时间戳

首页 > 解决方案 > scapy 嗅探功能似乎在监视器模式下不起作用?

python - scapy 嗅探功能似乎在监视器模式下不起作用?

问题描述

我正在尝试编写一个数据包嗅探器,它将一个接口和一个正则表达式作为可选参数并搜索嗅探的数据包以查找匹配项,但它似乎根本无法嗅探数据包,整个代码是:

#!/home/khaled/PycharmProjects/networking/venv/bin/python3
# A regular expresion finder

from scapy.all import *
import re
import os
import argparse
import subprocess
import sys

def test(num):
    num = num.sprintf('%Raw.load%')
    print("Packet Data: {}".format(num))
    res = re.findall("TESTING", num)


def parser():
    parser = argparse.ArgumentParser(usage="command -i <interface>",
                                     description="Listen for incoming traffic on specified interface for specified"
                                                 "regex expresion")
    parser.add_argument("-i", help="The interface to listen on", dest="interface", required=True)
    parser.add_argument("-r", help="regex expresion to look for", dest="regex", required=False, default=False)
    env = parser.parse_args()
    global interface
    global regex
    interface = env.interface
    regex = env.regex

def start_sniff(interface):
    # Check if a
    print(conf.iface)
    print("[+] Started Sniffing For regex in HTTP data at interface {}".format(interface))
    sniff(prn=test, filter="tcp", iface=interface, count=0, monitor=True)


def start_moniter_interface(iface):

    try:
        # subprocess.run(['airmon-ng', "check", "kill"], check=True)
        rslt = subprocess.run(["airmon-ng", "start", iface], check=True, capture_output=True)
    except subprocess.CalledProcessError as e:
        print("[+] Error Has Occurred when putting Interface in monitor mode {}".format(e.stderr))
        sys.exit(1)
    else:
        print("[+] Started interface in moniter mode")
        interface_name = re.findall("wlp[0-9a-z]+mon", rslt.stdout.decode("utf-8"))[0]
        print("[+] Found interface Name is {}".format(interface_name))
        if interface_name:  # Found interface name
            return interface_name
        else:               # Else Run iwconfig
            # nfig manually
            print("Unable to determine interface name")
            print("Run iwconfig and rerun script with new interface name")
            sys.exit(1)


def main():
    parser()

    if os.getuid() != 0:    # Not running as root run with sudo
        print("Error Need to run script as root, run with sudo")
        sys.exit(1)
    else:   # running as root
        result = subprocess.run(["iwconfig", interface], capture_output=True, check=True)
        if "mode:moniter" in result.stdout.decode("utf-8").lower(): # Check Moniter mode
            start_sniff(interface)
        else:   # Else start Interface in moniter mode then sniff for packets
            moniter_interface = start_moniter_interface(interface)
            start_sniff(moniter_interface)


if __name__ == "__main__":
    main()

它用于airmon将网卡置于监控模式,然后用于在置于监控模式iwconfig后获取网卡的名称。用户传递的正则表达式暂时被忽略。该test功能似乎根本没有被调用,我不知道为什么,因为当无线网卡处于模式sniff时功能似乎工作。managed它只是无所事事

[+] Started Sniffing For regex in HTTP data at interface wlp2s0mon

嗅探函数称为:

    sniff(prn=card_type, filter="tcp", iface=interface, count=0, monitor=True)

同样运行iwconfig显示网卡处于监控模式。

标签: pythonpython-3.xnetworkingscapysniffing

解决方案

您正在使用 BPF 过滤器在内核级别过滤 tcp。我敢打赌,您从受 WPA2 保护的网络中嗅探,这意味着 802.11 (Wi-Fi) 帧中的有效负载是加密的,因此您实际上无法查看帧内部。我建议尝试在没有监控模式的情况下进行嗅探,因此您可以捕获常规的 802.3 以太网帧,而不是使用我提到的有效载荷加密的原始 802.11。

推荐阅读