scapy 嗅探功能似乎在监控模式下不起作用?
scapy sniff function doesnt seem to work in moniter mode?
我正在尝试编写一个数据包嗅探器,它将一个接口和一个正则表达式表达式作为可选参数,并在嗅探到的数据包中搜索匹配项,但它似乎根本无法嗅探到数据包,整个代码是:
#!/home/khaled/PycharmProjects/networking/venv/bin/python3
# A regular expresion finder
from scapy.all import *
import re
import os
import argparse
import subprocess
import sys
def test(num):
num = num.sprintf('%Raw.load%')
print("Packet Data: {}".format(num))
res = re.findall("TESTING", num)
def parser():
parser = argparse.ArgumentParser(usage="command -i <interface>",
description="Listen for incoming traffic on specified interface for specified"
"regex expresion")
parser.add_argument("-i", help="The interface to listen on", dest="interface", required=True)
parser.add_argument("-r", help="regex expresion to look for", dest="regex", required=False, default=False)
env = parser.parse_args()
global interface
global regex
interface = env.interface
regex = env.regex
def start_sniff(interface):
# Check if a
print(conf.iface)
print("[+] Started Sniffing For regex in HTTP data at interface {}".format(interface))
sniff(prn=test, filter="tcp", iface=interface, count=0, monitor=True)
def start_moniter_interface(iface):
try:
# subprocess.run(['airmon-ng', "check", "kill"], check=True)
rslt = subprocess.run(["airmon-ng", "start", iface], check=True, capture_output=True)
except subprocess.CalledProcessError as e:
print("[+] Error Has Occurred when putting Interface in monitor mode {}".format(e.stderr))
sys.exit(1)
else:
print("[+] Started interface in moniter mode")
interface_name = re.findall("wlp[0-9a-z]+mon", rslt.stdout.decode("utf-8"))[0]
print("[+] Found interface Name is {}".format(interface_name))
if interface_name: # Found interface name
return interface_name
else: # Else Run iwconfig
# nfig manually
print("Unable to determine interface name")
print("Run iwconfig and rerun script with new interface name")
sys.exit(1)
def main():
parser()
if os.getuid() != 0: # Not running as root run with sudo
print("Error Need to run script as root, run with sudo")
sys.exit(1)
else: # running as root
result = subprocess.run(["iwconfig", interface], capture_output=True, check=True)
if "mode:moniter" in result.stdout.decode("utf-8").lower(): # Check Moniter mode
start_sniff(interface)
else: # Else start Interface in moniter mode then sniff for packets
moniter_interface = start_moniter_interface(interface)
start_sniff(moniter_interface)
if __name__ == "__main__":
main()
它使用airmon将网卡设置为监控模式,然后使用iwconfig获取网卡设置为监控模式后的名称。用户传递的正则表达式暂时被忽略。 test 函数似乎根本没有被调用,我不知道为什么,因为当无线网卡处于 managed 模式时,sniff 函数似乎可以工作。它只是无所事事
[+] Started Sniffing For regex in HTTP data at interface wlp2s0mon
嗅探函数调用为:
sniff(prn=card_type, filter="tcp", iface=interface, count=0, monitor=True)
也运行 iwconfig说明网卡处于监听模式
您正在使用 BPF 过滤器在内核级别过滤 tcp。我敢打赌你是从受 WPA2 保护的网络中嗅探出来的,这意味着 802.11 (Wi-Fi) 帧中的有效负载是加密的,所以你实际上无法查看帧内部。我建议尝试在完全不使用监控模式的情况下进行嗅探,这样您就可以捕获常规的 802.3 以太网帧,而不是像我提到的那样使用有效负载加密的原始 802.11。
我正在尝试编写一个数据包嗅探器,它将一个接口和一个正则表达式表达式作为可选参数,并在嗅探到的数据包中搜索匹配项,但它似乎根本无法嗅探到数据包,整个代码是:
#!/home/khaled/PycharmProjects/networking/venv/bin/python3
# A regular expresion finder
from scapy.all import *
import re
import os
import argparse
import subprocess
import sys
def test(num):
num = num.sprintf('%Raw.load%')
print("Packet Data: {}".format(num))
res = re.findall("TESTING", num)
def parser():
parser = argparse.ArgumentParser(usage="command -i <interface>",
description="Listen for incoming traffic on specified interface for specified"
"regex expresion")
parser.add_argument("-i", help="The interface to listen on", dest="interface", required=True)
parser.add_argument("-r", help="regex expresion to look for", dest="regex", required=False, default=False)
env = parser.parse_args()
global interface
global regex
interface = env.interface
regex = env.regex
def start_sniff(interface):
# Check if a
print(conf.iface)
print("[+] Started Sniffing For regex in HTTP data at interface {}".format(interface))
sniff(prn=test, filter="tcp", iface=interface, count=0, monitor=True)
def start_moniter_interface(iface):
try:
# subprocess.run(['airmon-ng', "check", "kill"], check=True)
rslt = subprocess.run(["airmon-ng", "start", iface], check=True, capture_output=True)
except subprocess.CalledProcessError as e:
print("[+] Error Has Occurred when putting Interface in monitor mode {}".format(e.stderr))
sys.exit(1)
else:
print("[+] Started interface in moniter mode")
interface_name = re.findall("wlp[0-9a-z]+mon", rslt.stdout.decode("utf-8"))[0]
print("[+] Found interface Name is {}".format(interface_name))
if interface_name: # Found interface name
return interface_name
else: # Else Run iwconfig
# nfig manually
print("Unable to determine interface name")
print("Run iwconfig and rerun script with new interface name")
sys.exit(1)
def main():
parser()
if os.getuid() != 0: # Not running as root run with sudo
print("Error Need to run script as root, run with sudo")
sys.exit(1)
else: # running as root
result = subprocess.run(["iwconfig", interface], capture_output=True, check=True)
if "mode:moniter" in result.stdout.decode("utf-8").lower(): # Check Moniter mode
start_sniff(interface)
else: # Else start Interface in moniter mode then sniff for packets
moniter_interface = start_moniter_interface(interface)
start_sniff(moniter_interface)
if __name__ == "__main__":
main()
它使用airmon将网卡设置为监控模式,然后使用iwconfig获取网卡设置为监控模式后的名称。用户传递的正则表达式暂时被忽略。 test 函数似乎根本没有被调用,我不知道为什么,因为当无线网卡处于 managed 模式时,sniff 函数似乎可以工作。它只是无所事事
[+] Started Sniffing For regex in HTTP data at interface wlp2s0mon
嗅探函数调用为:
sniff(prn=card_type, filter="tcp", iface=interface, count=0, monitor=True)
也运行 iwconfig说明网卡处于监听模式
您正在使用 BPF 过滤器在内核级别过滤 tcp。我敢打赌你是从受 WPA2 保护的网络中嗅探出来的,这意味着 802.11 (Wi-Fi) 帧中的有效负载是加密的,所以你实际上无法查看帧内部。我建议尝试在完全不使用监控模式的情况下进行嗅探,这样您就可以捕获常规的 802.3 以太网帧,而不是像我提到的那样使用有效负载加密的原始 802.11。