質問編集履歴
1
レイアウトを修正を行いました
test
CHANGED
File without changes
|
test
CHANGED
@@ -32,284 +32,284 @@
|
|
32
32
|
|
33
33
|
### 発生している問題・エラーメッセージ
|
34
34
|
|
35
|
-
responseのパケットを抽出して表示、書き込みができない。実行
|
35
|
+
responseのパケットを抽出して表示、書き込みができない。実行するとプログラム自体は動作しているようだが、動きが見られない。(printを使用してもなにも表示されない)
|
36
|
+
|
37
|
+
|
38
|
+
|
36
|
-
|
39
|
+
エラーメッセージ
|
40
|
+
|
37
|
-
|
41
|
+
特にエラーコードは無く、コンソール上になにも表示されない
|
42
|
+
|
43
|
+
|
44
|
+
|
45
|
+
### 該当のソースコード
|
46
|
+
|
47
|
+
|
48
|
+
|
49
|
+
python3.6
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
|
54
|
+
|
55
|
+
```コード
|
56
|
+
|
57
|
+
|
58
|
+
|
59
|
+
#macで動かしています
|
60
|
+
|
61
|
+
import dpkt
|
62
|
+
|
63
|
+
import datetime
|
64
|
+
|
65
|
+
import socket
|
66
|
+
|
67
|
+
import os
|
68
|
+
|
69
|
+
import subprocess
|
70
|
+
|
71
|
+
import csv
|
72
|
+
|
73
|
+
from dpkt.compat import compat_ord
|
74
|
+
|
75
|
+
import tldextract
|
76
|
+
|
77
|
+
import urllib.parse
|
78
|
+
|
79
|
+
|
80
|
+
|
81
|
+
|
82
|
+
|
83
|
+
if(os.name == 'posix'):
|
84
|
+
|
85
|
+
import GeoIP
|
86
|
+
|
87
|
+
url = open('url.csv','w')
|
88
|
+
|
89
|
+
w = open('W.csv', 'w',encoding = 'utf-8')
|
90
|
+
|
91
|
+
|
92
|
+
|
93
|
+
u = open('U.csv','w')
|
94
|
+
|
95
|
+
user = open('User.csv','w')
|
96
|
+
|
97
|
+
httpres =open('response.csv','w')
|
98
|
+
|
99
|
+
|
100
|
+
|
101
|
+
g_data = open('g_data.csv','w')
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
writer_url = csv.writer(url)
|
106
|
+
|
107
|
+
writer_w = csv.writer(w)
|
108
|
+
|
109
|
+
writer_u = csv.writer(u)
|
110
|
+
|
111
|
+
writer_user = csv.writer(user)
|
112
|
+
|
113
|
+
writer_res =csv.writer(httpres)
|
114
|
+
|
115
|
+
writer_g_data = csv.writer(g_data)
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
def mac_addr(address):
|
120
|
+
|
121
|
+
return ':'.join('%02x' % compat_ord(b) for b in address)
|
122
|
+
|
123
|
+
|
124
|
+
|
125
|
+
|
126
|
+
|
127
|
+
def inet_to_str(inet):
|
128
|
+
|
129
|
+
|
130
|
+
|
131
|
+
try:
|
132
|
+
|
133
|
+
return socket.inet_ntop(socket.AF_INET, inet)
|
134
|
+
|
135
|
+
except ValueError:
|
136
|
+
|
137
|
+
return socket.inet_ntop(socket.AF_INET6, inet)
|
138
|
+
|
139
|
+
|
140
|
+
|
141
|
+
def print_http_requests(pcap):
|
142
|
+
|
143
|
+
|
144
|
+
|
145
|
+
tmp = str(subprocess.check_output(["parse_pcap","mal.pcap"]))
|
146
|
+
|
147
|
+
httpres.write(tmp)
|
148
|
+
|
149
|
+
|
150
|
+
|
151
|
+
for timestamp, buf in pcap:
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
eth = dpkt.ethernet.Ethernet(buf)
|
156
|
+
|
157
|
+
|
158
|
+
|
159
|
+
if not isinstance(eth.data, dpkt.ip.IP):
|
160
|
+
|
161
|
+
print('Non IP Packet type not supported %s\n' % eth.data.__class__.__name__)
|
162
|
+
|
163
|
+
continue
|
164
|
+
|
165
|
+
|
166
|
+
|
167
|
+
ip = eth.data
|
168
|
+
|
169
|
+
src = ip.src #送信側のipアドレス抽出
|
170
|
+
|
171
|
+
dst = ip.dst #受信側のipアドレス抽出
|
172
|
+
|
173
|
+
|
174
|
+
|
175
|
+
src_a = socket.inet_ntoa(src)
|
176
|
+
|
177
|
+
dst_a = socket.inet_ntoa(dst)
|
178
|
+
|
179
|
+
|
180
|
+
|
181
|
+
if isinstance(ip.data, dpkt.tcp.TCP):
|
182
|
+
|
183
|
+
tcp = ip.data
|
184
|
+
|
185
|
+
#該当箇所
|
186
|
+
|
187
|
+
try:
|
188
|
+
|
189
|
+
request = dpkt.http.Request(tcp.data)
|
190
|
+
|
191
|
+
res = dpkt.http.Response(tcp.data)
|
192
|
+
|
193
|
+
|
194
|
+
|
195
|
+
|
196
|
+
|
197
|
+
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
|
198
|
+
|
199
|
+
continue
|
200
|
+
|
201
|
+
|
202
|
+
|
203
|
+
do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
|
204
|
+
|
205
|
+
more_fragments = bool(ip.off & dpkt.ip.IP_MF)
|
206
|
+
|
207
|
+
fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
|
208
|
+
|
209
|
+
|
210
|
+
|
211
|
+
print('Timestamp: ', str(datetime.datetime.utcfromtimestamp(timestamp)))
|
212
|
+
|
213
|
+
print('Ethernet Frame: ', mac_addr(eth.src), mac_addr(eth.dst), eth.type)
|
214
|
+
|
215
|
+
print('IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)' %
|
216
|
+
|
217
|
+
(src_a, dst_a, ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset))
|
218
|
+
|
219
|
+
print('HTTP request: %s\n' % repr(request))
|
220
|
+
|
221
|
+
user.write('Timestamp:' + str(datetime.datetime.utcfromtimestamp(timestamp))+'\n')
|
222
|
+
|
223
|
+
#書き込み
|
224
|
+
|
225
|
+
user.write('Ethernet Frame: ')
|
226
|
+
|
227
|
+
user.write(mac_addr(eth.src))
|
228
|
+
|
229
|
+
user.write(mac_addr(eth.dst))
|
230
|
+
|
231
|
+
user.write(str(eth.type))
|
232
|
+
|
233
|
+
user.write('\n')
|
234
|
+
|
235
|
+
user.write('IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n'%
|
236
|
+
|
237
|
+
(src_a, dst_a, ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset))
|
238
|
+
|
239
|
+
user.write('HTTP request: %s\n' % repr(request))
|
240
|
+
|
241
|
+
|
242
|
+
|
243
|
+
|
244
|
+
|
245
|
+
u.write('IP address : %s \n'% src_a)
|
246
|
+
|
247
|
+
u.write('OS and Browser info: ')
|
248
|
+
|
249
|
+
#keyerror回避
|
250
|
+
|
251
|
+
try:
|
252
|
+
|
253
|
+
u.write(request.headers['user-agent'])
|
254
|
+
|
255
|
+
except:
|
256
|
+
|
257
|
+
continue
|
258
|
+
|
259
|
+
u.write('\n')
|
260
|
+
|
261
|
+
|
262
|
+
|
263
|
+
#TCPセグメント間のスパニングの確認
|
264
|
+
|
265
|
+
if not tcp.data.endswith(b'\r\n'):
|
266
|
+
|
267
|
+
print('\nHEADER TRUNCATED! Reassemble TCP segments!\n')
|
268
|
+
|
269
|
+
|
270
|
+
|
271
|
+
dst = ip.dst #受信側のipアドレス抽出
|
272
|
+
|
273
|
+
dst_a = socket.inet_ntoa(dst)
|
274
|
+
|
275
|
+
if eth.type != dpkt.ethernet.ETH_TYPE_IP:
|
276
|
+
|
277
|
+
print ('Non IP Packet type not supported')
|
278
|
+
|
279
|
+
continue
|
280
|
+
|
281
|
+
|
282
|
+
|
283
|
+
|
284
|
+
|
285
|
+
if tcp.dport == 80 and len(tcp.data) > 0:
|
286
|
+
|
287
|
+
URL = request.headers['host'] + request.uri
|
288
|
+
|
289
|
+
url.write('IP address : %s \n'% src_a)
|
290
|
+
|
291
|
+
url.write(URL+"\n\n")
|
292
|
+
|
293
|
+
|
294
|
+
|
295
|
+
def test():
|
296
|
+
|
297
|
+
with open('test.pcap', 'rb') as f:
|
298
|
+
|
299
|
+
pcap = dpkt.pcap.Reader(f)
|
300
|
+
|
301
|
+
print_http_requests(pcap)
|
302
|
+
|
303
|
+
|
304
|
+
|
305
|
+
|
306
|
+
|
307
|
+
if __name__ == '__main__':
|
308
|
+
|
309
|
+
test()
|
38
310
|
|
39
311
|
```
|
40
312
|
|
41
|
-
エラーメッセージ
|
42
|
-
|
43
|
-
コンソール上になにも表示されない
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
### 該当のソースコード
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
```ここに言語名を入力
|
52
|
-
|
53
|
-
python3.6
|
54
|
-
|
55
|
-
```
|
56
|
-
|
57
|
-
#macで動かしています
|
58
|
-
|
59
|
-
import dpkt
|
60
|
-
|
61
|
-
import datetime
|
62
|
-
|
63
|
-
import socket
|
64
|
-
|
65
|
-
import os
|
66
|
-
|
67
|
-
import subprocess
|
68
|
-
|
69
|
-
import csv
|
70
|
-
|
71
|
-
from dpkt.compat import compat_ord
|
72
|
-
|
73
|
-
import tldextract
|
74
|
-
|
75
|
-
import urllib.parse
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
#mac
|
80
|
-
|
81
|
-
if(os.name == 'posix'):
|
82
|
-
|
83
|
-
import GeoIP
|
84
|
-
|
85
|
-
url = open('url.csv','w')
|
86
|
-
|
87
|
-
w = open('W.csv', 'w',encoding = 'utf-8')
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
u = open('U.csv','w')
|
92
|
-
|
93
|
-
user = open('User.csv','w')
|
94
|
-
|
95
|
-
httpres =open('response.csv','w')
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
g_data = open('g_data.csv','w')
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
writer_url = csv.writer(url)
|
104
|
-
|
105
|
-
writer_w = csv.writer(w)
|
106
|
-
|
107
|
-
writer_u = csv.writer(u)
|
108
|
-
|
109
|
-
writer_user = csv.writer(user)
|
110
|
-
|
111
|
-
writer_res =csv.writer(httpres)
|
112
|
-
|
113
|
-
writer_g_data = csv.writer(g_data)
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
def mac_addr(address):
|
118
|
-
|
119
|
-
return ':'.join('%02x' % compat_ord(b) for b in address)
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
def inet_to_str(inet):
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
try:
|
130
|
-
|
131
|
-
return socket.inet_ntop(socket.AF_INET, inet)
|
132
|
-
|
133
|
-
except ValueError:
|
134
|
-
|
135
|
-
return socket.inet_ntop(socket.AF_INET6, inet)
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
def print_http_requests(pcap):
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
tmp = str(subprocess.check_output(["parse_pcap","mal.pcap"]))
|
144
|
-
|
145
|
-
httpres.write(tmp)
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
for timestamp, buf in pcap:
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
eth = dpkt.ethernet.Ethernet(buf)
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
if not isinstance(eth.data, dpkt.ip.IP):
|
158
|
-
|
159
|
-
print('Non IP Packet type not supported %s\n' % eth.data.__class__.__name__)
|
160
|
-
|
161
|
-
continue
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
ip = eth.data
|
166
|
-
|
167
|
-
src = ip.src #送信側のipアドレス抽出
|
168
|
-
|
169
|
-
dst = ip.dst #受信側のipアドレス抽出
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
#32bitのバイナリから成るipアドレスをstr型に変換
|
174
|
-
|
175
|
-
src_a = socket.inet_ntoa(src)
|
176
|
-
|
177
|
-
dst_a = socket.inet_ntoa(dst)
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
if isinstance(ip.data, dpkt.tcp.TCP):
|
182
|
-
|
183
|
-
tcp = ip.data
|
184
|
-
|
185
|
-
#該当箇所
|
186
|
-
|
187
|
-
try:
|
188
|
-
|
189
|
-
request = dpkt.http.Request(tcp.data)
|
190
|
-
|
191
|
-
res = dpkt.http.Response(tcp.data)
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
|
198
|
-
|
199
|
-
continue
|
200
|
-
|
201
|
-
#フラグメント情報の書き出しPull out fragment information (flags and offset all packed into off field, so use bitmasks)
|
202
|
-
|
203
|
-
do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
|
204
|
-
|
205
|
-
more_fragments = bool(ip.off & dpkt.ip.IP_MF)
|
206
|
-
|
207
|
-
fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
print('Timestamp: ', str(datetime.datetime.utcfromtimestamp(timestamp)))
|
212
|
-
|
213
|
-
print('Ethernet Frame: ', mac_addr(eth.src), mac_addr(eth.dst), eth.type)
|
214
|
-
|
215
|
-
print('IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)' %
|
216
|
-
|
217
|
-
(src_a, dst_a, ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset))
|
218
|
-
|
219
|
-
print('HTTP request: %s\n' % repr(request))
|
220
|
-
|
221
|
-
#書き込み
|
222
|
-
|
223
|
-
user.write('Timestamp:' + str(datetime.datetime.utcfromtimestamp(timestamp))+'\n')
|
224
|
-
|
225
|
-
user.write('Ethernet Frame: ')
|
226
|
-
|
227
|
-
user.write(mac_addr(eth.src))
|
228
|
-
|
229
|
-
user.write(mac_addr(eth.dst))
|
230
|
-
|
231
|
-
user.write(str(eth.type))
|
232
|
-
|
233
|
-
user.write('\n')
|
234
|
-
|
235
|
-
user.write('IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n'%
|
236
|
-
|
237
|
-
(src_a, dst_a, ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset))
|
238
|
-
|
239
|
-
user.write('HTTP request: %s\n' % repr(request))
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
#パラメータUに書き込み
|
244
|
-
|
245
|
-
u.write('IP address : %s \n'% src_a)
|
246
|
-
|
247
|
-
u.write('OS and Browser info: ')
|
248
|
-
|
249
|
-
#keyerror回避
|
250
|
-
|
251
|
-
try:
|
252
|
-
|
253
|
-
u.write(request.headers['user-agent'])
|
254
|
-
|
255
|
-
except:
|
256
|
-
|
257
|
-
continue
|
258
|
-
|
259
|
-
u.write('\n')
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
#TCPセグメント間のスパニングの確認
|
264
|
-
|
265
|
-
if not tcp.data.endswith(b'\r\n'):
|
266
|
-
|
267
|
-
print('\nHEADER TRUNCATED! Reassemble TCP segments!\n')
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
#パラメータWに書き込み
|
272
|
-
|
273
|
-
dst = ip.dst #受信側のipアドレス抽出
|
274
|
-
|
275
|
-
dst_a = socket.inet_ntoa(dst)
|
276
|
-
|
277
|
-
if eth.type != dpkt.ethernet.ETH_TYPE_IP:
|
278
|
-
|
279
|
-
print ('Non IP Packet type not supported')
|
280
|
-
|
281
|
-
continue
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
#URL抽出
|
286
|
-
|
287
|
-
if tcp.dport == 80 and len(tcp.data) > 0:
|
288
|
-
|
289
|
-
URL = request.headers['host'] + request.uri
|
290
|
-
|
291
|
-
url.write('IP address : %s \n'% src_a)
|
292
|
-
|
293
|
-
url.write(URL+"\n\n")
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
def test():
|
298
|
-
|
299
|
-
with open('test.pcap', 'rb') as f:
|
300
|
-
|
301
|
-
pcap = dpkt.pcap.Reader(f)
|
302
|
-
|
303
|
-
print_http_requests(pcap)
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
if __name__ == '__main__':
|
310
|
-
|
311
|
-
test()
|
312
|
-
|
313
313
|
|
314
314
|
|
315
315
|
### 試したこと
|
@@ -327,7 +327,3 @@
|
|
327
327
|
macbook core m3 RAM 8GB
|
328
328
|
|
329
329
|
dpkt1.9.1
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
ここにより詳細な情報を記載してください。
|