search

invernizzi / scapy-http

Support for HTTP in Scapy
Other
301 stars 77 forks source link

http layer raw conversion is inncorrect #40

Open shindoga opened 6 years ago

shindoga commented 6 years ago

The problem is when i do raw() function to a HTTP layer and than to the result i do HTTP() function to it the result is different from the original HTTP layer.

For simplisity, HTTP(raw(pack)) == pack[HTTP] returns False

for example, pack[HTTP].show() prints

`###[ HTTP ]###

[ HTTP Response ]

 Status-Line= 'HTTP/1.1 301 Moved Permanently'
 Accept-Ranges= None
 Age       = None
 E-Tag     = None
 Location  = 'http://www.bankfordata.com:2030/roundcube/'
 Proxy-Authenticate= None
 Retry-After= None
 Server    = 'cwpsrv'
 Vary      = None
 WWW-Authenticate= None
 Cache-Control= None
 Connection= 'keep-alive'
 Date      = 'Mon, 23 Jul 2018 04:27:49 GMT'
 Pragma    = None
 Trailer   = None
 Transfer-Encoding= None
 Upgrade   = None
 Via       = None
 Warning   = None
 Keep-Alive= None
 Allow     = None
 Content-Encoding= None
 Content-Language= None
 Content-Length= '179'
 Content-Location= None
 Content-MD5= None
 Content-Range= None
 Content-Type= 'text/html'
 Expires   = None
 Last-Modified= None
 Headers   = 'Content-Length: 179\r\nServer: cwpsrv\r\nConnection: keep-alive\r\nLocation: http://www.bankfordata.com:2030/roundcube/\r\nDate: Mon, 23 Jul 2018 04:27:49 GMT\r\nContent-Type: text/html'
 Additional-Headers= None`

and on the other hand HTTP(raw(pack)).show() prints

`###[ HTTP ]###

[ HTTP Response ]

 Status-Line= 'HTTP/1.1 301 Moved Permanently Content-Length: 179'
 Accept-Ranges= None
 Age       = None
 E-Tag     = None
 Location  = 'http://www.bankfordata.com:2030/roundcube/'
 Proxy-Authenticate= None
 Retry-After= None
 Server    = 'cwpsrv'
 Vary      = None
 WWW-Authenticate= None
 Cache-Control= None
 Connection= 'keep-alive'
 Date      = 'Mon, 23 Jul 2018 04:27:49 GMT'
 Pragma    = None
 Trailer   = None
 Transfer-Encoding= None
 Upgrade   = None
 Via       = None
 Warning   = None
 Keep-Alive= None
 Allow     = None
 Content-Encoding= None
 Content-Language= None
 Content-Length= None
 Content-Location= None
 Content-MD5= None
 Content-Range= None
 Content-Type= 'text/html'
 Expires   = None
 Last-Modified= None
 Headers   = 'Date: Mon, 23 Jul 2018 04:27:49 GMT\r\nConnection: keep-alive\r\nContent-Type: text/html\r\nLocation: http://www.bankfordata.com:2030/roundcube/\r\nServer: cwpsrv'
 Additional-Headers= None`

as u can see the Content-Length header is inncorrect, plz help thank you

shindoga commented 6 years ago

dont mind the the .show() function doesnt have \r\n it is just a copy issue from my terminal

shindoga commented 5 years ago

i understood after further inspection is that the raw() function doesn't actually return the "raw" of the packet layer. if you compare between wireshark's result of the http layer to the raw() function's result it is clearly seen that the raw() function misses some \r\n and therefore makes the HTTP function of it not compatible