frontsidefix

frontsidefix.py

#!/usr/bin/env python2
# -*- coding: utf-8 -*-

#
# frontsidefix
# https://github.com/vesche
#

import argparse
import os
import sys

from scapy.all import *

# this is the IPv4 version and header length const
# \x08\x00\x45\x00 as a byte array
STATIC = [8, 0, 69, 0]


def get_parser():
    parser = argparse.ArgumentParser(description='frontsidefix')
    parser.add_argument('-i', '--input', help='pcap file in',
                        required=True, type=str)
    parser.add_argument('-o', '--output', help='pcap file out',
                        required=True, type=str)
    return parser


def main():
    parser = get_parser()
    args = vars(parser.parse_args())
    pcap_in = args['input']
    pcap_out = args['output']

    if not os.path.isfile(pcap_in):
        print("Error: {} does not exist.".format(pcap_in))
        sys.exit(1)
    
    packets = rdpcap(pcap_in)

    for p in packets:
        ord_pkt = map(ord, str(p))
        occ = [(i, i+len(STATIC)) for i in range(len(ord_pkt)) \
            if ord_pkt[i:i+len(STATIC)] == STATIC]
        offset = occ[0][0]
        missing_bytes = 12 - offset
        frontside = [0 for i in range(missing_bytes)]
        fixed_ord_pkt = frontside + ord_pkt
        fixed_raw_pkt = ''.join(map(chr, fixed_ord_pkt))
        new_pkt = p.__class__(fixed_raw_pkt)
        wrpcap(pcap_out, new_pkt, append=True)

    print("Finished, check out {} in Wireshark.".format(pcap_out))


if __name__ == '__main__':
    main()