python--scapy--使用入门1

目录

安装（省略）

知识储备

基本的scapy结构

查看scapy包含哪些模块

查看layer包含哪些方法和属性

如何知道layer里的方法怎么使用

scapy基本发包和解析

---

安装（省略）

知识储备

使用scapy，需要默认使用人已经掌握了TCP/IP协议栈的全部内容

基本的scapy结构

基本layer构造，显示layer内容，显示模块的各选项有哪些

IP就是个模块

>>> IP()

>>> IP().show()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= ip
  chksum= None
  src= 172.24.212.1
  dst= 127.0.0.1
  \options\

>>> ls(IP)
version    : BitField (4 bits)                   = (4)
ihl        : BitField (4 bits)                   = (None)
tos        : XByteField                          = (0)
len        : ShortField                          = (None)
id         : ShortField                          = (1)
flags      : FlagsField (3 bits)                 = ()
frag       : BitField (13 bits)                  = (0)
ttl        : ByteField                           = (64)
proto      : ByteEnumField                       = (0)
chksum     : XShortField                         = (None)
src        : SourceIPField                       = (None)
dst        : DestIPField                         = (None)
options    : PacketListField                     = ([])

查看scapy包含哪些模块

ls()

支持的layers查看

\Lib\site-packages\scapy\layers

查看layer包含哪些方法和属性

layer起始就是python中的一个类，而scapy解释器，就是个python解释器的加个壳（增加了自身的类和命令）

scapy核心技能。就是需要针对如下方法和变量能够做到灵活运用

>>> dir(IP())
['__all_slots__',
 '__bool__',
 '__bytes__',
 '__class__',
 '__contains__',
 '__deepcopy__',
 '__delattr__',
 '__delitem__',
 '__dict__',
 '__dir__',
 '__div__',
 '__doc__',
 '__eq__',
 '__format__',
 '__ge__',
 '__getattr__',
 '__getattribute__',
 '__getitem__',
 '__getstate__',
 '__gt__',
 '__hash__',
 '__init__',
 '__init_subclass__',
 '__iter__',
 '__iterlen__',
 '__le__',
 '__len__',
 '__lt__',
 '__module__',
 '__mul__',
 '__ne__',
 '__new__',
 '__nonzero__',
 '__rdiv__',
 '__reduce__',
 '__reduce_ex__',
 '__repr__',
 '__rmul__',
 '__rtruediv__',
 '__setattr__',
 '__setitem__',
 '__setstate__',
 '__sizeof__',
 '__slots__',
 '__str__',
 '__subclasshook__',
 '__truediv__',
 '__weakref__',
 '_answered',
 '_defrag_pos',
 '_do_summary',
 '_name',
 '_overload_fields',
 '_pkt',
 '_resolve_alias',
 '_show_or_dump',
 '_superdir',
 '_tmp_dissect_pos',
 '_ttl',
 '_unpickle',
 'add_payload',
 'add_underlayer',
 'aliastypes',
 'answers',
 'build',
 'build_done',
 'build_padding',
 'build_ps',
 'canvas_dump',
 'chksum',
 'class_default_fields',
 'class_default_fields_ref',
 'class_dont_cache',
 'class_fieldtype',
 'class_packetfields',
 'clear_cache',
 'clone_with',
 'command',
 'convert_packet',
 'convert_packets',
 'convert_to',
 'copy',
 'copy_field_value',
 'copy_fields_dict',
 'decode_payload_as',
 'default_fields',
 'default_payload_class',
 'delfieldval',
 'deprecated_fields',
 'direction',
 'display',
 'dissect',
 'dissection_done',
 'do_build',
 'do_build_payload',
 'do_build_ps',
 'do_dissect',
 'do_dissect_payload',
 'do_init_cached_fields',
 'do_init_fields',
 'dst',
 'explicit',
 'extract_padding',
 'fields',
 'fields_desc',
 'fieldtype',
 'firstlayer',
 'flags',
 'frag',
 'fragment',
 'from_hexcap',
 'get_field',
 'getfield_and_val',
 'getfieldval',
 'getlayer',
 'guess_payload_class',
 'hashret',
 'haslayer',
 'hide_defaults',
 'hops',
 'id',
 'ihl',
 'init_fields',
 'iterpayloads',
 'lastlayer',
 'layers',
 'len',
 'lower_bonds',
 'match_subclass',
 'mysummary',
 'name',
 'options',
 'original',
 'ottl',
 'overload_fields',
 'overloaded_fields',
 'packetfields',
 'payload',
 'payload_guess',
 'pdfdump',
 'post_build',
 'post_dissect',
 'post_dissection',
 'post_transforms',
 'pre_dissect',
 'prepare_cached_fields',
 'proto',
 'psdump',
 'raw_packet_cache',
 'raw_packet_cache_fields',
 'remove_payload',
 'remove_underlayer',
 'route',
 'self_build',
 'sent_time',
 'setfieldval',
 'show',
 'show2',
 'show_indent',
 'show_summary',
 'sniffed_on',
 'sprintf',
 'src',
 'summary',
 'svgdump',
 'time',
 'tos',
 'ttl',
 'underlayer',
 'update_sent_time',
 'upper_bonds',
 'version',
 'whois',
 'wirelen']

 

如何知道layer里的方法怎么使用

最简单的办法是看内置帮助，如下

>>> help(IP())
Help on IP in module scapy.layers.inet object:

class IP(scapy.packet.Packet, IPTools)
 |  IP(*args, **kargs)
 |
 |  Add more powers to a class with an "src" attribute.
 |
 |  Method resolution order:
 |      IP
 |      scapy.packet.Packet
 |      scapy.base_classes.BasePacket
 |      scapy.base_classes.Gen
 |      scapy.base_classes._CanvasDumpExtended
 |      IPTools
 |      builtins.object
 |
 |  Methods defined here:

…………………………………………………………………………………………………………………………………………
以下省略

 

比如查看show（）和show2（）的区别

show(self, dump=False, indent=3, lvl='', label_lvl='')
 |      Prints or returns (when "dump" is true) a hierarchical view of the
 |      packet.
 |
 |      :param dump: determine if it prints or returns the string value
 |      :param int indent: the size of indentation for each layer
 |      :param str lvl: additional information about the layer lvl
 |      :param str label_lvl: additional information about the layer fields
 |      :return: return a hierarchical view if dump, else print it
 |
 |  show2(self, dump=False, indent=3, lvl='', label_lvl='')
 |      Prints or returns (when "dump" is true) a hierarchical view of an
 |      assembled version of the packet, so that automatic fields are
 |      calculated (checksums, etc.)
 |
 |      :param dump: determine if it prints or returns the string value
 |      :param int indent: the size of indentation for each layer
 |      :param str lvl: additional information about the layer lvl
 |      :param str label_lvl: additional information about the layer fields
 |      :return: return a hierarchical view if dump, else print it

show（）是显示一个静态版本，show2（）显示更处理后的信息，例如IP().show2，能显示计算好的checksum

>>> IP().show()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= ip
  chksum= None
  src= 172.24.212.1
  dst= 127.0.0.1
  \options\

>>> IP().show2()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 20
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= ip
  chksum= 0x7bce
  src= 172.24.212.1
  dst= 127.0.0.1
  \options\

scapy基本发包和解析

如下代码，构建一个发包，并同时抓包

 

>>> p,q=sr(IP(dst="172.24.212.7")/TCP(dport=[21,22,23]))
Begin emission:
..Finished sending 3 packets.
....**..*
Received 11 packets, got 3 answers, remaining 0 packets
>>>


>>> p.show()
0000 IP / TCP 172.24.212.1:ftp_data > 172.24.212.7:ftp S ==> IP / TCP 172.24.212.7:ftp > 172.24.212.1:ftp_data SA / Padding
0001 IP / TCP 172.24.212.1:ftp_data > 172.24.212.7:ssh S ==> IP / TCP 172.24.212.7:ssh > 172.24.212.1:ftp_data RA / Padding
0002 IP / TCP 172.24.212.1:ftp_data > 172.24.212.7:telnet S ==> IP / TCP 172.24.212.7:telnet > 172.24.212.1:ftp_data SA / Padding
>>>

p是一个列表，例如上面有3个元素

每个元素也是一个元组，里面有两个成对元素，一个发的包，一个是应答包

>>> p[0]
(>,
 >>)

有应答包的三个包中，第一个发出的包，p[0][0]，其对应的包是p[0][1]
 

>>> p[0][0].show()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 172.24.212.1
  dst= 172.24.212.7
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= ftp
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= []

 

>>> p[0][0].show()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 172.24.212.1
  dst= 172.24.212.7
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= ftp
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= []