python+scapy帶界面抓包分析
前言:
這是一個亂七八糟的程序,想到什麼就加了什麼,而且bug挺多。貼出來只是爲了記錄我的學習過程233333
- scapy用於抓包分析
- PyQt4用於界面展示
- 使用MySQL存儲
正題
代碼塊
全部代碼,如下:
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import sys
import scapy_http.http as HTTP
from scapy.all import *
import threading
from scapy.error import Scapy_Exception
import MySQLdb
from PyQt4 import QtCore, QtGui
#一定要用root運行,不然不能抓包,詳細參考net-creds
reload(sys)
sys.setdefaultencoding('utf-8')
conn = MySQLdb.connect(
host='localhost',
port=3306,
user='root',
passwd='root',
db='python_db',
)#數據庫設置
cur = conn.cursor()
#建表
#create table mypkt(id int, edst varchar(30), esrc varchar(30), ipsrc varchar(20), sport varchar(15), ipdst varchar(20), dport varchar(15), seq varchar(15), ack varchar(15),load varchar(5000);
global count,pop3,smtp,ftp,telnet,zhttp
count = 0
pop3 = 0
smtp = 0
ftp = 0
telnet = 0
zhttp = 0
#sniff的回調函數
def callback(pkt):
#用來計數
global count, pop3, smtp, ftp, telnet, zhttp
if HTTP.HTTPRequest or HTTP.HTTPResponse in pkt:
zhttp = zhttp+1
http(pkt)
if(pkt[TCP].sport==110 or pkt[TCP].dport==110):
pop3 = pop3 +1
mypop3(pkt)
if (pkt[TCP].sport == 25 or pkt[TCP].dport == 25):
smtp = smtp +1
mystmp(pkt)
if(pkt[TCP].sport == 21 or pkt[TCP].dport == 21):
ftp = ftp+1
myftp(pkt)
if (pkt[TCP].sport == 'telnet' or pkt[TCP].dport == 'telnet'):
telnet = telnet +1
mytelnet(pkt)
pktz()
def pktz():
global pop3, smtp, ftp, telnet, zhttp
#保存包的個數
cur.execute('delete from pkt;')
value = [pop3, smtp, ftp, telnet, zhttp]
cur.execute('insert into pkt values(%s,%s,%s,%s,%s);', value)
conn.commit()
#獲取包信息
def init(pkt):
global count
count= count+1
#Ethernet->IP->TCP->RAW 0123
Ethernet_dst = pkt[0].dst
Ethernet_src = pkt[0].src
src = pkt[IP].src
dst = pkt[IP].dst
sport = pkt[TCP].sport
dport = pkt[TCP].dport
seq = pkt[TCP].seq
ack = pkt[TCP].ack
if pkt[TCP].payload:
load = pkt[TCP].payload
else:
load = 'null'
value = [count, Ethernet_dst,Ethernet_src,src,sport,dst,dport,seq,ack,load]
print value
cur.execute('insert into mypkt values(%s,%s,%s,%s,%s,%s,%s,%s,%s,%s);', value)
conn.commit()
def mytelnet(pkt):
init(pkt)
print "----telnet----"
print pkt.show()
def myftp(pkt):
init(pkt)
print "----ftp----"
print pkt.show()
def mystmp(pkt):
init(pkt)
print "-----smtp-----"
print pkt.show()
def mypop3(pkt):
init(pkt)
print "-----pop3-----"
print pkt.show()
def http(pkt):
init(pkt)
load = pkt[TCP].payload
if HTTP.HTTPRequest in pkt:
global count
count = count + 1
print "-----------------", count, "-----------------"
print "HTTP Request:"
print load
# print "======================================================================"
if HTTP.HTTPResponse in pkt:
print "-----------------", count, "-----------------"
print "HTTP Response:"
try:
headers, body = str(load).split("\r\n\r\n", 1)
print headers, body
except Exception, e:
print e
# print "======================================================================"
#此處爲設置窗口界面
class Ui_Dialog(object):
def setupUi(self, Dialog):
Dialog.setObjectName(_fromUtf8("Dialog"))
Dialog.resize(677, 452)
self.tableView = QtGui.QTableView(Dialog)
self.tableView.setGeometry(QtCore.QRect(10, 70, 661, 371))
self.tableView.setObjectName(_fromUtf8("tableView"))
self.pktnum = QtGui.QLabel(Dialog)
self.pktnum.setGeometry(QtCore.QRect(30, 10, 101, 21))
self.pktnum.setObjectName(_fromUtf8("pktnum"))
self.xsnum = QtGui.QLabel(Dialog)
self.xsnum.setGeometry(QtCore.QRect(30, 40, 531, 20))
self.xsnum.setObjectName(_fromUtf8("xsnum"))
self.retranslateUi(Dialog)
QtCore.QMetaObject.connectSlotsByName(Dialog)
def retranslateUi(self, Dialog):
global pop3, smtp, ftp, telnet, zhttp
Dialog.setWindowTitle(_translate("Dialog", "Dialog", None))
#獲取數據
cur.execute('select * from pkt ;')
results = cur.fetchall()
for row in results:
pop3 = int(row[0])
smtp = int(row[1])
ftp = int(row[2])
telnet = int(row[3])
zhttp = int(row[4])
num = pop3 + smtp +ftp+telnet+zhttp
self.pktnum.setText("pkt num :"+str(num))
self.xsnum.setText("pop3:"+str(pop3)+" smtp:"+str(smtp)+" ftp:"+str(ftp)+" telnet:"+str(telnet)+" http:"+str(zhttp))
self.model = QtGui.QStandardItemModel(self.tableView)
self.model.setColumnCount(9)
self.model.setHeaderData(0, QtCore.Qt.Horizontal, _fromUtf8(u"目的MAC"))
self.model.setHeaderData(1, QtCore.Qt.Horizontal, _fromUtf8(u"源MAC"))
self.model.setHeaderData(2, QtCore.Qt.Horizontal, _fromUtf8(u"源ip"))
self.model.setHeaderData(3, QtCore.Qt.Horizontal, _fromUtf8(u"源端口"))
self.model.setHeaderData(4, QtCore.Qt.Horizontal, _fromUtf8(u"目的ip"))
self.model.setHeaderData(5, QtCore.Qt.Horizontal, _fromUtf8(u"目的端口"))
self.model.setHeaderData(6, QtCore.Qt.Horizontal, _fromUtf8(u"seq"))
self.model.setHeaderData(7, QtCore.Qt.Horizontal, _fromUtf8(u"ack"))
self.model.setHeaderData(8, QtCore.Qt.Horizontal, _fromUtf8(u"內容"))
self.tableView.setModel(self.model)
#self.tableView.setHorizontalHeaderLabels(['目的MAC', '源MAC', '源ip','源端口','目的ip','目的端口','seq','ack'])
cur.execute('select * from mypkt ;')
results = cur.fetchall()
i=0
for row in results:
self.model.setItem(i, 0, QtGui.QStandardItem(row[1]))
self.model.setItem(i, 1, QtGui.QStandardItem(row[2]))
self.model.setItem(i, 2, QtGui.QStandardItem(_fromUtf8(row[3])))
self.model.setItem(i, 3, QtGui.QStandardItem(_fromUtf8(row[4])))
self.model.setItem(i, 4, QtGui.QStandardItem(_fromUtf8(row[5])))
self.model.setItem(i, 5, QtGui.QStandardItem(_fromUtf8(row[6])))
self.model.setItem(i, 6, QtGui.QStandardItem(_fromUtf8(row[7])))
self.model.setItem(i, 7, QtGui.QStandardItem(_fromUtf8(row[8])))
self.model.setItem(i, 8, QtGui.QStandardItem(_fromUtf8(row[9])))
self.tableView.setModel(self.model)
i+=1
try:
_fromUtf8 = QtCore.QString.fromUtf8
except AttributeError:
def _fromUtf8( s ):
return s
try:
_encoding = QtGui.QApplication.UnicodeUTF8
def _translate( context, text, disambig ):
return QtGui.QApplication.translate(context, text, disambig, _encoding)
except AttributeError:
def _translate( context, text, disambig ):
return QtGui.QApplication.translate(context, text, disambig)
mypkt = sniff(filter='tcp and port 80 or tcp port 110 or tcp port 21 or tcp port 23 or tcp port 25',
prn=callback,iface='enp3s0', count=100)#配置信息。count=0可以一直抓
wrpcap("demo.pcap", mypkt)
app = QtGui.QApplication(sys.argv)
Form = QtGui.QWidget()
ui = Ui_Dialog()
ui.setupUi(Form)
Form.show()
sys.exit(app.exec_())
cur.close()
conn.close()
後記
PyQt可以現在QTCreate上面做好,粘貼過來加以修改,這樣比較方便
總體而言,這個數據庫簡直就是個累贅。但是我還是費心費力的強行加進去了。爲什麼呢?因爲我老師告訴我使用數據庫可以給這個程序打的成績加十分,我妥協了。(╯‵□′)╯︵┻━┻