Read pcap and assemble HTTP requests
Project description
Pcaper provides class to read pcap file, assemble and iterate HTTP requests. The package based on dpkt.
Installation
pip install pcaper
Import
import pcaper
reader = pcaper.HTTPRequest()
or
from pcaper import HTTPRequest
reader = HTTPRequest()
Examples
Iterate HTTP requests
Read pcap file, assemble and iterate HTTP requests
reader = pcaper.HTTPRequest()
params = {
'input': 'file.pcap',
}
for request in reader.read_pcap(params):
print request['origin']
Extract http headers
You can extract header by name
reader = pcaper.HTTPRequest()
params = {
'input': 'file.pcap',
}
for request in reader.read_pcap(params):
print request['headers']['host']
print request['headers']['content-length']
Filter packets
It is possible to filter out excess packets
reader = pcaper.HTTPRequest()
params = {
'input': 'file.pcap',
'filter': 'tcp.dst == 1.1.1.1'
}
for request in reader.read_pcap(params):
print request['origin']
You can combine tcp and ip filters in dpkt style
params1 = {
'input': 'file.pcap',
'filter': 'tcp.dport == 80 and ip.src == 1.1.1.1'
}
params2 = {
'input': 'file.pcap',
'filter': 'tcp.sport == 8888 or ip.dst == 2.2.2.2'
}
Notes
New pcapng format is not supported by dpkt package, but you can convert input file from pcapng to pcap format with standard utility, which is installed with wireshark package.
mergecap file.pcapng -w out.pcap -F pcap
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pcaper-1.0.0.tar.gz
(4.6 kB
view hashes)
Built Distribution
Close
Hashes for pcaper-1.0.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 98bbe245705cd6fd6ff0998a58e7dfa73227e4c5eae191f36aa22fa50f9189a6 |
|
MD5 | befaf1d95116c1a9be6b8e1b653a520a |
|
BLAKE2b-256 | dfa8f051197b2ada5fa2b29fbedbad14be5de3513163e23b884f4466022339ed |