python - scapy 嗅探功能似乎在监视器模式下不起作用?
问题描述
我正在尝试编写一个数据包嗅探器,它将一个接口和一个正则表达式作为可选参数并搜索嗅探的数据包以查找匹配项,但它似乎根本无法嗅探数据包,整个代码是:
#!/home/khaled/PycharmProjects/networking/venv/bin/python3
# A regular expresion finder
from scapy.all import *
import re
import os
import argparse
import subprocess
import sys
def test(num):
num = num.sprintf('%Raw.load%')
print("Packet Data: {}".format(num))
res = re.findall("TESTING", num)
def parser():
parser = argparse.ArgumentParser(usage="command -i <interface>",
description="Listen for incoming traffic on specified interface for specified"
"regex expresion")
parser.add_argument("-i", help="The interface to listen on", dest="interface", required=True)
parser.add_argument("-r", help="regex expresion to look for", dest="regex", required=False, default=False)
env = parser.parse_args()
global interface
global regex
interface = env.interface
regex = env.regex
def start_sniff(interface):
# Check if a
print(conf.iface)
print("[+] Started Sniffing For regex in HTTP data at interface {}".format(interface))
sniff(prn=test, filter="tcp", iface=interface, count=0, monitor=True)
def start_moniter_interface(iface):
try:
# subprocess.run(['airmon-ng', "check", "kill"], check=True)
rslt = subprocess.run(["airmon-ng", "start", iface], check=True, capture_output=True)
except subprocess.CalledProcessError as e:
print("[+] Error Has Occurred when putting Interface in monitor mode {}".format(e.stderr))
sys.exit(1)
else:
print("[+] Started interface in moniter mode")
interface_name = re.findall("wlp[0-9a-z]+mon", rslt.stdout.decode("utf-8"))[0]
print("[+] Found interface Name is {}".format(interface_name))
if interface_name: # Found interface name
return interface_name
else: # Else Run iwconfig
# nfig manually
print("Unable to determine interface name")
print("Run iwconfig and rerun script with new interface name")
sys.exit(1)
def main():
parser()
if os.getuid() != 0: # Not running as root run with sudo
print("Error Need to run script as root, run with sudo")
sys.exit(1)
else: # running as root
result = subprocess.run(["iwconfig", interface], capture_output=True, check=True)
if "mode:moniter" in result.stdout.decode("utf-8").lower(): # Check Moniter mode
start_sniff(interface)
else: # Else start Interface in moniter mode then sniff for packets
moniter_interface = start_moniter_interface(interface)
start_sniff(moniter_interface)
if __name__ == "__main__":
main()
它用于airmon
将网卡置于监控模式,然后用于在置于监控模式iwconfig
后获取网卡的名称。用户传递的正则表达式暂时被忽略。该test
功能似乎根本没有被调用,我不知道为什么,因为当无线网卡处于模式sniff
时功能似乎工作。managed
它只是无所事事
[+] Started Sniffing For regex in HTTP data at interface wlp2s0mon
嗅探函数称为:
sniff(prn=card_type, filter="tcp", iface=interface, count=0, monitor=True)
同样运行iwconfig
显示网卡处于监控模式。
解决方案
您正在使用 BPF 过滤器在内核级别过滤 tcp。我敢打赌,您从受 WPA2 保护的网络中嗅探,这意味着 802.11 (Wi-Fi) 帧中的有效负载是加密的,因此您实际上无法查看帧内部。我建议尝试在没有监控模式的情况下进行嗅探,因此您可以捕获常规的 802.3 以太网帧,而不是使用我提到的有效载荷加密的原始 802.11。
推荐阅读
- python - 使用正则表达式拆分为列
- mysql - 从另一个表的 SELECT 更新列
- javascript - 如何使用 AJAX 使变量与函数的结果相等
- python - 我的 if/else 表达式不起作用我不知道为什么?
- statistics - 样本的预期均值/方差等于总体均值/方差
- algorithm - 为大数列表找到有效的公共最大公约数
- java - 允许不太安全的应用程序:开启但 Heroku 仍会产生该错误
- arrays - Laravel如何将对象返回为没有键的JSON数组数据类型
- node.js - npm run build Reactjs errno1
- generative-adversarial-network - 在实现 ESRGAN 时获得奇怪的颜色模式