问题
I am trying to filter HTTP Get request packets using scapy by using the Raw information of the packet for deciding which packet is a Get request and which isn't but I didn't find a way to decode the Raw section of the packet, something that looks like that (Not sure if that packet is a HTTP Get request):
<Raw `load="\x17\x03\x03\x00m\xb8G\xdb\n\xff\x94s\x90y\xe3y\xfa\xa1\x81[-\x05\xf8'Jpq\xf3\x98\xa0\x04d\x08N\xf6\x08\x93\xb1\xd9\xed\xc4^;\xc15\xf2D\xa7\xb4_\x95\x8f\x14l5~[9\xb0\x9f^EI\xbb\xcd\x89\x06\x11`\xa2\xbf\xdd\x8b\x14y!\xae\xbe-D&DW\x96\xf7\xcf\x19\xb0_\xba\xe80b\x9c\xe6\xee\x9c\xf3\xbb\r\x87c\xff\xf9G\xf6K\x8fn\rS\x83?\x05" |>`
Is there a known way of doing this. i have already tried the next filter:
def http_get_filter(packet):
return (TCP in packet and Raw in packet and
str(packet[Raw]).startswith('GET'))
But it didn't worked and raised the next exceptions:
WARNING: Calling str(pkt) on Python 3 makes no sense!
WARNING: Calling str(pkt) on Python 3 makes no sense!
WARNING: more Calling str(pkt) on Python 3 makes no sense!
WARNING: Calling str(pkt) on Python 3 makes no sense!
WARNING: Calling str(pkt) on Python 3 makes no sense!
WARNING: more Calling str(pkt) on Python 3 makes no sense!
I am using python 3.6 version and scapy 2.4.4rc2 version.
Thanks for the help.
来源:https://stackoverflow.com/questions/63321812/filter-http-get-requests-packets-using-scapy