search

invernizzi / scapy-http

Support for HTTP in Scapy
Other
301 stars 77 forks source link

Shorthand headers fields should be writable #18

Open XiangYing opened 8 years ago

XiangYing commented 8 years ago

Hi,

I found the newly created pcap file "post_new.pcap" did not reflect the change with running below script, so could you please help me look into this issue? Thanks!

#!/Usr/bin/env python

from scapy.all import *
from scapy_http import http

if __name__ == '__main__':
    pcap = 'post.pcap'
    pkts = rdpcap(pcap)

    for pkt in pkts:
        if pkt.haslayer('HTTP'):
            pkt['HTTP']['HTTP Request'].fields['Host'] = 'club.4399xx.com'
            pkt['HTTP']['HTTP Request'].fields['Content-Length'] = '30'

    '''for pkt in pkts:
        pkt.show()
        print '='*78
    '''

    wrpcap('post_new.pcap', pkts)
invernizzi commented 8 years ago

Hi Ian, at the moment, you should use the Headers dictionary if you want to overwrite headers. The other fields (e.g., Host) are a just a shorthand for accessing Headers. This should certainty be changed: it's this way because this library originally came about as a way to parse HTTP packets, and not write them. So, this should* work 

    for pkt in pkts:
        if pkt.haslayer('HTTP'):
            pkt['HTTP']['HTTP Request'].fields['Headers']['Host'] = 'club.4399xx.com'
            pkt['HTTP']['HTTP Request'].fields['Headers']['Content-Length'] = '30'
XiangYing commented 8 years ago

It seems that the returned value is a unicode instead of a dict, and 'unicode' object does not support item assignment.

Traceback (most recent call last): File "modify_pcap.py", line 30, in pkt['HTTP']['HTTP Request'].fields['Headers']['Host'] = 'club.4399xx.com' TypeError: 'unicode' object does not support item assignment

print type(pkt['HTTP']['HTTP Request'].fields['Headers']) <type 'unicode'> print pkt['HTTP']['HTTP Request'].fields {'Content-Length': u'28', 'Accept-Language': u'zh-CN', 'Accept-Encoding': u'gzip, deflate', 'Method': u'POST', 'Path': u'/api.php', 'Connection': u'Keep-Alive', 'Accept': u'*/*', 'User-Agent': u'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko QQBrowser/9.2.5063.400', 'Headers': u'x-flash-version: 20,0,0,228\r\nContent-Length: 28\r\nAccept-Language: zh-CN\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko QQBrowser/9.2.5063.400\r\nHost: club.4399.com\r\nReferer: http://sxiao.4399.com/4399swf/upload_swf/ftp8/honghao/20120901/8/mainload.swf\r\nCache-Control: no-cache\r\nCookie: _4399stats_vid=14418812781849064; _gprp_c=; home4399=yes\r\nContent-Type: application/x-www-form-urlencoded', 'Host': u'club.4399.com', 'Referer': u'http://sxiao.4399.com/4399swf/upload_swf/ftp8/honghao/20120901/8/mainload.swf', 'Cache-Control': u'no-cache', 'Cookie': u'_4399stats_vid=14418812781849064; _gprp_c=; home4399=yes', 'Http-Version': u'HTTP/1.1', 'Content-Type': u'application/x-www-form-urlencoded', 'Additional-Headers': u'x-flash-version: 20,0,0,228\r\n'}

invernizzi commented 8 years ago

Hi, I've made some changes so this line now works:

pkt['HTTP Request'].fields['Host'] = 'club.4399xx.com'

ATM, you can change any field that was set in the original packet this way.

XiangYing commented 8 years ago

Hi Luca, Thanks for your updates and patient. I found the updated script works only a little a bit, that's the fields can be changed with below three lines, but the newly created pcap file lost the HTTP layer again like original issue that i wrote to you before.

pkt['HTTP']['HTTP Request'].fields['Host'] = 'club.4399xx.com' pkt['HTTP']['HTTP Request'].fields['Content-Length'] = '30' pkt['HTTP']['HTTP Request'].fields['Headers'] = u'x-flash-version: 20,0,0,228\r\nContent-Length: 30\r\nAccept-Language: zh-CN\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Ali ve\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko QQBrowser/9.2.5063.400\r\nHost: club.4399xx.com\r\nReferer: http://sxiao.4399.com/4399swf/uplo ad_swf/ftp8/honghao/20120901/8/mainload.swf\r\nCache-Control: no-cache\r\nCookie: _4399stats_vid=14418812781849064; _gprp_c=; home4399=yes\r\nContent-Type: application/x-www-form-urlencoded' So could you please look into this in your convenient time?

mojyou commented 8 years ago

I've got this issue as well. I just used @invernizzi 's suggestion but still the issue exists. Thanks for your cooperations

sherrypan commented 7 years ago

The writing "pkt['HTTP']['HTTP Request'].fields['Headers']['Host'] = 'club.4399xx.com'" is error because "pkt['HTTP']['HTTP Request'].fields['Headers']" is string.