-
-
Save hakanbaysal/9d4a9ac032f8aaa238fbd7c1e59af839 to your computer and use it in GitHub Desktop.
iterate over pcap, base64 decode packet data w/ python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
from pprint import pprint | |
from scapy.all import * | |
packets = rdpcap('sniff.cap') | |
# Let's iterate through every packet | |
c = 1 | |
arr = [] | |
for packet in packets: | |
p = { | |
'idx': c, | |
'src': packet[IP].src, | |
'dst': packet[IP].dst | |
} | |
if not isinstance(packet[TCP].payload, scapy.packet.NoPayload): | |
payload = json.loads(bytes(packet[TCP].payload).decode('utf-8')) | |
p.update(payload) | |
p['_data'] = base64.b64decode(payload['data']).decode('utf-8') | |
p.__delitem__('data') | |
arr.append(p) | |
c += 1 | |
pprint(arr) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment