from scapy.all import rdpcap # 读pcap
import re
import sys
from urllib.request import unquote # url解码
def extract(src):
packets = rdpcap(str(src))
print(repr(packets))
for data in packets:
res = repr(data)
# host
host = re.findall('Host: (.*?)\\\\r\\\\n', res)
if len(host) > 0:
for host_i in host:
if '\\' not in host_i:
all_host.append(host_i)
# 应用名别名
com_name = re.findall('(com\..*?)\\\\r', res)
if len(com_name) > 0:
for com_name_i in com_name:
if ('\\' or 'com.cn' or 'com.org') not in com_name_i:
if '&' not in com_name_i:
all_com_name.append(com_name_i)
else:
com_name_i = com_name_i.split('&')[0]
all_com_name.append(com_name_i)
# url
url = re.findall('GET (.*?) HTTP|POST (.*?) HTTP|PUT (.*?) HTTP', res)
if len(url) > 0:
for url_i in url:
for url_o in url_i:
if url_o != '' and ''.join(url_o.split(' ')) != '/':
all_url.append(unquote(url_o))
# cookie
cookie = re.findall('\\\\r\\\\nCookie: (.*?)\\\\r\\\\n', res)
if len(cookie) > 0:
for cookie_i in cookie:
all_cookie.append(unquote(cookie_i))
def all_host_to():
# host
print('*' * 50 + 'Host' + '*' * 50)
for all in list(set(all_host)):
print(all)
def all_name_to():
# name
print('*' * 50 + 'Name' + '*' * 50)
for all in list(set(all_com_name)):
print(all)
def all_url_to():
# url
print('*' * 50 + 'URL' + '*' * 50)
for all in list(set(all_url)):
print(all)
def all_cookie_to():
# url
print('*' * 50 + 'Cookie' + '*' * 50)
for all in list(set(all_cookie)):
print(all)
def all_ls_to():
# 全部数据
all_ls = all_host + all_com_name
print('*' * 50 + '全部' + '*' * 50)
for all in list(set(all_ls)):
print(all)
def main(src):
extract(src)
all_host_to()
all_name_to()
all_url_to()
all_cookie_to()
# all_ls_to()
if __name__ == '__main__':
all_host = []
all_com_name = []
all_url = []
all_cookie = []
# main(sys.argv[1])
main(r'C:\Users\Administrator\Desktop\已完成\未识别应用列表\特征\360儿童卫士.pcap')
网友评论