i use scapy
from scapy.all import *
send_L2sock=conf.L2socket(iface="eth0")
for send_packet in rdpcap("test.pcap"):
send_L2sock.send(send_packet)
this code work well. i confirm send packet using wireshark.
but scapy can't send large packet like below:
GET /exp?q=jfLB9FPyAHp7oMHe.tCKVPX3wCHhZKVmBKySJoHYgtE-csHql43fyskKdzf6F7Uef-GSJ1OdDrtmUR1GomLA9yccoByMeJX9WJDnvloeMyhLKom2reGiWn9XH82ZojR9qGQwisjIDXctEmCE.SQS8-aAAYUE3kHxfq4AE3myf_Q78VsHxziE3_A7WIP3az39NxFxFePBvnPAlhte.H5WG.miDthyWva9z9NBbmCqndkckeA6evdYY7qck4Vjski53WgmuRfy.jg4nApd27WMFrkeSdA4XUvlfiqntyr5wd8AaRiv6woeUx.PwdIeZh_LYonhy7RTlJs549LJLc7M1-LNR3dQUcg_TFX_Mk6jQsaoo19lX6pZYLwpEWB3MASRcF3okwRtou-ILr8ZjF72R-pmgUcaqtQb5eYqDb3egHFSwViZ7XdGUs4CWdta-ludhSveDyXsbQjLKACC9cf2C-T99.3ccMbrLBkhXDYbIZoFdPscVdLr_oAmZMN3e7694BKoj.qEozYY5F4_ccxWNMcNcuZKBnNPgsf1MtMZWqOJnuy1s6lmFLNjjLfD_A8UmmI0&r=jfPj7L6MnFAT7vOaw3JYhRf.rirghOXccEeIuteMs85_MyLRv8cOqw7gFE8Y6Jb4fkx5eGYu4bG68IF-vzypY2uOsgjdLEahuNWYVjNKjKOIZDVs4FVTpimmM87xRLRi1a865pAp8t-ldEr_asu8uHQ1uQne5XopLjeSfJF97c39kv.mhEO7.yYdwkID4I8SRys4VcynL7xoWbSj-vCdINM21.kR_nUkhvXouJc9OFaiY3g279al418MiJGw.yMsLX6xAPwVU1exUw00&r=jfRZzkhG5VOeh3LPN46zMNYgFXkHxwhQMnhwsPO3Prf6eh6SBXxW9NgCee5Zqa_fyHWFiUDkSUmy.ZbinGnKNcAej_syDrT75pcueqUDXNBv.PWpJvo54egnrogm4LueZBdy2PaFhct2SDQa1OM9ZPaR.tcap4MndLySTVKBixJ93xSEqt2LlUup8GJtA6p5sEiyAzcf9VHD8Hl5tTYrgt1apSKFu_aB-MWxUMVWZsyPiB2HLgw8_83yb1oHibV_Xh.W3fQ7xlPRYg00&r=jfXxMnW3iZvmNlsj3_c3Bo4udASWLu_ADTFFSfJDJPtAUdMSnQCYMzC1EgkEuuWUuAs3YznlX-sU9-844Eme3ZYmj_syDrT75perH6Zbv1VsXtPvMEUXfVKGjO9Dj9a84n5B7gzL_A7IFsfjw4SlxKKgqb8iletk.zT2OvEN3r8e9Jh_flIGdMMzfzRs5.UlTikAyoNZpdcLFb79H4EymcBcEV4-14zGv3.sphU9YMl6qkjbPClgEKXn4tl29r8M9ibJ8EqE9ANotQ00&r=jfaqsn3IQmXRl4K3pCMOMN-EBhNNsPARWkN1i2xgY7nfFDnFqIzEUStIOrhPfnTDXrlqBZyf615PZ_5_ohc1kmEtd7Ra2eGnxGCk_EgxhCmuO-Vsm-A3xKIY_TcePv1AIjdZdKHR1Ych4Eic8vkC_HhP1TllHuEPd4L.tio8mPniMAAGZtGVL4qFxLASiWnS-Fe3n7-_fPmDUn-_QYgE7J5m&r=jfe4YnKJRYFENp4qDSa_92n98_dN-lTyYFj14RP-xSiWLPBXFbc3B77ODz-tx-8fNU32mbcETQjjTIMM.2G.CWoAv7ciNl9.J-ghO5P2d5A9WL5SvcHXKiO4miZCy2IXV-f9DO7XmdTA8WgjROw-u1.EgxcWiSQ2yYq-BN_oaoIdYbIW2OP1KwqWdAe5gX7VJ8aFgfuTnG8Z5cvdKzoad28GvsmMKz1CscwrFdGkr3q_HPG15c7XxwHeNwnbtLXYNWk0& HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://vegadisk.com/contents/view.php?from_cate=IMG&idx=8475504
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: keyword.daumdn.com
Connection: Keep-Alive
Cookie: pref=id%3DEaG8S7X0QwiOHm715GfXtA%7Cts%3D1404084124009%7Cip%3D118.131.203.130%7Ccs%3D5729a0b58afd539b0b59f6db83533376; ae=mOqeh6nOaMrRP-hXTygYC-VNriitJP_bT-KAdhzbcnB4X2H4s8azRAJZ
packet length is 2475.
And packet is consist of only one packet.
why scapy can't send large length packet?
Related
I am using the socket library for handling http requests waiting on port 80 for connections (does not really matter right now), which works fine as all responses follow the following format
b"""GET / HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 OPR/70.0.3728.189
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: el-GR,el;q=0.9"""
if you open port 443 or just use https in any browser, when a request is made the data is encrypted. But how can you actually decrypt the data and interact with the client? I've seen many posts about this but no one explains how the data can actually be decrypted. The data that is received always looks something like this and starts the same way with 0x16 and 0x03 bytes
b'\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xfb\'\xa3\xa5\xa4\x1cf\xd1w~(L\xb5%0,\xfb\xa57\xf4\x92\x03}\x84xCIA\xd9}]2 \x15ID\xafU\xb6\xe3\x9d\xbdr\x93 L\x98\rD\xca\xa7\x11\x89\x00`Q\xf5\th\xde\x85S\xf8Q\x98\x00"jj\x13\x03\x13\x01\x13\x02\xcc\xa9\xcc\xa8\xc0+\xc0/\xc0,\xc00\xc0\x13\xc0\x14\x00\x9c\x00\x9d\x00/\x005\x00\n\x01\x00\x01\x91ZZ\x00\x00\x00\x00\x00\x0e\x00\x0c\x00\x00\tlocalhost\x00\x17\x00\x00\xff\x01\x00\x01\x00\x00\n\x00\n\x00\x08\x9a\x9a\x00\x1d\x00\x17\x00\x18\x00\x0b\x00\x02\x01\x00\x00#\x00\x00\x00\x10\x00\x0e\x00\x0c\x02h2\x08http/1.1\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\r\x00\x14\x00\x12\x04\x03\x08\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x02\x01\x00\x12\x00\x00\x003\x00+\x00)\x9a\x9a\x00\x01\x00\x00\x1d\x00 \xa5\x81S\xec\xf4I_\x08\xd2\n\xa6\xb5\xf6E\x9dE\xe6ha\xe7\xfdy\xdab=\xf4\xd3\x1b`V\x94F\x00-\x00\x02\x01\x01\x00+\x00\x0b\nZZ\x03\x04\x03\x03\x03\x02\x03\x01\x00\x1b\x00\x03\x02\x00\x02\xea\xea\x00\x01\x00\x00\x15\x00\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
My question is how can I bring the HTTPS data into a form like the above. I've read about some specific handshake procedures but I could not find something that just answsers telling exactly what to do. Of course I am only asking for development purposes.
I'm developing a proxy and I came across this problem where I can't resend the request and get the HTML output(ofc I thought about splitting and these things but it won't help later)
GET http://www.example.com/ HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
now I wanna know what do we call this and I wanna know if I can use it without extracting the URL and headers and requesting it
i found a solution by using socket
request="""
GET http://www.example.com/ HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
"""
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
webserver=re.findall("(?P<url>https?://[^\s]+)", request)[0]
s.connect((webserver, 80))
s.send(request)
html = s.recv(1024)
conn.send(html)
I can't get the data in recv()
I want the data that the user inputs in form fields
Code:
def recvall(self, conn):
BUFF_SIZE = 4096 # 4 KiB
data = ""
while True:
packet = conn.recv(BUFF_SIZE).decode('utf-8')
data += packet
if len(packet) < BUFF_SIZE:
break
print (data)
output:
POST /search HTTP/1.1
Host: localhost
Connection: keep-alive
Content-Length: 14
Cache-Control: max-age=0
Origin: http://localhost
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Referer: http://localhost/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
It seems to be missing a line or something i've tried everything
i want the data at the end
You have stopped reading after the header sequence as Steffen correctly observed. The following code should work (beware, untested!):
def recvall(self, conn):
BUFF_SIZE = 4096
while True:
packet = conn.recv(BUFF_SIZE)
if not packet:
break
print packet.decode('utf-8')
I am trying to log into my router's panel using python, but the problem is that I have no idea what the protocol for doing that is. I tried using Wireshark to find out, but it just shows just a GET request and a response. I tried logging in to the router and then searching the username and password in the packets, but it didn't find it. (My guess is that it's encrypted)
If anyone could help me with the protocol of logging in to the panel, it would be greatly appreciated.
Found it. Fllowing the TCP stream gave me the following:
GET / HTTP/1.1
Host: 10.0.0.138
Connection: keep-alive
Cache-Control: max-age=0
Authorization: Basic UG90YXRvOg==
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,he;q=0.6
HTTP/1.0 401 Unauthorized
WWW-Authenticate: Basic realm="NETGEAR DGN2200v2BEZEQ"
Content-type: text/html
<html>
<head><title>401 Unauthorized</title></head>
<body><h1>401 Unauthorized</h1>
<p>Access to this resource is denied, your client has not supplied the correct authentication.</p></body>
</html>
The username and password are encoded in base64 in the format of username:password.
I'm using mitmproxy with python as a http proxy
I run the proxy with following command:
mitmdump -s proxy.py -U http://upstreamproxy
The proxy.py is like following:
#!/usr/bin/mitmdump
from __future__ import print_function
import pprint
import datetime
import os
import re
pp = pprint.PrettyPrinter(indent=4)
def request(context, flow):
print("DEBUG")
oldhost = flow.request.host
flow.request.url = re.sub(r"www.verycd.com",r"115.182.66.26",flow.request.url)
# flow.request.host = oldhost #<---This will modify the url also
print("DEBUG")
What I expect is to change the www.verycd.com to IP in url but keep the host field still using www.verycd.com, like following:
GET http://115.182.66.26/ HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh,en-US;q=0.5
Host: www.verycd.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
But the mitmproxy always change the url and host at the same time
I got following which the server does not accept
GET http://115.182.66.26/ HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh,en-US;q=0.5
Host: 115.182.66.26
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Already answered by project owner
https://github.com/mitmproxy/mitmproxy/issues/890