Scapy基础学习之二
来源:互联网 发布:淘宝有卖纯种圣伯纳犬 编辑:程序博客网 时间:2024/06/10 10:20
TCP路由跟踪测试
#!/usr/bin/python# -*- coding: utf-8 -*-"""A TCP traceroute author:walfred date:2014/10/14 TCP路由跟踪"""from scapy.all import *ans,unans=sr(IP(dst="www.google.com",ttl=(2,25),id=RandShort())/TCP(flags=0x2))for snd,rcv in ans: print snd.ttl,rcv.src,isinstance(rcv.payload,TCP)执行结果如下:
walfred@walfred-VirtualBox:~/wmw/scapy/test$ sudo python TCP_tracerout.py Begin emission:..**********..***********Finished to send 24 packets.***Received 28 packets, got 24 answers, remaining 0 packets2 192.168.115.188 True3 192.168.115.188 True4 192.168.115.188 True5 192.168.115.188 True6 192.168.115.188 True7 192.168.115.188 True8 192.168.115.188 True9 192.168.115.188 True10 192.168.115.188 True11 192.168.115.188 True12 192.168.115.188 True13 192.168.115.188 True14 192.168.115.188 True15 192.168.115.188 True16 192.168.115.188 True17 192.168.115.188 True18 192.168.115.188 True19 192.168.115.188 True20 192.168.115.188 True21 192.168.115.188 True22 192.168.115.188 True23 192.168.115.188 True24 192.168.115.188 True25 192.168.115.188 True
super sockets
scapy使用了libdnet和libpcap库创建了super-socket功能,方便提供内核arp缓存和route表查找操作、提供网络防火墙、原始IP包和以太网传输。用户可以方便选择IO层,在第二层中使用PF_INET/SOCK_RAW或者PF_PACKET(比如修改自己的mac地址,LL头数据字段等)。使用这个的方式也很简单,只需要做响应的配置工作即可:
>>> conf.use_pcap=True>>> conf.use_dnet=True
>>> conf.L3socket=L3dnetSocket>>> conf.L3listen=L3pcapListenSocket注;如果系统中没有这两个包,需要自己下载安装
捕获(sniffing)
#!/usr/bin/python""" sniffer author:walfred date:2014/10/14"""from scapy.all import *#sniff(filter="icmp",count=2)#a=_#a.nsummary()#a[1]#sniff(iface="eth0",prn=lambda x:x.summary())#sniff(iface="eth0",prn=lambda x:x.show())pkts = sniff(prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{Raw:%Raw.load%\n}"))
执行结果如下:
192.168.115.78 -> 224.0.0.252192.168.115.178 -> 37.48.93.218199.27.79.209 -> 192.168.115.198'HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: text/plain\r\nLast-Modified: Wed, 30 Mar 2011 05:55:46 GMT\r\nETag: "4d92c5e2-28"\r\nVia: 1.1 varnish\r\nContent-Length: 40\r\nAccept-Ranges: bytes\r\nDate: Tue, 14 Oct 2014 06:49:20 GMT\r\nVia: 1.1 varnish\r\nAge: 3926503\r\nConnection: keep-alive\r\nX-Served-By: cache-iad2124-IAD, cache-lax1434-LAX\r\nX-Cache: HIT, HIT\r\nX-Cache-Hits: 1, 1\r\nX-Timer: S1413269360.510112,VS0,VE0\r\n\r\nd0b6dc32d9d9f48a6d702271b8f25c0da6a823fb'
过滤(filters)
>>> filter_p = sniff(filter="tcp",prn=lambda x: x.sprintf("%IP.src%:%TCP.sport% -> %IP.dst%:%TCP.dport% %2s,TCP.flags% : %TCP.payload%"))192.168.115.178:?? -> 61.160.98.89:?? ?? : ??61.160.98.89:?? -> 192.168.115.178:?? ?? : ??192.168.115.198:41533 -> 173.194.72.82:http S : 192.168.115.198:41534 -> 173.194.72.82:http S : 192.168.115.198:41535 -> 173.194.72.82:http S : 192.168.115.198:41536 -> 173.194.72.82:http S : 192.168.115.198:41537 -> 173.194.72.82:http S : 192.168.115.198:41533 -> 173.194.72.82:http S : 192.168.115.198:41534 -> 173.194.72.82:http S : 192.168.115.198:41535 -> 173.194.72.82:http S : 192.168.115.198:41536 -> 173.194.72.82:http S : 192.168.115.198:41537 -> 173.194.72.82:http S : 199.27.79.209:http -> 192.168.115.198:58114 FA :
上面有些字符乱码,暂时未解决。。。。
导入导出数据
保存数据
wrpcap("test.cap",<span style="font-family: Arial, Helvetica, sans-serif;">filter_p </span>)
载入数据
pkts = rdpcap("test.cap") 或者 pkts = sniff(offline="temp.cap")
十六进制化数据
hexdump(pkts)
>>> str_p=str(filter_p)>>> str_p"[\x1b[0m<\x1b[0m\x1b[31m\x1b[1mEther\x1b[0m \x1b[34mdst\x1b[0m\x1b[0m=\x1b[0m\x1b[35m00:03:0f:19:6a:49\x1b[0m \x1b[34msrc\x1b[0m\x1b[0m=\x1b[0m\x1b[35m28:d2:44:3d:40:8e\x1b[0m \x1b[34mtype\x1b[0m\x1b[0m=\x1b[0m\x1b[35mIPv4\x1b[0m \x1b[0m|\x1b[0m\x1b[0m<\x1b[0m\x1b[31m\x1b[1mIP\x1b[0m \x1b[34mversion\x1b[0m\x1b[0m=\x1b[0m\x1b[35m4L\x1b[0m \x1b[34mihl\x1b[0m\x1b[0m=\x1b[0m\x1b[35m5L\x1b[0m \x1b[34mtos\x1b[0m\x1b[0m=\x1b[0m\x1b[35m0x0\x1b[0m \x1b[34mlen\x1b[0m\x1b[0m=\x1b[0m\x1b[35m60\x1b[0m \x1b[34mid\x1b[0m\x1b[0m=\x1b[0m\x1b[35m22665\x1b[0m \x1b[34mflags\x1b[0m\x1b[0m=\x1b[0m\x1b[35m\x1b[0m \x1b[34mfrag\x1b[0m\x1b[0m=\x1b[0m\x1b[35m0L\x1b[0m \x1b[34mttl\x1b[0m\x1b[0m=\x1b[0m\x1b[35m64\x1b[0m \x1b[34mproto\x1b[0m\x1b[0m=\x1b[0m 。。。。。。。。。。。。。。。。
base64编码数据包(export_object() 和import_object())
>>> sniff_pkt=filter_p[0]>>> sniff_pkt<Ether dst=00:03:0f:19:6a:49 src=28:d2:44:3d:40:8e type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=60 id=22665 flags= frag=0L ttl=64 proto=icmp chksum=0x4de4 src=192.168.115.178 dst=61.160.98.89 options=[] |<ICMP type=echo-request code=0 chksum=0xb5ec id=0x1 seq=0x976e |<Raw load='abcdefghijklmnopqrstuvwabcdefghi' |>>>>>>> export_object(sniff_pkt)Traceback (most recent call last): File "<console>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/scapy/utils.py", line 421, in export_object print gzip.zlib.compress(cPickle.dumps(obj,2),9).encode("base64")PicklingError: Can't pickle <type 'function'>: attribute lookup __builtin__.function failed>>>出现了该错误,目前还未能解决。。。。。
保存会话
如果在终端执行了许多操作,并且需要保存当前的会话内容以备后来需要,可以使用下面的命令完成:save_session() 和load_session()
>>> dir()['__builtins__', 'conf', 'filter_p', 'pkts', 'sniff_pkt', 'str_p']>>> save_session("2014_session.scapy")Traceback (most recent call last): File "<console>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/scapy/main.py", line 129, in save_session cPickle.dump(to_be_saved, f, pickleProto)PicklingError: Can't pickle <type 'function'>: attribute lookup __builtin__.function failed
scapy的路由
>>> conf.routeNetwork Netmask Gateway Iface Output IP127.0.0.0 255.0.0.0 0.0.0.0 lo 127.0.0.1 0.0.0.0 0.0.0.0 192.168.115.1 eth0 192.168.115.198192.168.115.0 255.255.255.0 0.0.0.0 eth0 192.168.115.198同时可以修改路由表:
>>> conf.route.delt(net="0.0.0.0/0",gw="192.168.115.1")>>> conf.route.add(net="0.0.0.0/0",gw="192.168.115.254")>>> conf.route.add(host="192.168.115.253",gw="192.168.115.1")>>> conf.routeNetwork Netmask Gateway Iface Output IP127.0.0.0 255.0.0.0 0.0.0.0 lo 127.0.0.1 192.168.115.0 255.255.255.0 0.0.0.0 eth0 192.168.115.1980.0.0.0 0.0.0.0 192.168.8.254 lo 0.0.0.0 0.0.0.0 0.0.0.0 192.168.115.254 eth0 192.168.115.198192.168.115.253 255.255.255.255 192.168.115.1 eth0 192.168.115.198>>>使用 resync()可以恢复默认
>>> conf.route.resync()>>> conf.routeNetwork Netmask Gateway Iface Output IP127.0.0.0 255.0.0.0 0.0.0.0 lo 127.0.0.1 0.0.0.0 0.0.0.0 192.168.115.1 eth0 192.168.115.198192.168.115.0 255.255.255.0 0.0.0.0 eth0 192.168.115.198>>>
无线数据包抓包和注入
无线网卡的抓包方法:
sniff(iface="wifi360",prn=lambda x:x.sprintf("{Dot11Beacon:%Dot11.addr3%\t%Dot11Beacon.info%\t%PrismHeader.channel%\tDot11Beacon.cap%}"))
sendp(Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2=RandMAC(),addr3=RandMAC())/ Dot11Beacon(cap="ESS")/ Dot11Elt(ID="SSID",info=RandString(RandNum(1,50)))/ Dot11Elt(ID="Rates",info='\x82\x84\x0b\x16')/ Dot11Elt(ID="DSset",info="\x03")/ Dot11Elt(ID="TIM",info="\x00\x01\x00\x00"),iface="wifi360",loop=1)
0 0
- Scapy基础学习之二
- Scapy基础学习之二
- Scapy学习笔记二
- Scapy基础学习之一
- Scapy基础学习之一
- scapy学习笔记(二)
- Python中的Scapy初探之二
- 【小镇的技术天梯】Scapy学习日记(二)
- 【小镇的技术之路】Scapy学习日记(一)
- 学习java之基础二
- NeHe学习之基础二
- php学习之 基础二
- scapy学习arp欺骗
- scapy学习icmp报文
- Scapy学习笔记一
- scapy基础-网络数据包结构
- Python Scapy(2.3.1)文档学习(二):下载和安装
- Python Scapy(2.3.1)文档学习(二):下载和安装
- c++野指针 之 实战篇
- 原型模式随记
- Struts2防止网页数据重复提交
- 了解Nginx及安装配置
- JDWP on getting class status, jvmtiError=JVMTI_ERROR_WRONG_PHASE(112)
- Scapy基础学习之二
- perl command not found
- js实现网页中简体与繁体互转
- LeetCode Largest Rectangle in Histogram
- cn_win_srv_2003_r2_enterprise_x64_with_sp2下载地址及序列号
- Unbuntu 13.04下 安装 ns-allinone-2.35
- windows如何卸载服务
- ML第一课:监督式学习与非监督式学习
- Cocos2d-x 3.0rc0 的Win32工程添加CocoStudio库