[我正在尝试编写一个Python脚本,以拦截来自Linux计算机上eth0接口的所有HTTP请求。
我只能看到从客户端发送到服务器的HTTP数据包(例如192.168.1.201-> 151.101.1.69),但是我从未看到从服务器发送到客户端的HTTP数据包(例如151.101。 1.69-> 192.168.1.201)...
这里是完整的python脚本...
运行时,仅通过以下条件:
if http_packet[TCP].dport == 80:
并且永远不会通过以下条件:
if http_packet[TCP].sport == 80:
谢谢!
# apt-get install build-essential python-dev libnetfilter-queue-dev
# pip install NetfilterQueue
# sudo apt-get install python-netfilterqueue
# iptables -F
# iptables -F -t nat
# iptables -I FORWARD -j NFQUEUE --queue-num 0
from netfilterqueue import NetfilterQueue
import scapy.all as scapy
import re
import os
from scapy.layers.inet import IP, TCP
os.system("echo '1' > /proc/sys/net/ipv4/ip_forward")
os.system("iptables -F")
os.system("iptables -F -t nat")
os.system("iptables -A FORWARD -j NFQUEUE --queue-num 0")
ip_src = ""
ip_dst = ""
def print_and_accept(packet):
global ip_src, ip_dst, dst_port, src_port
http_packet = scapy.IP(packet.get_payload())
if http_packet.haslayer(scapy.Raw) and http_packet.haslayer(TCP):
if IP in http_packet:
ip_src = http_packet[IP].src
ip_dst = http_packet[IP].dst
print(ip_src + " -> " + ip_dst)
if http_packet[TCP].dport == 80:
print(ip_src + " -> " + ip_dst + " ** client to server **")
load = http_packet[scapy.Raw].load
print(load)
load = re.sub("Accept-Encoding:.*?\\r\\n", "", load)
if http_packet[TCP].sport == 80:
print(ip_src + " -> " + ip_dst + " ** server to client **")
load = http_packet[scapy.Raw].load
print(load)
load = re.sub("Accept-Encoding:.*?\\r\\n", "", load)
packet.accept()
nf_queue = NetfilterQueue()
nf_queue.bind(0, print_and_accept)
try:
nf_queue.run()
except KeyboardInterrupt:
os.system("iptables -F")
os.system("iptables -F -t nat")
print("Gettin' out")
nf_queue.unbind()
问题是由于启动此脚本之前发出了“ arpspoof”命令。是arpspoof命令正在创建用于网络数据包拦截的过滤器。