如何将http标头添加到使用scapy嗅探的数据包中 [英] how to add http headers to a packet sniffed using scapy

问题描述

我正在尝试使用scapy嗅出一个输出的http数据包，在其中添加一些新的http标头并将其发送出去。这里的目的是仅在保持数据包完整的同时插入新标头。在最大任何校验和时，如果需要，应该重新计算。

I am trying to sniff an out going http packet using scapy, add a few new http headers in it and send it ahead. The intention here is to only insert new headers while keeping the packet intact. At max any checksum recalculation should be done if needed.

几乎所有关于SO的问题都没有完全得到解决方案。

Have been through almost all questions on SO but didn't exactly get a solution.

以下是我的工作。

def parse(pkt):

    if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80 and pkt.haslayer(Raw):
        pkt = pkt / "New Header:value\r\n\r\n"

        # OR i tried this
        #pkt = pkt.getlayer(Raw).load / Raw.load(load="New Header:value\r\n\r\n")

        #pkt.getlayer(Raw).load("New Header:value\r\n\r\n")
        pkt.show()
        #del pkt[IP].chksum
        send(pkt)
#end parse function

# start sniffing
a=sniff(filter="tcp and ( port 80 )", prn=parse)

问题在于上面的代码插入一个新的原始有效负载部分而不是添加一个普通的头根据HTTP标准，已经有一个双重换行符\\\ n \\\\\ n来表示标头终止。

The problem is that above code inserts a new raw payload section instead of adding a plain header. There is already a double newline \r\n\r\n to indicate header termination according to HTTP standard.

为了解决这个问题，我尝试删除最后一个\\\\ n通过以下操作

To overcome this i tried removing the last \r\n by doing as follows

   #pkt = pkt.getlayer(Raw).load[-2:] / Raw.load(load="New Header:value\r\n\r\n")

但是这会删除所有以前存在的标题，只剩下新标题。

But this strips all of the previously existing headers and only the "New Header" remains.

我在Linux mint上试过这个。

I have tried this on Linux mint.

更新：
我正在尝试创建一个新的http有效载荷，它将包含以前的标题，我将添加一些。有人可以帮助解决现有图层的问题吗？

推荐答案

如果我理解正确，那你就是问题所在您希望使用新标头更新现有HTTP请求。你想要的是更新一个字符串，Python不能直接做（字符串是不可变的）。

If I understand correctly, the problem you're having is that you want to update an existing HTTP request with a new header. What you want is to update a string in place, which Python can't do directly (strings are immutable).

所以你应该做的是取HTTP头：

So what you should do is take the HTTP header:

old_hdr = pkt [Raw] 或 old_hdr = pkt [TCP] .payload

并像字符串一样操纵它：

and manipulate it like a string:

new_hdr = 'New Header: value'
hdr = old_hdr.split('\r\n') # This is a crappy hack. Parsing HTTP headers
hdr.insert(new_hdr, 2)      # is a [solved problem][1].
send_hdr = '\r\n'.join(hdr)
pkt[TCP].payload = send_hdr

如果您发现校验和没有更新，请在发送数据包之前将其删除：

If you find checksums are not updating, delete them before sending the packet:

del pkt[TCP].chksum

并且Scapy将为您提供正确的值。

and Scapy will put them back for you, with the right values.

编辑：我刚注意到我的链接失败了。 此处是如何解析HTTP标头。

I just noticed that my link is fail. Here is how to parse HTTP headers.

这篇关于如何将http标头添加到使用scapy嗅探的数据包中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！