Skip to content

Instantly share code, notes, and snippets.

@iddoeldor

iddoeldor/read_pcap_data.py

Created June 6, 2018 21:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save iddoeldor/c371bbd0de4a9c22492a162b0abd0a35 to your computer and use it in GitHub Desktop.
Save iddoeldor/c371bbd0de4a9c22492a162b0abd0a35 to your computer and use it in GitHub Desktop.
Download ZIP
iterate over pcap, base64 decode packet data w/ python
Raw
read_pcap_data.py
import json
from pprint import pprint
from scapy.all import *
packets = rdpcap('sniff.cap')
# Let's iterate through every packet
c = 1
arr = []
for packet in packets:
p = {
'idx': c,
'src': packet[IP].src,
'dst': packet[IP].dst
}
if not isinstance(packet[TCP].payload, scapy.packet.NoPayload):
payload = json.loads(bytes(packet[TCP].payload).decode('utf-8'))
p.update(payload)
p['_data'] = base64.b64decode(payload['data']).decode('utf-8')
p.__delitem__('data')
arr.append(p)
c += 1
pprint(arr)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment