How to sniff HTTP packets in python?

Asked 9/4, 2013 at 15:37 Answered 8/11, 2019 at 12:23

I want to sniff all the HTTP packets in my computer via python(version2.6.. is this possible? can I do it with scapy, or without other external modules?

Nesmith answered 9/4, 2013 at 15:37 Comment(4)

Concerning to closing votes, I think this is a good question. He's asking for a technique to solve a particular problem, what's the problem? – Heterogynous 9/4, 2013 at 15:43

Did you look at this? (quickly before this question gets closed...) wiki.wireshark.org/Python – Hakluyt 9/4, 2013 at 15:44

possible duplicate of HTTP Request and Response Inspection with Python – Lattimer 10/4, 2013 at 7:55

Related: Packet sniffing in Python (Windows) – Lattimer 10/4, 2013 at 7:55

Scrapy is only for extracting data from webpages or similar structured documents.

To actually read the packets coming from the NIC your best performance option would probably be to use a C/C++ API that has python bindings.

For example WireShark has a Python API.

Pcapy is a module for packet capture using libpcap.

LibPCAP is the packet capture library written for TCPDUMP and also used in WireShark.

Another option is to try the dpkt python module. Here is a nice write up. Here's an example using using dpkt and pcap to sniff HTTP packets.

EDIT: oops, I misread scapy. Thanks root!

As you mentioned, Scapy is another python module that also uses LibPCAP. This documentation has an example of sniffing.

If you are having trouble running on Python 2.7 check out this post.

Shadowy answered 9/4, 2013 at 17:14 Comment(1)

It seems that the Python API for WireShark is gone now. PyShark seems like the most active approach to this now, as noted in the answer below. – Centrifuge 9/9, 2017 at 15:18

https://github.com/KimiNewt/pyshark

Python wrapper for tshark

Usage:

>>> capture = pyshark.LiveCapture(interface='eth0')
>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (5 packets)>
>>> capture[3]
<UDP/HTTP Packet>

for packet in capture.sniff_continuously(packet_count=5):
    print 'Just arrived:', packet

Braided answered 17/6, 2017 at 21:25 Comment(0)

pypcap,https://code.google.com/p/pypcap/ simplified object-oriented Python extension module for libpcap - the current tcpdump.org version, the legacy version shipping with some of the BSD operating systems, and the WinPcap port for Windows.This is a Windows version.And if you are using #nix,just install pcap and dpkt module.

Salaried answered 10/4, 2013 at 1:28 Comment(1)

OK, if I want to use the dpkt & pcap modules for the sniffing, how can I sniff with them HTTP packets? I will be glad to get for an example.. I saw an example how to sniff with this modules an icmp packets but not HTTP packets.. – Nesmith 10/4, 2013 at 15:39

FTR, Scapy will support HTTP packets starting from 2.4.3: https://scapy.readthedocs.io/en/latest/layers/http.html

>>> HTTPRequest().show()
###[ HTTP Request ]###
  Method= 'GET'
  Path= '/'
  Http_Version= 'HTTP/1.1'
  A_IM= None
  Accept= None
  Accept_Charset= None
  Accept_Datetime= None
  Accept_Encoding= None
  [...]

Sniff demo:

from scapy.layers.http import * # read the doc
from scapy.sendrecv import sniff
sniff(lfilter=lambda x: HTTP in x, prn=lambda x: x.summary())

Forsaken answered 8/11, 2019 at 12:23 Comment(0)

Recommended topics

Hot tags