream try: stream = AsyncSniffer( started_callback=lambda: self.log.info( "Sniffing interface(s): %s...", interface or conf.iface ), iface=interface or conf.iface, count=count, timeout=timeout, filter=filter, lfilter=self._lfilter, prn=self._prn, store=False, monitor=monitor, ) # Start sniffer stream stream.start() # Output pcap data if pcap: for data in output: yield data if not stream.running and not output.closed: output.close() # Wait for stream to complete stream.join() except Scapy_Exception as e: self.log.error(e)
def anonymize_file(input_file: str, output_file: str) -> None: logger = logging.getLogger(inspect.stack()[0][3]) with PcapReader(input_file) as reader: writer = PcapWriter(output_file, sync=True) ssid_number = 0 address_hash = {} ssid_hash = {} for frame in reader: if frame.haslayer(Dot11): frame_fcs = frame.fcs logger.info("frame_fcs: %s", hex(frame_fcs)) # raw_fcs = struct.unpack("I", bytes(frame.payload)[-4:])[0] # matches frame.fcs crc_bytes = struct.pack( "I", zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF) crc_int = int.from_bytes(crc_bytes, byteorder="little") logger.info("crc_int: %s", hex(crc_int)) fcs_match = frame_fcs == crc_int logger.info("fcs_match: %s", fcs_match) # anonymize mac addresses frame[Dot11].addr1 = anonymize_mac(frame.addr1, address_hash) frame[Dot11].addr2 = anonymize_mac(frame.addr2, address_hash) frame[Dot11].addr3 = anonymize_mac(frame.addr3, address_hash) # anonymize SSID and address fields (this code seems problematic in py3) if args.skip: logger.info("skipping anonymizing SSID: %s", args.skip) else: dot11elt = frame.getlayer(Dot11Elt) while dot11elt: logger.info("ie: %s", dot11elt.ID) if dot11elt.ID == 0: ssid = anonymize_ssid(dot11elt.info, ssid_number, ssid_hash) dot11elt.len = len(ssid) dot11elt.info = ssid dot11elt = dot11elt.payload.getlayer(Dot11Elt) if fcs_match: # if fcs and crc originally matched, recompute new valid fcs: fcs = struct.pack( "I", zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF) else: # otherwise throw garbage in the fcs which will not validate fcs = b"\x00\x00\x00\x00" logger.info("new fcs: %s", hex(int.from_bytes(fcs, byteorder="little"))) # write anonymized packet writer.write(RadioTap(bytes(frame)[:-4] + fcs)) logger.info("done")
def _log_packets(self, file_path, client_mac): cap_writer = PcapWriter(file_path, append=True, sync=True) for packet in self.wpa_handshakes[client_mac]['packets']: cap_writer.write(packet) self.wpa_handshakes[client_mac]['logged'] = True
if netstatResult not in ([], ['0', '-']): with open( additoinsDir + str(p.time).split('.')[0] + '-' + sport + '-' + dport + '.yml', 'w') as yamlFile: pInfo = {'uid': int(netstatResult[0])} if len(netstatResult) > 2: pInfo.update({ 'pid': int(netstatResult[1]), 'comm': netstatResult[2], 'cmd': ' '.join(netstatResult[3:]) }) yaml.dump(pInfo, yamlFile) if os.system('ip > /dev/null 2>&1') == 32512: print('ip Not Found. Please install iproute2!') exit() if os.system('ip a s ' + args.interface + ' > /dev/null 2>&1') == 256: print('iface ' + args.interface + ' Not Found. Please check the arguments!') exit() if os.system('netstat > /dev/null 2>&1') == 32512: print('netstat Not Found. Please install net-tools!') exit() pDump = PcapWriter(workDir + 'package.pcap', append=True, sync=True) sniff(iface=args.interface, prn=lambda p: threading.Thread(target=process_sniffed_packet, args=(p, )) .start())