Open alext234 opened 6 years ago
This module parses the HTTP request which has sport or dport == 80. please check https://github.com/invernizzi/scapy-http/blob/master/scapy_http/http.py#L260
Your pcap does not satisfy the condition.
@invernizzi: can you please comment how to parse HTTP protocol on non-standard ports?
My code which adds a new destination and source port (5000) to parse the HTTP layer with is as follows:
from scapy.layers.inet import TCP
import scapy.all as scapy
from scapy_http.http import *
scapy.packet.bind_layers(TCP, HTTP, dport=5000)
scapy.packet.bind_layers(TCP, HTTP, sport=5000)
packets = scapy.rdpcap('./capture.pcap')
You can then show an HTTP packet as per the docs.
@arglucas Is it possible for you to check the common HTTP words like "GET, POST, HOST, HTTP/" in TCP payload and concur that it is HTTP flow and parse the packet?
This will work irrespective of the source and destination port. If the user does not know the port information, we are back to square one.
Hi! Maybe this could help:
https://gist.github.com/cr0hn/cfa4e6d04a20f6248a506c072ae0ba81
web3_clientVersion.pcap.tar.gz
When I do a
packet.show()
with the attached pcap file, there is no HTTP layer shown.