Skip to content

Instantly share code, notes, and snippets.

@hakanbaysal

hakanbaysal/read_pcap_data.py

Forked from iddoeldor/read_pcap_data.py
Created February 19, 2021 15:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hakanbaysal/9d4a9ac032f8aaa238fbd7c1e59af839 to your computer and use it in GitHub Desktop.
Save hakanbaysal/9d4a9ac032f8aaa238fbd7c1e59af839 to your computer and use it in GitHub Desktop.
Download ZIP
iterate over pcap, base64 decode packet data w/ python
Raw
read_pcap_data.py
import json
from pprint import pprint
from scapy.all import *
packets = rdpcap('sniff.cap')
# Let's iterate through every packet
c = 1
arr = []
for packet in packets:
p = {
'idx': c,
'src': packet[IP].src,
'dst': packet[IP].dst
}
if not isinstance(packet[TCP].payload, scapy.packet.NoPayload):
payload = json.loads(bytes(packet[TCP].payload).decode('utf-8'))
p.update(payload)
p['_data'] = base64.b64decode(payload['data']).decode('utf-8')
p.__delitem__('data')
arr.append(p)
c += 1
pprint(arr)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment