Scapy基础学习之二
来源:互联网 发布:数控编程的方法有哪些 编辑:程序博客网 时间:2024/05/17 05:55
http://blog.csdn.net/wang_walfred/article/details/40072751
TCP路由跟踪测试
-
-
-
-
-
-
-
-
- from scapy.all import *
-
-
- ans,unans=sr(IP(dst="www.google.com",ttl=(2,25),id=RandShort())/TCP(flags=0x2))
- for snd,rcv in ans:
- print snd.ttl,rcv.src,isinstance(rcv.payload,TCP)
执行结果如下:
- walfred@walfred-VirtualBox:~/wmw/scapy/test$ sudo python TCP_tracerout.py
- Begin emission:
- ..**********..***********Finished to send 24 packets.
- ***
- Received 28 packets, got 24 answers, remaining 0 packets
- 2 192.168.115.188 True
- 3 192.168.115.188 True
- 4 192.168.115.188 True
- 5 192.168.115.188 True
- 6 192.168.115.188 True
- 7 192.168.115.188 True
- 8 192.168.115.188 True
- 9 192.168.115.188 True
- 10 192.168.115.188 True
- 11 192.168.115.188 True
- 12 192.168.115.188 True
- 13 192.168.115.188 True
- 14 192.168.115.188 True
- 15 192.168.115.188 True
- 16 192.168.115.188 True
- 17 192.168.115.188 True
- 18 192.168.115.188 True
- 19 192.168.115.188 True
- 20 192.168.115.188 True
- 21 192.168.115.188 True
- 22 192.168.115.188 True
- 23 192.168.115.188 True
- 24 192.168.115.188 True
- 25 192.168.115.188 True
super sockets
scapy使用了libdnet和libpcap库创建了super-socket功能,方便提供内核arp缓存和route表查找操作、提供网络防火墙、原始IP包和以太网传输。用户可以方便选择IO层,在第二层中使用PF_INET/SOCK_RAW或者PF_PACKET(比如修改自己的mac地址,LL头数据字段等)。使用这个的方式也很简单,只需要做响应的配置工作即可:
- >>> conf.use_pcap=True
- >>> conf.use_dnet=True
- >>> conf.L3socket=L3dnetSocket
- >>> conf.L3listen=L3pcapListenSocket
注;如果系统中没有这两个包,需要自己下载安装
捕获(sniffing)
-
-
-
-
-
-
-
- from scapy.all import *
-
-
-
-
-
-
-
-
-
- pkts = sniff(prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{Raw:%Raw.load%\n}"))
执行结果如下:
- 192.168.115.78 -> 224.0.0.252
-
- 192.168.115.178 -> 37.48.93.218
-
- 199.27.79.209 -> 192.168.115.198
- 'HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: text/plain\r\nLast-Modified: Wed, 30 Mar 2011 05:55:46 GMT\r\nETag: "4d92c5e2-28"\r\nVia: 1.1 varnish\r\nContent-Length: 40\r\nAccept-Ranges: bytes\r\nDate: Tue, 14 Oct 2014 06:49:20 GMT\r\nVia: 1.1 varnish\r\nAge: 3926503\r\nConnection: keep-alive\r\nX-Served-By: cache-iad2124-IAD, cache-lax1434-LAX\r\nX-Cache: HIT, HIT\r\nX-Cache-Hits: 1, 1\r\nX-Timer: S1413269360.510112,VS0,VE0\r\n\r\nd0b6dc32d9d9f48a6d702271b8f25c0da6a823fb'
过滤(filters)
- >>> filter_p = sniff(filter="tcp",prn=lambda x: x.sprintf("%IP.src%:%TCP.sport% -> %IP.dst%:%TCP.dport% %2s,TCP.flags% : %TCP.payload%"))
- 192.168.115.178:?? -> 61.160.98.89:?? ?? : ??
- 61.160.98.89:?? -> 192.168.115.178:?? ?? : ??
- 192.168.115.198:41533 -> 173.194.72.82:http S :
- 192.168.115.198:41534 -> 173.194.72.82:http S :
- 192.168.115.198:41535 -> 173.194.72.82:http S :
- 192.168.115.198:41536 -> 173.194.72.82:http S :
- 192.168.115.198:41537 -> 173.194.72.82:http S :
- 192.168.115.198:41533 -> 173.194.72.82:http S :
- 192.168.115.198:41534 -> 173.194.72.82:http S :
- 192.168.115.198:41535 -> 173.194.72.82:http S :
- 192.168.115.198:41536 -> 173.194.72.82:http S :
- 192.168.115.198:41537 -> 173.194.72.82:http S :
- 199.27.79.209:http -> 192.168.115.198:58114 FA :
上面有些字符乱码,暂时未解决。。。。
导入导出数据
保存数据
- wrpcap("test.cap",<span style="font-family: Arial, Helvetica, sans-serif;">filter_p </span>)
载入数据
- pkts = rdpcap("test.cap") 或者 pkts = sniff(offline="temp.cap")
十六进制化数据
- >>> str_p=str(filter_p)
- >>> str_p
- "[\x1b[0m<\x1b[0m\x1b[31m\x1b[1mEther\x1b[0m \x1b[34mdst\x1b[0m\x1b[0m=\x1b[0m\x1b[35m00:03:0f:19:6a:49\x1b[0m \x1b[34msrc\x1b[0m\x1b[0m=\x1b[0m\x1b[35m28:d2:44:3d:40:8e\x1b[0m \x1b[34mtype\x1b[0m\x1b[0m=\x1b[0m\x1b[35mIPv4\x1b[0m \x1b[0m|\x1b[0m\x1b[0m<\x1b[0m\x1b[31m\x1b[1mIP\x1b[0m \x1b[34mversion\x1b[0m\x1b[0m=\x1b[0m\x1b[35m4L\x1b[0m \x1b[34mihl\x1b[0m\x1b[0m=\x1b[0m\x1b[35m5L\x1b[0m \x1b[34mtos\x1b[0m\x1b[0m=\x1b[0m\x1b[35m0x0\x1b[0m \x1b[34mlen\x1b[0m\x1b[0m=\x1b[0m\x1b[35m60\x1b[0m \x1b[34mid\x1b[0m\x1b[0m=\x1b[0m\x1b[35m22665\x1b[0m \x1b[34mflags\x1b[0m\x1b[0m=\x1b[0m\x1b[35m\x1b[0m \x1b[34mfrag\x1b[0m\x1b[0m=\x1b[0m\x1b[35m0L\x1b[0m \x1b[34mttl\x1b[0m\x1b[0m=\x1b[0m\x1b[35m64\x1b[0m \x1b[34mproto\x1b[0m\x1b[0m=\x1b[0m 。。。。。。。。。。。。。。。。
base64编码数据包(export_object() 和import_object())
- >>> sniff_pkt=filter_p[0]
- >>> sniff_pkt
- <Ether dst=00:03:0f:19:6a:49 src=28:d2:44:3d:40:8e type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=60 id=22665 flags= frag=0L ttl=64 proto=icmp chksum=0x4de4 src=192.168.115.178 dst=61.160.98.89 options=[] |<ICMP type=echo-request code=0 chksum=0xb5ec id=0x1 seq=0x976e |<Raw load='abcdefghijklmnopqrstuvwabcdefghi' |>>>>
- >>> export_object(sniff_pkt)
- Traceback (most recent call last):
- File "<console>", line 1, in <module>
- File "/usr/lib/python2.7/dist-packages/scapy/utils.py", line 421, in export_object
- print gzip.zlib.compress(cPickle.dumps(obj,2),9).encode("base64")
- PicklingError: Can't pickle <type 'function'>: attribute lookup __builtin__.function failed
- >>>
出现了该错误,目前还未能解决。。。。。
保存会话
如果在终端执行了许多操作,并且需要保存当前的会话内容以备后来需要,可以使用下面的命令完成:save_session() 和load_session()
- >>> dir()
- ['__builtins__', 'conf', 'filter_p', 'pkts', 'sniff_pkt', 'str_p']
- >>> save_session("2014_session.scapy")
- Traceback (most recent call last):
- File "<console>", line 1, in <module>
- File "/usr/lib/python2.7/dist-packages/scapy/main.py", line 129, in save_session
- cPickle.dump(to_be_saved, f, pickleProto)
- PicklingError: Can't pickle <type 'function'>: attribute lookup __builtin__.function failed
scapy的路由
- >>> conf.route
- Network Netmask Gateway Iface Output IP
- 127.0.0.0 255.0.0.0 0.0.0.0 lo 127.0.0.1
- 0.0.0.0 0.0.0.0 192.168.115.1 eth0 192.168.115.198
- 192.168.115.0 255.255.255.0 0.0.0.0 eth0 192.168.115.198
同时可以修改路由表:
- >>> conf.route.delt(net="0.0.0.0/0",gw="192.168.115.1")
- >>> conf.route.add(net="0.0.0.0/0",gw="192.168.115.254")
- >>> conf.route.add(host="192.168.115.253",gw="192.168.115.1")
- >>> conf.route
- Network Netmask Gateway Iface Output IP
- 127.0.0.0 255.0.0.0 0.0.0.0 lo 127.0.0.1
- 192.168.115.0 255.255.255.0 0.0.0.0 eth0 192.168.115.198
- 0.0.0.0 0.0.0.0 192.168.8.254 lo 0.0.0.0
- 0.0.0.0 0.0.0.0 192.168.115.254 eth0 192.168.115.198
- 192.168.115.253 255.255.255.255 192.168.115.1 eth0 192.168.115.198
-
- >>>
使用 resync()可以恢复默认
- >>> conf.route.resync()
- >>> conf.route
- Network Netmask Gateway Iface Output IP
- 127.0.0.0 255.0.0.0 0.0.0.0 lo 127.0.0.1
- 0.0.0.0 0.0.0.0 192.168.115.1 eth0 192.168.115.198
- 192.168.115.0 255.255.255.0 0.0.0.0 eth0 192.168.115.198
-
- >>>
无线数据包抓包和注入
无线网卡的抓包方法:
- sniff(iface="wifi360",prn=lambda x:x.sprintf("{Dot11Beacon:%Dot11.addr3%\t%Dot11Beacon.info%\t%PrismHeader.channel%\tDot11Beacon.cap%}"))
scapy提供无线数据包注入的方法。
- sendp(Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2=RandMAC(),addr3=RandMAC())/
- Dot11Beacon(cap="ESS")/
- Dot11Elt(ID="SSID",info=RandString(RandNum(1,50)))/
- Dot11Elt(ID="Rates",info='\x82\x84\x0b\x16')/
- Dot11Elt(ID="DSset",info="\x03")/
- Dot11Elt(ID="TIM",info="\x00\x01\x00\x00"),iface="wifi360",loop=1)
0 0