Manipulación de datos sin procesar de Scapy

I am having troubles manipulating raw data. I am trying to change around a resp_cookie in my ISAKMP header and when I do a sniff on the packet it is all in raw data format under Raw Load='\x00\x43\x01........... ' with about 3 lines like that. When I do a Wireshark capture I see the information I want to change but I cant seem to find a way to convert and change that raw data to find and replace the information I am looking for. Also, I can see the information I need when I do a hexdump(), but I can't store that in a variable. when I type i = hexdump(pkt) it spits out the hexdump but doesn't store the hexdump in i.

preguntado el 09 de septiembre de 13 a las 20:09

Welcome to StackOverflow - Please be sure to read the Nosotros and get your first badge! You will also learn more about asking solid questions. -

1 Respuestas

So this post is a little old, but I've come across it a dozen or so times trying to find the answer to a similar problem I'm having. I doubt OP has need for an answer anymore, but if anyone else is looking to do something you go!

I found the following code snippet somewhere in the deep, dark depths of google and it worked for my situation.

Hexdump(), show() and other methods of Scapy just output the packet to the terminal/console; they don't actually return a string or any other sort of object. So you need a way to intercept that data that it intends to write and put it in a variable to be manipulated.


import io
import scapy

#generic scapy sniff
sniff(iface=interface,prn=parsePacket, filter=filter)

With the above sniff method, you're going to want to do the following.

def parsePacket(packet):

    outputPacket = '' 

    qsave = sys.stdout
    q = io.StringIO() 

    sys.stdout = q  

    #Text you're capturing

    #restore original stdout
    sys.stdout = qsave

    #release output
    sout = q.getvalue()

    #Add to string (format if need be)
    outputPacket += sout + '\n'

    #Close IOStream

    #return your packet
    return outputPacket

The string you return (outputPacket) can now be manipulated how you want.

Swap out .show() with whatever function you see fit.

P.S. Forgive me if this is a little rough from a Pythonic point of view...not a python dev by any stretch.

Respondido el 16 de junio de 17 a las 19:06

Hello, if you are using python 3 you should specify that you're usnig scapy3k - Cukic0d

Woops. Figured it went without saying that this would be for the version of Scapy that works with Python 3. - CanBeNull

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.