Read pcap and assemble HTTP requests
Project description
The package helps to assemble and iterate HTTP requests. Pcaper provides class to read traffic files in pcap or har formats, executable converters - pcap2txt and har2txt. PcapParser based on dpkt. HarParser uses built-in json package.
pcaper extends dpkt.http.Request class. Following fields of HTTP request are available:
timestamp - timestamp of the last packet of original HTTP request
src - source IP address
dst - destination IP address
sport - source TCP port
dport - destination TCP port
method - HTTP request method
version - HTTP protocol version
uri - HTTP request URI
headers - ordered dictionary of HTTP headers
origin_headers - ordered dictionary HTTP headers with case sensetive names
body - HTTP request body
origin - original HTTP request
Installation
pip install pcaperImport
import pcaper
pcap_parser = pcaper.PcapParser()
har_parser = pcaper.HarParser()Examples
Iterate HTTP requests
Read pcap file, assemble and iterate HTTP requests
from pcaper import PcapParser
pcap_parser = PcapParser()
params = {
'input': 'file.pcap',
}
for request in pcap_parser.read_pcap(params):
print(request.origin)from pcaper import HarParser
har_parser = HarParser()
params = {
'input': 'file.har'
}
for request in har_parser.read_har(params):
print(request.origin)Extract separate HTTP request headers
You can extract header by name
reader = pcaper.PcapParser()
params = {
'input': 'file.pcap'
}
for request in reader.read_pcap(params):
print(request.headers['host'])
print(request.headers['user-agent'])Filter TCP/IP packets
It is possible to filter out excess packets
reader = pcaper.PcapParser()
params = {
'input': 'file.pcap',
'filter': 'tcp.dst == 1.1.1.1'
}
for request in reader.read_pcap(params):
print(request.origin)You can combine tcp and ip filters in dpkt style
reader = pcaper.PcapParser()
params = {
'input': 'file.pcap',
'filter': '(ip.src == 10.4.0.136 or ip.dst == 10.1.40.61) and tcp.dport == 8888'
}
for request in reader.read_pcap(params):
print(request.origin)It is possible to use excluding filter in dpkt style
reader = pcaper.PcapParser()
params = {
'input': 'file.pcap',
'filter': 'tcp.dport != 8888 and ip.dst != 10.1.40.61'
}
for request in reader.read_pcap(params):
print(request.origin)Note
New pcapng format is not supported by dpkt package, but you can convert input file from pcapng to pcap format with standard utility, which is installed with wireshark package.
mergecap file.pcapng -w out.pcap -F pcapScripts
pcap2txt
The pcap2txt script is installed to Python directory and can be executed directly in command line
It simplify parsing of pcap files. Just extract HTTP requests including its headers and body and print out complete data to console or file.
Print HTTP requests from pcap file:
pcap2txt file.pcapFilter TCP/IP packets, extract HTTP requests and write to external file:
pcap2txt -f "tcp.dport == 8080 and ip.dst != 10.10.10.10" -o file.out file.pcapFilter HTTP packets
pcap2txt -F '"rambler.ru" in http.uri' file.pcapYou can use logical expressions in filters
pcap2txt -F '"keep-alive" in http.headers["connection"] or "Keep-alive" in http.headers["connection"]' file.pcapStandard Python string functions over HTTP request headers
pcap2txt -F '"keep-alive" in http.headers["connection"].lower()' file.pcapUse excluding filters also
pcap2ammo -F '"rambler.ru" not in http.uri' file.pcapPrint statistics about counted requests:
pcap2txt -f "ip.src == 10.10.10.10" -S file.pcap
Stats:
total: 1
complete: 1
incorrect: 0
incomplete: 0har2txt
The har2txt script is installed to Python directory and can be executed directly in command line
It simplify parsing of har files. Just extract HTTP requests including its headers and body and print out complete data to console or file.
Print HTTP requests from har file:
har2txt file.harFilter HTTP packets
har2txt -F 'http.verision == "1.1"' file.harUse excluding filters also
har2txt -F '"rambler.ru" not in http.uri' file.harFilter packets with destination IP. pcaper extracts data from har file, which contains destination IP (dst filed), but doesn’t contain source IP, source and destination ports.
har2txt -F 'http.dst == "1.1.1.1"' file.harPrint statistics about counted requests:
har2txt -S -F 'http.dst == "10.10.10.10' file.har
Stats:
total: 1
complete: 1
incorrect: 0
incomplete: 0Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pcaper-1.0.11.tar.gz.
File metadata
- Download URL: pcaper-1.0.11.tar.gz
- Upload date:
- Size: 14.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.1.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.7.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 65f9aea7ec97f42fbdf10ae8a6695226fe773499ef2eb477c724f998d7972075 |
|
| MD5 | 2730193e2884daba6dd946b1151a48f7 |
|
| BLAKE2b-256 | f92585ca63853334a9871f7289a3ab1b5824d14e776a8b402d5ea931244a1fba |
File details
Details for the file pcaper-1.0.11-py2.py3-none-any.whl.
File metadata
- Download URL: pcaper-1.0.11-py2.py3-none-any.whl
- Upload date:
- Size: 16.9 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.1.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.7.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4aa52c95ddb0a279549f07d271940c03f79a3d06089b1f5081b4c12d60d956e2 |
|
| MD5 | 94524a0f332f1d13ae32c6253d5bef71 |
|
| BLAKE2b-256 | ce7ca58575be9cd06b926fc961f04d28ce04f91c27848e5cc0fb92e2352df907 |
