pcapng_parser.py

from scapy.all import *

if len(sys.argv) < 2:
    print("Usage: python3 parser.py <pcap file> --prefix-flag=FROG")
    sys.exit(1)

# check if file exists
if not os.path.isfile(sys.argv[1]):
    print("File does not exist")
    sys.exit(1)
else:
    file = sys.argv[1]

# check if --prefix-flag is not empty
if sys.argv[2] == "--prefix-flag=":
    print("Prefix flag is empty")
    sys.exit(1)
else:
    prefix_flag = sys.argv[2][14:]

for packet in PcapNgReader(file):
    src = packet.src
    dst = packet.dst
    payload = str(packet.payload)
    if prefix_flag in payload:
        print('Flag found in packet from {} to {}'.format(src, dst))
        frog = payload.split(prefix_flag)[1].split(' ')[0].replace("'", "")
        print("Flag: {}{}".format(prefix_flag, frog))
        break

Contoh penggunaan

➜  PCAPNG-Parser python3.10 parser.py MITM.pcapng --prefix-flag=frog
WARNING: No IPv4 address found on en1 !
WARNING: No IPv4 address found on bridge0 !
WARNING: more No IPv4 address found on p2p0 !
/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated
  cipher=algorithms.Blowfish,
/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated
  cipher=algorithms.CAST5,
WARNING: Calling str(pkt) on Python 3 makes no sense!
WARNING: Calling str(pkt) on Python 3 makes no sense!
WARNING: more Calling str(pkt) on Python 3 makes no sense!
Flag found in packet from 28:7f:cf:fe:c3:56 to 4c:5e:0c:c6:0f:6d
Flag: frog{t3ln3tp4ssw0rd}
➜  PCAPNG-Parser

package scapy wajib diinstal, tutorial ada di https://scapy.readthedocs.io/en/latest/installation.html