python修改pcap包指定字段的值
用wireshark抓包后要修改固定字段的值,代码如下:
实现思路:
1. 用wireshark 打开pcap包,找到要修改的字段位置
2.用scapy读取pcap包,取出指定位置的值,判断是否为要替换的值,如果是替换新值后,把数据流拼接成新的一条完成数据流,放入新的数据包中,如果不符合的不修改直接放回,具体代码如下:
一次修改单一IP的值
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | from tqdm import tqdmfrom scapy.utils import PcapReader, PcapWriterimport socketOLD_SOURCE_IP = '192.168.1.100'OLD_DEST_IP = '192.168.2.100'OLD_TEID = '0x0e60b0a4'NEW_TEID = '0xd970575e'NEW_SOURCE_IP = '172.16.1.100'NEW_DEST_IP = '172.16.1.200'i_filepath = "tpcu_200000.pcap" # pcap to reado_filepath = "out_{0}".format(i_filepath) # pcap to writei_open_file = PcapReader(i_filepath)o_open_file = PcapWriter(o_filepath) # opened file to writenew_pkt = ''for packet in tqdm(i_open_file): byteArray = packet['Raw'].load # format ip source_ip = socket.inet_ntoa(byteArray[26:30]) des_ip = socket.inet_ntoa(byteArray[30:34]) if source_ip == OLD_SOURCE_IP and des_ip == OLD_DEST_IP: # ip to bytes new_source_ip = socket.inet_aton(NEW_SOURCE_IP) new_dest_ip = socket.inet_aton(NEW_DEST_IP) # hex to bytes new_teid = bytes.fromhex(NEW_TEID.replace('0x','')) new_pkt = byteArray[0:26] + new_source_ip + new_dest_ip + byteArray[34:46] + new_teid+byteArray[50:] # write new pacp package o_open_file.write(new_pkt) elif source_ip == OLD_DEST_IP and des_ip == OLD_SOURCE_IP: new_source_ip = socket.inet_aton(NEW_DEST_IP) new_dest_ip = socket.inet_aton(NEW_SOURCE_IP) new_teid = bytes.fromhex(NEW_TEID.replace('0x', '')) new_pkt = byteArray[0:26] + new_source_ip + new_dest_ip + byteArray[34:46] + new_teid + byteArray[50:] o_open_file.write(new_pkt) else: new_pkt = byteArray o_open_file.write(new_pkt) |
批量修改IP的值,dpkt 读取pcap包的性能是scapy的10倍以上,批量操作时读取用dpkt进行读取,替换时间从12s优化到3s左右。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | from tqdm import tqdmfrom scapy.utils import PcapReader, PcapWriterimport socketfrom config import *from dpkt.pcap import Reader'''data = [{"source_ip":[old_source_ip,new_source_ip], "dest_ip":[old_dest_ip,new_dest_ip],"teid":[old_teid,new_teid]},<br> {"source_ip":[old_source_ip,new_source_ip], "dest_ip":[old_dest_ip,new_dest_ip],"teid":[old_teid,new_teid]}<br> ]<br>'''# pcap to writeo_filepath = "out_dpkt_{0}".format(i_filepath)i_open_file = PcapReader(i_filepath)# opened file to writeo_open_file = PcapWriter(o_filepath)new_pkt = ''flags = 0def bytes_format_ip(byte): return socket.inet_ntoa(byte)def ip_format_bytes(ip): return socket.inet_aton(ip)def hex_format_bytes(hex_value): return bytes.fromhex(hex_value.replace('0x',''))with open(i_filepath,'rb') as f: for _, byteArray in tqdm(Reader(f)): flags = 0 source_ip = bytes_format_ip(byteArray[26:30]) des_ip = bytes_format_ip(byteArray[30:34]) teid = byteArray[46:50] for i in data: if teid == hex_format_bytes(i["teid"][0]) and source_ip == i["source_ip"][0] and des_ip == i["dest_ip"][0]: new_source_ip = ip_format_bytes(i["source_ip"][-1]) new_dest_ip = ip_format_bytes(i["dest_ip"][-1]) new_teid = hex_format_bytes(i["teid"][-1]) new_pkt = byteArray[0:26] + new_source_ip + new_dest_ip + byteArray[34:46] + new_teid + byteArray[50:] o_open_file.write(new_pkt) flags = 1 break # Unqualified direct return if flags == 0: o_open_file.write(byteArray)# if __name__ == '__main__':# update_ip_teid() |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
· 周边上新:园子的第一款马克杯温暖上架