Okay, before jumping to writing the code in Python I’ll tell you about the setup that I have: I am currently on Windows 10 and I have Virtualbox running with two VMs (1. If anyone keyword matched then the field_load is returned to the process_packet(packet) function to display potential credentials. The for loop loops over each element in the tuple and checks whether any of the keywords is present the field_load variable. These keywords are derived by guessing common names given to HTML Form elements that are used to design HTML Signup and Login forms. The tuple contains the keywords that are potential names of the form fields used at the time of making an HTML Form. The next step is using a for loop to loop over the tuple we discussed earlier. If the packet has the layer, then it extracts the value of the load subfield and stores it in a variable called field_load. At first, the function checks whether the packet has the Raw layer. It also shows that the credentials are stored inside a subfield called load. The below code block shows the Raw layer. This layer is crucial for what we are trying to achieve because the additional information such as credentials is added to the Raw layer. Now, when we looked at the contents of the packet at the beginning of step 4, there was no such layer called Raw. This function also needs a packet to work with. Before understanding why it is required let's understand the function itself.
In the above code, you can see a Python tuple named keywords. Now, let's jump to the process_packet function.
These fields contain information about Ethernet. For instance, from the above block, # is a layer and the following lines are the fields under the Ethernet. The lines after that are the fields that come under that layer until the next layer is encountered. The line that starts with # is called a layer. The above block shows the contents of the packet. # dst = 52:54:00:12:35:00 src = 08:00:27:35:21:2e type = IPv4 # version = 4 ihl = 5 tos = 0x0 len = 441 id = 22651 flags = DF frag = 0 ttl = 64 proto = tcp chksum = 0xf1f9 src = 10.0.2.9 dst = 176.28.50.165 \options \ # sport = 48556 dport = http seq = 790303956 ack = 327206 dataofs = 5 reserved = 0 flags = PA window = 64240 chksum = 0xf075 urgptr = 0 options = # Method = 'GET' Path = '/login.php' Http_Version= 'HTTP/1.1' A_IM = None Accept = 'text/html,application/xhtml+xml,application/xml q=0.9,*/* q=0.8' Accept_Charset= None Accept_Datetime= None Accept_Encoding= 'gzip, deflate' Accept_Language= 'en-US,en q=0.5' Access_Control_Request_Headers= None Access_Control_Request_Method= None Authorization= None Cache_Control= 'max-age=0' Connection= 'keep-alive' Content_Length= None Content_MD5= None Content_Type= None Cookie = None DNT = None Date = None Expect = None Forwarded = None From = Non Front_End_Https= None HTTP2_Settings= None Host = '' If_Match = None If_Modified_Since= None If_None_Match= None If_Range = None If_Unmodified_Since= None Keep_Alive= None Max_Forwards= None Origin = None Permanent = None Pragma = None Proxy_Authorization= None Proxy_Connection= None Range = None Referer = ' Step 4: Writing the process_packet(packet) functionīefore jumping into the function, let’s take a look at how a scapy packet looks like.
0 kommentar(er)
