Python Scapy - 拦截并修改localhost上的http数据包 [英] Python Scapy - Intercept and modify http packet on localhost

问题描述

我在localhost上运行apache2，我想拦截并修改来自localhost的http请求。通过修改我想将标题的Accept-Encoding属性更改为'identity'。使用Burp-Suite，它工作得很好。但是，使用我的scapy脚本似乎已经发送了数据包，因为http响应仍然是编码的。

I have apache2 running on localhost and I want to intercept and modify an http request from my localhost. By modifying I want to change the Accept-Encoding attribute of the header to 'identity'. Using Burp-Suite, it works just fine. However, using my scapy script it seems that the packet is already sent because the http response is still encoded.

来自scapy.all import * $的scapy脚本：

The scapy script:

from scapy.all import *

def intercept(pkt):

   if pkt.haslayer(Raw):
      http_content = pkt.getlayer(Raw).load

      http_content = http_content.replace("Accept-Encoding: gzip, deflate", "Accept-Encoding: identity")
      pkt[Raw].load = http_content         
      print pkt.show()
      send(pkt)

def main():
   sniff(iface='lo', filter='tcp port 80', prn=intercept)

if __name__ == '__main__':
   main() 

这就是我得到的回报作为回复：

This is what I get back as a response:

<skipped>
###[ Raw ]###
           load      = 'HTTP/1.1 200 OK\r\nDate: Thu, 11 Aug 2016 09:34:38 GMT\r\nServer: Apache/2.4.23 (Debian)\r\nLast-Modified: Thu, 11 Aug 2016 09:34:25 GMT\r\nETag: "7d-539c878b8f8fd-gzip"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 103\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xb3\xc9(\xc9\xcd\xb1\xe3\xb2\xc9HML\xb1\xe3RPP\xb0)\xc9,\xc9I\xb5\xf3H\xcd\xc9\xc9W\x08\xcf/\xcaI\xb1\xd1\x87\x08q\xd9\xe8CT\xd9$\xe5\xa7TB\x14g\x18!\xabT\x04\xaa0\x82H\x14@\xc5\x13\xd3\x133\xf3\xf4\xf4\xf4l\xf4\x0b@\x06@t\x02\x95\x81m\x05\x00\x1c\x95F\x1d}\x00\x00\x00'

已编码。

有人可以帮忙吗？

推荐答案

据我所知scapy不能让您修改已由系统创建的数据包。当然，您可以制作和检查数据包，但不能修改已创建的数据包。
正确指出这里 Scapy嗅探数据包不干扰主机的IP堆栈。
但是对于Linux，你可以尝试将 scapy 与 nfqueue 模块结合起来。 nfqueue模块允许您修改（使用scapy）满足特定iptables规则的数据包。

Well as far as I know scapy doesn't give you the ability to modify packets that are already created by your system. Of course you can craft and inspect packets but cannot modify already created packets. As it is correctly pointed out here Scapy sniffs packets without interfering with the host's IP stack. But for Linux you could try to combine scapy with the nfqueue module. The nfqueue module lets you modify(using scapy) packets that meet a certain iptables rule.

这篇关于Python Scapy - 拦截并修改localhost上的http数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！