• python抓包截取http记录日志


    #!/usr/bin/python

    import pcap

    import dpkt

    import re

     

    def main():

            pc=pcap.pcap(name="eth1")                                             # 抓取 eth1

            pc.setfilter('tcp port 80')                                                       # 过滤表达式 tcp port 80

            for p_time, p_data in pc:                                                      # 

                      ret = main_pcap(p_time, p_data)

                            if ret:

                                    print ret 

                   

    def main_pcap(p_time, p_data):                                                 # 解码

            out_format = "%s %s %s %s %s HTTP/%s"

            p = dpkt.ethernet.Ethernet(p_data)                                     # 

            ret = None

            if p.data.__class__.__name__ == 'IP':

                    ip_data = p.data

                    src_ip = '%d.%d.%d.%d' % tuple(map(ord,list(ip_data.src)))

                    dst_ip = '%d.%d.%d.%d' % tuple(map(ord,list(ip_data.dst)))

                    if p.data.data.__class__.__name__=='TCP':

                            tcp_data = p.data.data

                            if tcp_data.dport==80:

                                    if tcp_data.data:

                                            h = dpkt.http.Request(tcp_data.data)                                            # http解码

                                            pre = "^/.*$"

                                            if match(pre, h.uri):                                                                           # url 重写

                                                    http_headers = h.headers

                                                    host = h.headers['host']

                                                    url = "http://" + host + h.uri

                                            else:

                                                    url = h.uri

                                            # datetime srcip dstip GET /index.htm HTTP/1.1                       # 输出日志格式

                                            ret = out_format % (p_time, src_ip, dst_ip, h.method, url, h.version)

            

            return ret

    def match(pre, line):

            p = re.compile(pre)

            m = p.match(line)

            return m

    # 脚本运行也达到了武星预期的要求,OK。

    # 后续记录下referer 还是很有必要的。

    ======================================================================================

    安装

    1. python 2.5

    2. pypcap               python的抓包函数库

    http://code.google.com/p/pypcap/downloads/list

    3. dpkt                     python的解包函数库

    http://code.google.com/p/dpkt/downloads/list

    4. winpcap             python支持pacp的驱动

    如果有wireshark的话,就直接安装wireshark吧,里面带着winpcap

    在Linux中有个库叫做libpcap可以胜任。libpcap是一个简单而又强大的数据包捕获函数库,可以在多种操作系统上运行。

    关于libpcap有几个很好的教程:

    http://www.tcpdump.org/pcap.htm (官方向导,英文,写得很适合新手)

    http://blog.csdn.net/bat603/archive/2006/09/04/1175729.aspx (主要函数中文说明)

    http://blog.csdn.net/bat603/archive/2006/09/04/1176251.aspx (入门源码)

  • 相关阅读:
    Unix Vi 命令详解
    硬盘安装 solaris
    Oracle 10g RAC OCR 和 VotingDisk 的备份与恢复
    Unix vmstat 命令
    Unix Vi 命令详解
    How do I rename a data file
    Oracle 购买价格 和 服务费 计算方式
    Solaris 更改系统语言
    硬盘安装 solaris
    How do I rename a data file
  • 原文地址:https://www.cnblogs.com/hushaojun/p/4533236.html
Copyright © 2020-2023  润新知