linux下抓取http数据包的两种方式

0x01 利用pcap包进行抓包

利用pcap对http进行抓包，缺点是pypcap包要安装一系列的依赖包，安装比较麻烦。且pypcap包更新缓慢。

#_*_coding=utf-8_*_
import pcap
import dpkt

class Capute(object):
    '''
    类的作用是抓取http请求
    '''
    def __init__(self):
        self.target = 'demo.aisec.cn'
        self.caputeRequest()
    
    def caputeRequest(self):
        '''
        监听当前类的请求
        '''
        pc = pcap.pcap('eth0')
        pc.setfilter('tcp port 80')

        for ptime,pdata in pc:
            p = dpkt.ethernet.Ethernet(pdata)
            try:
                ip = p.data
                tcp = ip.data
                if tcp.dport == 80 and len(tcp.data)>0:
                    http = dpkt.http.Request(tcp.data)
                    host = http.headers['host']
                    if (host == self.target):
                        if http.method == "GET":
                            http_get_url = "http://{0}{1}".format(self.target, http.uri)
                            print http_get_url  #get型请求
                                                
                        elif http.method == "POST":
                            http_url = "{0}?".format(http.uri) if http.uri[-1:]!="?" else http.uri
                            if http.body:
                                http_post_url = "http://{0}{1}{2}".format(self.target, http_url, http.body)
                            else:
                                http_post_url = "http://{0}{1}".format(self.target,http_url)
                            print http_post_url  #post请求，body内容直接拼接在URL后，可根据自己的情况修改
            except Exception,e:
                pass

抓包结果：

root@kali:/home/test/test# python cap.py 
http://demo.aisec.cn/demo/aisec/login2.php?username=aaaaaaaa&password=aaaaaaaaaaaaaa
http://demo.aisec.cn/demo/aisec
http://demo.aisec.cn/demo/aisec/
http://demo.aisec.cn/demo/aisec/ajax_link.php?id=1&t=0.9103860526513613?
http://demo.aisec.cn/demo/aisec/
http://demo.aisec.cn/demo/aisec/ajax_link.php?id=1&t=0.22269654061950928?
http://demo.aisec.cn/demo/aisec/html_link.php?id=2

0x02 利用scapy进行抓包

scapy功能强大，易于安装和使用，有完整的开发文档等等优点，建议使用scapy进行抓包。

#_*_coding=utf-8_*_

import sys
import scapy_http.http as HTTP
from scapy.all import *
from scapy.error import Scapy_Exception

class Capute(object):
    '''
    嗅探数据包
    '''
    def __init__(self):
        self.host = 'demo.aisec.cn'
        self.port = 80
        self.run()

    def pktTCP(self,pkt):
        if HTTP.HTTPRequest in pkt:
            test=pkt[TCP].payload
            if HTTP.HTTPRequest in pkt:
                if test.Method == "POST":
                    headers,body= str(test).split("\r\n\r\n",1)
                    path = "{0}?".format(test.Path) if test.Path[-1:] !="?" else test.Path
                    link = "http://{0}{1}{2}".format(test.Host,path,body)
                    if test.Host == self.host:
                        print link
                elif (test.Method == "GET"):
                    link = "http://{0}{1}".format(test.Host,test.Path)
                    if test.Host == self.host:
                        print link
                else:
                    pass
    def run(self):
        sniff(filter='tcp and port %d'%self.port,prn=self.pktTCP)

抓包结果：

root@kali:/home/test/test# python http.py 
http://demo.aisec.cn/demo/aisec/login2.php?username=test&password=aaaaaa
http://demo.aisec.cn/demo/aisec/
http://demo.aisec.cn/demo/aisec/ajax_link.php?id=1&t=0.5521931602579171?
http://demo.aisec.cn/demo/aisec/html_link.php?id=2