基本授权凭证不会出现在 Scapy 中?
Basic Authorization Credentials will not show up in Scapy?
Note: The scapy layer 'http' is installed with pip install scapy-http
我有以下代码打印 HTTP 请求层中授权值的值:
import sys
from scapy.all import *
from scapy.layers import http
interface = 'wlan0'
def packet(p):
tcp = p.getlayer('TCP')
if tcp:
req = p.getlayer('HTTP Request')
if req:
auth = req.Authorization
if auth:
print(auth)
try:
sniff(iface=interface,store=0,filter="tcp and port 80",prn=packet)
except KeyboardInterrupt:
sys.exit(1)
这应该打印 this wire shark screenshot 中显示的凭据,但它只打印 b'Basic YWRtaW46RjByZXZlciQ='。这有什么原因吗?
Authorization header 值,在您的情况下,恰好是 b'Basic YWRtaW46RjByZXZlciQ='。这意味着已使用基本身份验证方案,并且值为 <username>:<password>,base64 编码(admin 和 F0rever$ 在您的情况下)。
你可以这样做:
[...]
auth = req.Authorization
if auth and auth.startswith(b'Basic '):
uname, passw = base64_bytes(auth.split(None, 1)[1]).split(b':', 1)
print("Username: %r, password: %r" % (uname.decode(), passw.decode()))
Note: The scapy layer 'http' is installed with
pip install scapy-http
我有以下代码打印 HTTP 请求层中授权值的值:
import sys
from scapy.all import *
from scapy.layers import http
interface = 'wlan0'
def packet(p):
tcp = p.getlayer('TCP')
if tcp:
req = p.getlayer('HTTP Request')
if req:
auth = req.Authorization
if auth:
print(auth)
try:
sniff(iface=interface,store=0,filter="tcp and port 80",prn=packet)
except KeyboardInterrupt:
sys.exit(1)
这应该打印 this wire shark screenshot 中显示的凭据,但它只打印 b'Basic YWRtaW46RjByZXZlciQ='。这有什么原因吗?
Authorization header 值,在您的情况下,恰好是 b'Basic YWRtaW46RjByZXZlciQ='。这意味着已使用基本身份验证方案,并且值为 <username>:<password>,base64 编码(admin 和 F0rever$ 在您的情况下)。
你可以这样做:
[...]
auth = req.Authorization
if auth and auth.startswith(b'Basic '):
uname, passw = base64_bytes(auth.split(None, 1)[1]).split(b':', 1)
print("Username: %r, password: %r" % (uname.decode(), passw.decode()))