Scapy介绍:http://kjol.cc/python-scapy.html
初探Scapy
#-*-coding:utf-8-*-
#引入scapy库
from scapy.all import *
#定义一个回调函数
def packet_callback(packet):
print packet.show()
#开启scapy,没有过滤函数, count监听次数
sniff(prn=packet_callback ,count=1)
运行后返回如下
root@myspuerkali:~/python# python sniffer_main.py
###[ Ethernet ]###
dst = d0:50:99:0d:ef:73
src = 00:30:18:1c:4b:29
type = 0x800
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = 40
id = 24827
flags = DF
frag = 0L
ttl = 52
proto = tcp
chksum = 0xa551
src = 192.241.187.236
dst = 192.168.2.253
\options \
###[ TCP ]###
sport = https
dport = 64911
seq = 1775373869
ack = 3724631815L
dataofs = 5L
reserved = 0L
flags = A
window = 33
chksum = 0xbadc
urgptr = 0
options = {}
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00'
None
下面我们在上面的基础上继续扩展
#-*-coding:utf-8-*-
from scapy.all import *
#定义一个回调函数
def packet_callback(packet):
mail_packer = str(packet[TCP].payload)
#如果嗅探到有user跟pass出现,就打出目的IP跟实际内容
if "user" in mail_packer.lower() or "pass" in mail_packer.lower():
print "[*] Server:%s" % packet[IP].dst
print "[*] %s" % packet[TCP].payload
#fileer过滤器,只嗅探110(pop3) 25(smtp) 143(imap)
#store表示不在内存保存数据包
sniff(filter="tcp port 110 or tcp port 25 or tcp port 143",prn=packet_callback ,store=0)
然后我使用了我的TOM邮箱,数据出了,但是没有抓取到明文。
不知道啥原因,不知道是不是使用了其他工具来登录
root@myspuerkali:~/python# python sniffer_main.py
[*] Server:192.168.2.249
[*] +OK Capability list follows
TOP
USER
SASL PLAIN LOGIN
.