|
本帖最后由 python_for7 于 2017-7-26 10:41 编辑
因为dpkt解析长连接包会报错,所以修改了http.py里的一行代码:- <div class="blockcode"><blockquote>def parse_body(f, headers):
- ...
- elif 'content-length' in headers:
- n = int(headers['content-length'])
- body = f.read(n)
- if len(body) != n:
- <b>if 'expect' not in headers:</b>
- raise dpkt.NeedData('short body (missing %d bytes)' % (n - len(body)))
复制代码
现在长连接的http包能解析出来了,但解析的包里的内容好像有重复,导致在拼接body的时候,长度和预期的content-length不符合,不知道怎么改了,谁有类似的经历吗?或者解析http长包有其它方法可以用?
以下是我解析httpbody的代码:
- # coding:utf-8
- from mydpkt import Request
- from mydpkt import Reader, Ethernet
- rh_log = open('e:\\rh.pcap','rb')
- rh_file = Reader(rh_log)
- # p.setfilter('tcp port 80')
- expect_request_switch = False
- expect_respone_switch = False
- body_lenth = 0
- keep_alive_index = 0
- body_persistent = ''
- body_all = []
- index = 0
- for index, (ptime, pdata) in enumerate(rh_file).__iter__():
- p = Ethernet(pdata)
- ip = p.data
- if ip.__class__.__name__ == 'IP':
- dst_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip.dst)))
- src_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip.src)))
- tcp = ip.data
- # dport = tcp.dport
- if tcp.__class__.__name__ == 'TCP' and len(tcp.data) > 1:
- dport = tcp.dport
- sport = tcp.sport
- received_string = str(tcp.data)
- if expect_request_switch:
- if 'HTTP/1.1 100 Continue' in tcp.data:
- keep_alive_index = index
- expect_respone_switch = True
- if (index >= (keep_alive_index + 1)) and expect_respone_switch and dport == 80:
- body_persistent += received_string
- body_persistent_lenth = len(body_persistent)
- if body_persistent_lenth >= body_lenth:
- print 'body:\n{}'.format(body_persistent)
- body_all.append(body_persistent)
- expect_request_switch = False
- expect_respone_switch = False
- body_persistent = ''
- if dport == 80 and expect_respone_switch is False:
- try:
- rq = Request(received_string)
- Request_body = rq.body
- Request_headers = rq.headers
- Request_method = rq.method
- Request_uri = rq.uri
- # print 'headers:{}'.format(Request_headers)
- if 'expect' in Request_headers.keys():
- expect_request_switch = True
- body_lenth = int(Request_headers.get('content-length'))
- except Exception as e:
- # print tcp.data
- pass
复制代码
|
|