search

folg / killerbee

Automatically exported from code.google.com/p/killerbee
0 stars 0 forks source link

scapy_extension.py imports clobber zbscapy imports #28

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

When parsing Pcap files using zbscapy the kbrdpcap function fails because it is 
using the scapy.utils.PcapReader instead of the killerbee.pcapdump.PcapReader. 
This is noted below because Scapy's PcapReader has a next() function rather 
than the pnext() function from killerbee.pcapdump's PcapReader.

================================
cutaway> zbscapy
In [1]: cap = kbrdpcap('/tmp/zb_test.pcap')
WARNING: PcapReader: unknown LL type [195]/[0xc3]. Using Raw packets
AttributeError  Traceback
---> cap = kbrdpcap('/tmp/zb_test.pcap')
/usr/local/lib/python2.7/dist-packages/killerbee-2.5.0-py2.7-linux-x86_64.egg/ki
llerbee/scapy_extensions.py
in kbrdpcap(filename, count, skip, nofcs)
   222
   223  while 1:
>>> 224     packet = cap.pnext()
AttributeError: PcapReader instance has no attribute 'pnext'

In [2]:
================================

The issue here is that the zbscapy script imports everything properly. However, 
when the scapy_extensions.py module is loaded it imports scapy.all again. This 
clobbers the killerbee.pcapdump.PcapReader.  

One fix would be to remove the "from scapy.all import *" line from 
scapy_extensions.py.  However, I believe this will break anybody scripting with 
scapy_extensions.py (scripting use seems pretty obvious from the change logs 
for this file).  

Thus, I recommend removing the "from killerbee import *" from zbscapy and 
putting it after the scapy.all import in scapy_extensions.py. This should fix 
this issue and also make it so anybody scripting with scapy_extensions.py only 
has to import this as a module and not also import killerbee. This fix will 
most likely also not break older scripts using the scapy_extensions module.

What is the expected output? What do you see instead?

The Pcap file should be imported and parsed without error

What version of the product are you using?

KillerBee beta (from SVN checkout) Revision # 93

On what operating system?

Linux kubuntu_rules 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

With what Python version? (python -V)

Python 2.7.5+

Is scapy-com installed?

Yes, yes it is

Please provide any additional information below.

Original issue reported on code.google.com by cutaways...@gmail.com on 16 Sep 2014 at 10:51

GoogleCodeExporter commented 9 years ago 
Changes made in rev #95. Please confirm this works well for you. I think at one 
point we were prefering the scapy PCAP reader over the KillerBee one, so 
depending on how this fix works we could revert and use next instead of pnext.

Original comment by rmspe...@gmail.com on 28 Sep 2014 at 8:51

GoogleCodeExporter commented 9 years ago 
I'll test when I get home. We need to figure this out because the scapy
libs parse packets better but the KB libs provide excellent crypto
functionality. Guess I need to fork and figure it out if i can.

Cutaway

Original comment by cutaways...@gmail.com on 28 Sep 2014 at 8:57