The internet, as wel as local area networks, consist of a huge number of services. You use HTTP(s) for surfing web
pages, SMTP to send emails, POP3 or IMAP to read emails, ICQ, IRC, Skype or jabber to chat and so on.
A Network Simple Sniffer tool in python3
Most people
should by now have heard that HTTP without the
S is insecure and should not be used to send one's
bank account data thourgh the net. However most protocols for daily use are
plaintext protocols, like ICQ or SMTP and
IMAP/POP3. Facebook, the biggest social network of the world has recently adopted
HTTPS as default. One can activate
SSL encryption for most commonly used protocols or
install a SSL proxy in front of a service if it doesn't support
SSL by itself, but only a few people care about data security
and encryption.
Unencrypted network traffic is the
low hanging fruit every attacker is searching for. Why should an attacker try
to crack passwords if he can easily read them?
Why
should try to break into the application server if they could hijack the
current admin session and insert his commands by using IP spoofing.
Now we develop a script that will not display the caught data packets on
screen in
human readable format, but save them in a PCAP dump file for further processing by
other network tools. In case the script gets a file as parameter it will try
to read it and print its contents by utilizing EthDecoders as
shown in the first example. Reading and Writing PCAP Dump Files
#!/usr/bin/python import sys import getopt import pcapy from impacket.ImpactDecoder import EthDecoder from impacket.ImpactPacket import IP dev = "wlan0" decoder = EthDecoder() input_file = None dump_file = "sniffer.pcap" def write_packet(hdr, data): print(decoder.decode(data)) dumper.dump(hdr, data) def read_packet(hdr, data): ether = decoder.decode(data) if ether.get_ether_type() == IP.ethertype: iphdr = ether.child() tcphdr = iphdr.child() print(iphdr.get_ip_src() + ":" + str(tcphdr.get_th_sport()) + " -> " + iphdr.get_ip_dst() + ":" + str(tcphdr.get_th_dport())) def usage(): print(sys.argv[0] + """ -i <dev> -r <input_file> -w <output_file>""") sys.exit(1) # Parse parameter try: cmd_opts = "i:r:w:" opts, args = getopt.getopt(sys.argv[1:], cmd_opts) except getopt.GetoptError: usage() for opt in opts: if opt[0] == "-w": dump_file = opt[1] elif opt[0] == "-i": dev = opt[1] elif opt[0] == "-r": input_file = opt[1] else: usage() # Start sniffing and write packet to a pcap dump file if input_file == None: pcap = pcapy.open_live(dev, 1500, 0, 100) dumper = pcap.dump_open(dump_file) pcap.loop(0, write_packet) # Read a pcap dump file and print it else: pcap = pcapy.open_offline(input_file) pcap.loop(0, read_packet)
Provided by
Hacking Truth
The function pcap.dump_open() opens a
PCAP dump file for writing and
returns a Dumper object, which provides a dump() method to write
the
header and payload of the packet. For reading a
PCAP file we apply the method
open_offline() instead of the further used method
open_live() and give it the file to open as exclusive parameter.
The rest of the reading process is analogous.
The example shows an
improvement on the decoding of the packet data. We output all data of the
packet at once by using the __str__ method of Ethernet in
ImpactPacket. Now we only decode the IP and
TCP headers instead and display the source and destination ip
and port as an example.
The header of higher layers can be comfortably
accessed by calling the child() method. The rest of the code are
simple getters to the desired properties of the protocol.
I hope you liked this post, then you should not forget to share this post at
all.
Thank you so much :-)