Created
December 2, 2020 16:24
-
-
Save johnbumgarner/ff8c463dc668648dd9ffb0a9a9d939bc to your computer and use it in GitHub Desktop.
This function is designed to extract the HTTP information from IPv4 and ICMPv6 packets.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def extract_http_information(packet): | |
""" | |
This function is designed to extract the HTTP information from IPv4 and ICMPv6 packets. | |
:param packet: PCAP packet | |
:return: | |
""" | |
try: | |
if 'IPv4' in str(packet.layers[0]) and 'HTTP' in str(packet.layers): | |
source_address = packet.ip.src | |
destination_address = packet.ip.dst | |
field_names = packet.http._all_fields | |
http_method = {val for key, val in field_names.items() if key == 'http.request.method'} | |
if 'GET' in str(http_method): | |
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.user_agent'}) | |
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'}) | |
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.referer'}) | |
url_requested = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.full_uri'}) | |
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.uri.query'}) | |
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'}) | |
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.cookie_pair'}) | |
elif 'POST' in str(http_method): | |
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.user_agent'}) | |
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'}) | |
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.referer'}) | |
http_content_type = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.full_uri'}) | |
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.uri.query'}) | |
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'}) | |
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.cookie_pair'}) | |
http_data = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.file_data'}) | |
elif 'IPV6' in str(packet.layers) and 'HTTP' in str(packet.layers): | |
source_address = packet.ipv6.src | |
destination_address = packet.ipv6.dst | |
field_names = packet.http._all_fields | |
http_method = {val for key, val in field_names.items() if key == 'http.request.method'} | |
if 'GET' in str(http_method): | |
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.user_agent'}) | |
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'}) | |
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.referer'}) | |
url_requested = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.full_uri'}) | |
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.uri.query'}) | |
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'}) | |
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.cookie_pair'}) | |
http_data = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.file_data'}) | |
elif 'POST' in str(http_method): | |
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.user_agent'}) | |
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'}) | |
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.referer'}) | |
http_content_type = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.full_uri'}) | |
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.request.uri.query'}) | |
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'}) | |
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.cookie_pair'}) | |
http_data = ' '.join(str(e) for e in {val for key, val in field_names.items() | |
if key == 'http.file_data'}) | |
except AttributeError as e: | |
# ignore packets that do not contain a HTTP layer | |
pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment