17

I want to sniff all the HTTP packets in my computer via python(version2.6.. is this possible? can I do it with scapy, or without other external modules?

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Aviv
  • 456
  • 1
  • 7
  • 16
  • 6
    Concerning to closing votes, I think this is a good question. He's asking for a technique to solve a particular problem, what's the problem? – Vincent Savard Apr 09 '13 at 15:43
  • Did you look at this? (quickly before this question gets closed...) http://wiki.wireshark.org/Python – zenpoy Apr 09 '13 at 15:44
  • 1
    possible duplicate of [HTTP Request and Response Inspection with Python](http://stackoverflow.com/questions/15663379/http-request-and-response-inspection-with-python) – Piotr Dobrogost Apr 10 '13 at 07:55
  • Related: [Packet sniffing in Python (Windows)](http://stackoverflow.com/q/462439/95735) – Piotr Dobrogost Apr 10 '13 at 07:55

4 Answers4

7

Scrapy is only for extracting data from webpages or similar structured documents.

To actually read the packets coming from the NIC your best performance option would probably be to use a C/C++ API that has python bindings.

For example WireShark has a Python API.

Pcapy is a module for packet capture using libpcap.

LibPCAP is the packet capture library written for TCPDUMP and also used in WireShark.

Another option is to try the dpkt python module. Here is a nice write up. Here's an example using using dpkt and pcap to sniff HTTP packets.

EDIT: oops, I misread scapy. Thanks root!

As you mentioned, Scapy is another python module that also uses LibPCAP. This documentation has an example of sniffing.

If you are having trouble running on Python 2.7 check out this post.

Community
  • 1
  • 1
Dave Hite
  • 313
  • 3
  • 10
  • 1
    It seems that the Python API for WireShark is gone now. PyShark seems like the most active approach to this now, as noted in the answer below. – nealmcb Sep 09 '17 at 15:18
3

https://github.com/KimiNewt/pyshark

Python wrapper for tshark

Usage:

>>> capture = pyshark.LiveCapture(interface='eth0')
>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (5 packets)>
>>> capture[3]
<UDP/HTTP Packet>

for packet in capture.sniff_continuously(packet_count=5):
    print 'Just arrived:', packet
ife
  • 1,231
  • 13
  • 13
2

pypcap,https://code.google.com/p/pypcap/ simplified object-oriented Python extension module for libpcap - the current tcpdump.org version, the legacy version shipping with some of the BSD operating systems, and the WinPcap port for Windows.This is a Windows version.And if you are using #nix,just install pcap and dpkt module.

pigletfly
  • 1,051
  • 1
  • 16
  • 32
  • OK, if I want to use the dpkt & pcap modules for the sniffing, how can I sniff with them HTTP packets? I will be glad to get for an example.. I saw an example how to sniff with this modules an icmp packets but not HTTP packets.. – Aviv Apr 10 '13 at 15:39
0

FTR, Scapy will support HTTP packets starting from 2.4.3: https://scapy.readthedocs.io/en/latest/layers/http.html

>>> HTTPRequest().show()
###[ HTTP Request ]###
  Method= 'GET'
  Path= '/'
  Http_Version= 'HTTP/1.1'
  A_IM= None
  Accept= None
  Accept_Charset= None
  Accept_Datetime= None
  Accept_Encoding= None
  [...]

Sniff demo:

from scapy.layers.http import * # read the doc
from scapy.sendrecv import sniff
sniff(lfilter=lambda x: HTTP in x, prn=lambda x: x.summary())
Cukic0d
  • 5,111
  • 2
  • 19
  • 48