0

The return value for these attributes are in hex format seperated by ':' Eg : 70:79:f6:2e: something like this. When I am trying to decode it to plain string ( human readable ) it doesn't work. What encoding is being used? I tried various different methods like codecs.decode(), binascii.unhexlify(), bytes.fromhex() also different encodings ASCII and UTF-8. Nothing worked, any help is appreciated. I am using python 3.6

Ashish Jha
  • 3
  • 2

1 Answers1

1

Thanks for your question! I believe you're wanting to read the payload in chunks of two hex places. The functions you tried are not able to parse the : delimiter out-of-the-box. Something like splitting the string by the : delimiter, converting their values to human-readable characters, and joining the "list" to a string should do the trick.

hex_string = '70:79:f6:2e'

hex_split = hex_string.split(':')
hex_as_chars = map(lambda hex: chr(int(hex, 16)), hex_split)

human_readable = ''.join(hex_as_chars)
print(human_readable)

Is this what you have in mind?

cwahls
  • 743
  • 7
  • 22
  • Thank you for your answer, I was trying those functions after removing the ':' It did work but not sure why I see some unreadable characters as they were earlier. Now the question is, is that expected from these packets or is that some error? I am using pyshark to read these packets. – Ashish Jha Feb 06 '21 at 17:29
  • Also if this is an acceptable behaviour how can I get rid of them before printing? – Ashish Jha Feb 06 '21 at 17:38
  • Based on the output from [another user](https://stackoverflow.com/a/50792100), this seems to be the acceptable behavior of the payload. How does `packet.http.data` look like? – cwahls Feb 06 '21 at 18:21
  • packet.http.data also gives hex data but after decoding that looks fine, packet.tcp.payload is also fine except in few lines towards end which are full of weird characters – Ashish Jha Feb 06 '21 at 20:40
  • Okay, thanks for letting me know. Would you mind including an example of the weird characters in your original post and how they are different from the payload? – cwahls Feb 06 '21 at 22:50
  • I am unable to attach the example here, is there any other channel where I can connect with you? – Ashish Jha Feb 08 '21 at 11:18
  • Okay so some additions your answer worked now there's something what I would like to add. If in case some character is present which is not a ASCII character I want to replace it wit . ( dot ) – Ashish Jha Feb 08 '21 at 14:50
  • @AshishJha Would you like to connect on discord? – cwahls Feb 08 '21 at 18:47
  • @AshishJha Sent you a friend request :) – cwahls Feb 15 '21 at 00:55