search

invernizzi / scapy-http

Support for HTTP in Scapy
Other
301 stars 77 forks source link

http layer is not detected #36

Open alext234 opened 6 years ago

alext234 commented 6 years ago

web3_clientVersion.pcap.tar.gz

When I do a packet.show() with the attached pcap file, there is no HTTP layer shown.

githubMerge commented 5 years ago

This module parses the HTTP request which has sport or dport == 80. please check https://github.com/invernizzi/scapy-http/blob/master/scapy_http/http.py#L260

Your pcap does not satisfy the condition.

@invernizzi: can you please comment how to parse HTTP protocol on non-standard ports?

arglucas commented 5 years ago

My code which adds a new destination and source port (5000) to parse the HTTP layer with is as follows:

from scapy.layers.inet import TCP
import scapy.all as scapy
from  scapy_http.http import *

scapy.packet.bind_layers(TCP, HTTP, dport=5000)
scapy.packet.bind_layers(TCP, HTTP, sport=5000)

packets = scapy.rdpcap('./capture.pcap')

You can then show an HTTP packet as per the docs.

githubMerge commented 5 years ago

@arglucas Is it possible for you to check the common HTTP words like "GET, POST, HOST, HTTP/" in TCP payload and concur that it is HTTP flow and parse the packet?

This will work irrespective of the source and destination port. If the user does not know the port information, we are back to square one.

cr0hn commented 2 years ago

Hi! Maybe this could help:

https://gist.github.com/cr0hn/cfa4e6d04a20f6248a506c072ae0ba81