Skip to content

Instantly share code, notes, and snippets.

@johnbumgarner

johnbumgarner/extract_http_information.py

Created December 2, 2020 16:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save johnbumgarner/ff8c463dc668648dd9ffb0a9a9d939bc to your computer and use it in GitHub Desktop.
Save johnbumgarner/ff8c463dc668648dd9ffb0a9a9d939bc to your computer and use it in GitHub Desktop.
Download ZIP
This function is designed to extract the HTTP information from IPv4 and ICMPv6 packets.
Raw
extract_http_information.py
def extract_http_information(packet):
"""
This function is designed to extract the HTTP information from IPv4 and ICMPv6 packets.
:param packet: PCAP packet
:return:
"""
try:
if 'IPv4' in str(packet.layers[0]) and 'HTTP' in str(packet.layers):
source_address = packet.ip.src
destination_address = packet.ip.dst
field_names = packet.http._all_fields
http_method = {val for key, val in field_names.items() if key == 'http.request.method'}
if 'GET' in str(http_method):
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.user_agent'})
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'})
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.referer'})
url_requested = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.full_uri'})
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.uri.query'})
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'})
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.cookie_pair'})
elif 'POST' in str(http_method):
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.user_agent'})
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'})
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.referer'})
http_content_type = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.full_uri'})
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.uri.query'})
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'})
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.cookie_pair'})
http_data = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.file_data'})
elif 'IPV6' in str(packet.layers) and 'HTTP' in str(packet.layers):
source_address = packet.ipv6.src
destination_address = packet.ipv6.dst
field_names = packet.http._all_fields
http_method = {val for key, val in field_names.items() if key == 'http.request.method'}
if 'GET' in str(http_method):
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.user_agent'})
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'})
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.referer'})
url_requested = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.full_uri'})
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.uri.query'})
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'})
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.cookie_pair'})
http_data = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.file_data'})
elif 'POST' in str(http_method):
user_agent = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.user_agent'})
host = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.host'})
http_referer = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.referer'})
http_content_type = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.full_uri'})
query_parameter = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.request.uri.query'})
cookie = ' '.join(str(e) for e in {val for key, val in field_names.items() if key == 'http.cookie'})
cookie_pair = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.cookie_pair'})
http_data = ' '.join(str(e) for e in {val for key, val in field_names.items()
if key == 'http.file_data'})
except AttributeError as e:
# ignore packets that do not contain a HTTP layer
pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment