如何删除 headers 以仅获取加密部分
How do I remove headers to get only the encrypted portion
pcap = rdpcap(".pcap file")
for pkt in pcap:
if Raw in pkt:
f=pkt[Raw]
print f
以上代码输出如下图:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 30 Mar 2013 19:23:33 GMT
Content-Length: 15534
Accept-Encoding: gzip, deflate
?}k{?H????+0?#!?,_???$?:?7vf?w?Hb???ƊG???9???/9U?$;3{9g?ycAӗ???????W{?o?~?FZ?e ]>??<??n?????????????d?t??a?3?
?2?p??eBI?e??????ܒ?P??-?Q?-L?????ǼR?³?ׯ??%'
?2Kf?7???c?Y?I?1+c??,ae]?????<{?=ƞ,?^?J?ď???y??6O?_?z????_?ޞ~?_?????Bo%]???_?????W=?
如何删除 headers 以便输出只是:
?}k{?H????+0?#!?,_???$?:?7vf?w?Hb???ƊG???9???/9U?$;3{9g?ycAӗ???????W{?o?~?FZ?e ]>??<??n?????????????d?t??a?3?
?2?p??eBI?e??????ܒ?P??-?Q?-L?????ǼR?³?ׯ??%'
?2Kf?7???c?Y?I?1+c??,ae]?????<{?=ƞ,?^?J?ď???y??6O?_?z????_?ޞ~?_?????Bo%]???_?????W=?
- 确保您使用的是 Scapy 2.4.3
- 读取pcap前加载http层:
from scapy.layers.http import *
- 阅读 pcap
- 您将获得您正在寻找的输出作为原始层
注意:您可以使用
关闭自动解压缩
conf.contribs["http"]["auto_compression"] = True
此外,还可以自动匹配片段/块(此处未使用)。请参阅 sniff 和 "TCPSession " 在 https://scapy.readthedocs.io/en/latest/layers/http.html
pcap = rdpcap(".pcap file")
for pkt in pcap:
if Raw in pkt:
f=pkt[Raw]
print f
以上代码输出如下图:
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 30 Mar 2013 19:23:33 GMT
Content-Length: 15534
Accept-Encoding: gzip, deflate
?}k{?H????+0?#!?,_???$?:?7vf?w?Hb???ƊG???9???/9U?$;3{9g?ycAӗ???????W{?o?~?FZ?e ]>??<??n?????????????d?t??a?3?
?2?p??eBI?e??????ܒ?P??-?Q?-L?????ǼR?³?ׯ??%'
?2Kf?7???c?Y?I?1+c??,ae]?????<{?=ƞ,?^?J?ď???y??6O?_?z????_?ޞ~?_?????Bo%]???_?????W=?
如何删除 headers 以便输出只是:
?}k{?H????+0?#!?,_???$?:?7vf?w?Hb???ƊG???9???/9U?$;3{9g?ycAӗ???????W{?o?~?FZ?e ]>??<??n?????????????d?t??a?3?
?2?p??eBI?e??????ܒ?P??-?Q?-L?????ǼR?³?ׯ??%'
?2Kf?7???c?Y?I?1+c??,ae]?????<{?=ƞ,?^?J?ď???y??6O?_?z????_?ޞ~?_?????Bo%]???_?????W=?
- 确保您使用的是 Scapy 2.4.3
- 读取pcap前加载http层:
from scapy.layers.http import * - 阅读 pcap
- 您将获得您正在寻找的输出作为原始层
注意:您可以使用
关闭自动解压缩conf.contribs["http"]["auto_compression"] = True
此外,还可以自动匹配片段/块(此处未使用)。请参阅 sniff 和 "TCPSession " 在 https://scapy.readthedocs.io/en/latest/layers/http.html