Python 中的 URL 嗅探

发布于 2024-10-26 06:40:25 字数 304 浏览 5 评论 0原文

有谁知道如何用 Python 编写实时数据嗅探器来提取原始 IP 地址和正在访问的完整 URL?我已经考虑过从 urlsnarf 提取数据,但是不支持 IPv6(并且连接将连接到 IPv6 主机)。

虽然我可以从 tcpdump 中提取数据并为 GET/POST 进行 greping,但这只会留下网络服务器上的路径,并且我不会获得关联的 FQDN。不幸的是,由于环境配置的原因,无法选择使用带有 IPv6 TPROXY 的 SQUID。

有谁知道如何使用 libpcap 的 Python 绑定来做到这一点?我们将非常感谢您的帮助:)

谢谢:)

Does anyone know how to write a live data sniffer in Python which extracts the originating IP address and the full URL that was being accessed? I have looked at pulling data from urlsnarf however IPv6 is not supported (and the connections will be to IPv6 hosts).

While I can pull data from tcpdump and greping for GET/POST that would leave me with simply the path on the webserver, and I would not obtain the associated FQDN. Unfortunately using SQUID w/ IPv6 TPROXY is not an option due to the configuration of the environment.

Does anyone have any ideas on how to do this with Python bindings for libpcap? Your help would be most appreciated :)

Thanks :)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

莫言歌 2024-11-02 06:40:25

不幸的是,对于 IPv6,您只能自己进行 TCP 重组。好消息是您只关心 URL 数据,这些数据(通常)应该位于一两个数据包中。

您应该能够使用 pylibpcap 来完成此操作。您需要在 pcap 对象上使用 setfilter 以确保您只查看 TCP 流量。当您在 pcap 循环中前进时,您将向有效负载应用一些 HTTP 正则表达式。如果您有类似 HTTP 流量的内容,请继续尝试解析标头以获取 URL 数据。希望您能获得完整的 URL,并在数据包末尾之前换行。如果没有,您将不得不进行一些轻量级 TCP 重组。

哦,您将需要使用 socket.inet_ntop 和 socket.getaddrinfo 来打印有关 IPv6 主机的信息。

Unfortunately, with IPv6 you are stuck doing your own TCP re-assembly. The good news that you are only concerned with URL data which should (generally) be in one or two packets.

You should be able to get away with using pylibpcap to do this. You'll want to use setfilter on your pcap object to make sure you are only looking at TCP traffic. As you move forward in your pcap loop you'll apply some HTTP regular expressions to the payload. If you have what looks like HTTP traffic go ahead and try to parse the header to get at the URL data. Hopefully, you'll get full URL with a line break before the end of the packet. If not, you are going to have to do some lightweight TCP reassembly.

Oh, and you'll want to use socket.inet_ntop and socket.getaddrinfo to print out info about the IPv6 host.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文