scapy | 易学教程

Adding payload in packet

阅读更多关于 Adding payload in packet

问题 Can I insert image or document (in MBs) as a data in packet using scapy? This is what I did to send data. data = "University of texas at San Antonio" a = IP(dst="129.132.2.21")/TCP()/data send(a) 回答1: Yes, you can send raw data like this. In this example, data will be ASCII encoded. >>> data = 'University of Texas at San Antonio' >>> a = IP(dst='129.132.2.21') / TCP() / Raw(load=data) >>> sendp(a) 来源： https://stackoverflow.com/questions/6605118/adding-payload-in-packet

Scapy BPF filter not working

阅读更多关于 Scapy BPF filter not working

问题 I am using Scapy and would like to filter based on the destination mac address. However, I am getting packets displayed where the destination MAC address is not the address specified in the filter. Here is a code snippit: from scapy.all import * sniff(iface="eth1", filter="ether dst host 91:e0:f0:01:00:00", count=3, prn=lambda x: x.show()) I am running Scapy 2.2.0 Any ideas on the issue here? 回答1: Scapy requires numerous dependencies for many different systems. It is quiet possible that you

Scapy install issues. Nothing seems to actually be installed?

阅读更多关于 Scapy install issues. Nothing seems to actually be installed?

问题 I have an apple computer running Leopard with python 2.6. I downloaded the latest version of scapy and ran " python setup.py install ". All went according to plan. Now, when I try to run it in interactive mode by just typing "scapy", it throws a bunch of errors. What gives! Just in case, here is the FULL error message.. INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump(). ERROR: Unable to import pcap module: No

Scapy: Getting trailer field in the dissector

阅读更多关于 Scapy: Getting trailer field in the dissector

问题 I'm using scapy to read and pretty print a trace file. The PDUs I'm reading (My_Packet) have the format: | header | payload | crc | -------------------------- The payload field contains another PDU inside. I'm using the following code to strip the crc part, but unfortunately something does not work as expected (I cannot figure out what's wrong). #!/usr/bin/env python from scapy.all import * class My_Packet(Packet): '''My_Packet PDU''' name = "My Packet" CRC_SIZE = 4 fields_desc=[ LEShortField

How to extract an SSL/TLS message using scapy and python?

阅读更多关于 How to extract an SSL/TLS message using scapy and python?

问题 I'm trying to read a TLS message. Specifically, the one with the certificate details (handshake_type = 11). What I'm doing is first checking that the message contains Raw . If so, I'm extracting the payload like so: b = bytes(pkt[Raw].load) . Next, I'm checking that the first byte is 0x16 and the following two bytes need to be a proper TLS version. The problem is that this message doesn't pass these conditions. WireShark is showing me that \x16\x03\x03 are the bytes at position 0000 (picture

Scapy and tcpreplay: bypass temporary file for performance

阅读更多关于 Scapy and tcpreplay: bypass temporary file for performance

问题 Scapy has a sendpfast function that sends packets using tcpreplay. However, this function first creates a temporary pcap file and then calls tcpreplay on that. This adds too much delay. Is there anyway to bypass it and directly send data to tcpreplay. I know that tcpreplay can read data from STDIN. Context: I want to generate large traffic (with different srcIP) every second and send it through network. One option is to save all traffic with timestamps in a giant pcap file and run tcpreplay.

python scapy模块

阅读更多关于 python scapy模块

参考书籍： python渗透测试编程技术方法与实践参考文档： https://github.com/Larryxi/Scapy_zh-cn/blob/master/README.md （Scapy中文使用文档）本文为作者学习文章，按作者习惯写成，如有错误或需要追加内容请留言（不喜勿喷）本文为追加文章 scapy包含大量的网络协议（DNS、ARP、IP、TCP、UDP等） from scapy.all import * #来自scapy.all文件，导入所有函数 python交互模式中：ls (*) *=Ether、IP、ICMP、TCP、UDP、ARP 等等,查看可以配置的参数二层： Ether = Ether(src="源mac"，dst="目的mac") #构造数据包源mac地址表示**发送数据的主机mac**，目的mac地址表示**数据发送到的主机mac** 三层： ip = IP(src="源IP地址", "dst=目的IP地址", ttl=32) #构造数据包源IP地址表示**发送数据的主机**，目的IP地址表示**数据发送到的主机** 协议： ARP： ARP = ARP(hwsrc='二层源mac', psrc='三层源IP', hwdst='二层目的mac', pdst='三层目的IP') TCP： TCP = TCP(sport="源端口号", dport

Sending packets from pcap with changed src/dst in scapy

阅读更多关于 Sending packets from pcap with changed src/dst in scapy

问题 I am trying to send a previously recorded traffic (captured in pcap format) with scapy. Currently I am stuck at striping original Ether layer. The traffic was captured on another host and I basically need to change both IP and Ether layer src and dst. I managed to replace IP layer and recalculate checksums, but Ether layer gives me trouble. Anyone has experience resending packets from capture file with applied changes to IP and Ether layer(src and dst)? Also, the capture is rather big couple

Pinging an IP range with Scapy

阅读更多关于 Pinging an IP range with Scapy

问题 I'm attempting to write a Python script which uses the Scapy module to ping an internal IP range to determine which IP's are online. I've got this so far: #!/usr/bin/python from scapy.all import * conf.verb = 0 for ip in range(0, 256): packet = IP(dst="192.168.0." + str(ip), ttl=20)/ICMP() reply = sr1(packet) if "192.168." in reply.src: print reply.src, "is online" And the program will sit for a while doing nothing, and then if I kill it with CTRL+C I get an error message: Traceback (most

Change TCP Payload with nfqueue/scapy

阅读更多关于 Change TCP Payload with nfqueue/scapy

问题 Hello I am using nfqueue and scapy and I my goal is to recieve packets at my NFQUEUE, change the payload and resend them. I can change fields like the TTL without any kind of problem, but when it comes to change the payload, I am encoutering problems. When I change the payload, I sniff the packet with wireshark and apparently I send the packet with the payload modified, but the server doesn't answer. This is my code: #!/usr/bin/env python import nfqueue from scapy.all import * def callback