Created
June 6, 2018 21:20
-
-
Save iddoeldor/c371bbd0de4a9c22492a162b0abd0a35 to your computer and use it in GitHub Desktop.
iterate over pcap, base64 decode packet data w/ python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
from pprint import pprint | |
from scapy.all import * | |
packets = rdpcap('sniff.cap') | |
# Let's iterate through every packet | |
c = 1 | |
arr = [] | |
for packet in packets: | |
p = { | |
'idx': c, | |
'src': packet[IP].src, | |
'dst': packet[IP].dst | |
} | |
if not isinstance(packet[TCP].payload, scapy.packet.NoPayload): | |
payload = json.loads(bytes(packet[TCP].payload).decode('utf-8')) | |
p.update(payload) | |
p['_data'] = base64.b64decode(payload['data']).decode('utf-8') | |
p.__delitem__('data') | |
arr.append(p) | |
c += 1 | |
pprint(arr) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment