Easiest way to parse captured pcap file in python Get link Facebook X Pinterest Email Other Apps Easiest way to parse captured pcap file in python #!/usr/bin/env python import dpkt import sys import socket import urlparse captured_pcap = file("captured.pcap", 'rb') fpcap = dpkt.pcap.Reader(captured_pcap) url_request = [] for ts,buf in fpcap: eth = dpkt.ethernet.Ethernet(buf) ip = eth.data tcp = ip.data try: ip_src = socket.inet_ntoa(ip.src) # converting into human readable format ip_dst = socket.inet_ntoa(ip.dst) except: continue ip_dst = ip_dst.strip() if (tcp.dport == 80 or tcp.dport == 443) and len(tcp.data) > 0 : #and (ip_dst == '74.125.236.181' or ip_dst == '74.125.236.182'): try: http = dpkt.http.Request(tcp.data) uri = http.uri print uri parsed = urlparse.urlparse(uri) dict_url = urlparse.parse_qs(parsed.query) #print set(dict_url) url_request.append(dict_url) except: continue print '*'*127 print '\n Splitting URI in to dictionary \n' print '*'*127 for uri in url_request: if len(uri) > 1: print uri captured_pcap.close() Comments
Comments
Post a Comment