jpcofr · October 15, 2023 16:37
diff --git a/extract_http_packets_as_hex.py b/extract_http_packets_as_hex.py
 """
 This script extracts HTTP packet details from a pcap file, formats them
 with their respective HTTP verb, URI, and status code, and writes the
 hexadecimal content of each packet along with a descriptive header
 to a specified output file.
 """

 import subprocess
 import sys
 from scapy.all import *

 def get_http_packet_details(pcap_file):
    cmd = [
        'tshark',
        '-r', pcap_file,
        '-Y', 'http',
        '-T', 'fields',
        '-e', 'frame.number',
        '-e', 'http.request.method',
        '-e', 'http.request.uri',
        '-e', 'http.response.code'
    ]
    result = subprocess.run(cmd, stdout=subprocess.PIPE, text=True)
    return result.stdout.strip().split('\n')


 def write_http_packets_to_file(pcap_file, output_file):
    packet_details = get_http_packet_details(pcap_file)
    packets = rdpcap(pcap_file)

    with open(output_file, 'w') as f:
        for detail in packet_details:
            detail_split = detail.split('\t')
            packet_number = detail_split[0]
            http_verb = detail_split[1] if len(detail_split) > 1 else ""
            http_uri = detail_split[2] if len(detail_split) > 2 else ""
            http_code = detail_split[3] if len(detail_split) > 3 else ""

            packet = packets[int(packet_number) - 1]  # -1 as tshark is 1-indexed
            hex_content = packet.__bytes__().hex()

            title = f"# {packet_number} {http_verb} {http_code} {http_uri}".strip()
            f.write(f'{title}\n')
            f.write(f'{hex_content}\n\n')

    print(f'HTTP packet details written to {output_file}')


 if __name__ == "__main__":
    pcap_file = sys.argv[1]
    output_file = sys.argv[2]
    write_http_packets_to_file(pcap_file, output_file)
	"""
	This script extracts HTTP packet details from a pcap file, formats them
	with their respective HTTP verb, URI, and status code, and writes the
	hexadecimal content of each packet along with a descriptive header
	to a specified output file.
	"""

	import subprocess
	import sys
	from scapy.all import *

	def get_http_packet_details(pcap_file):
	cmd = [
	'tshark',
	'-r', pcap_file,
	'-Y', 'http',
	'-T', 'fields',
	'-e', 'frame.number',
	'-e', 'http.request.method',
	'-e', 'http.request.uri',
	'-e', 'http.response.code'
	]
	result = subprocess.run(cmd, stdout=subprocess.PIPE, text=True)
	return result.stdout.strip().split('\n')


	def write_http_packets_to_file(pcap_file, output_file):
	packet_details = get_http_packet_details(pcap_file)
	packets = rdpcap(pcap_file)

	with open(output_file, 'w') as f:
	for detail in packet_details:
	detail_split = detail.split('\t')
	packet_number = detail_split[0]
	http_verb = detail_split[1] if len(detail_split) > 1 else ""
	http_uri = detail_split[2] if len(detail_split) > 2 else ""
	http_code = detail_split[3] if len(detail_split) > 3 else ""

	packet = packets[int(packet_number) - 1] # -1 as tshark is 1-indexed
	hex_content = packet.__bytes__().hex()

	title = f"# {packet_number} {http_verb} {http_code} {http_uri}".strip()
	f.write(f'{title}\n')
	f.write(f'{hex_content}\n\n')

	print(f'HTTP packet details written to {output_file}')


	if __name__ == "__main__":
	pcap_file = sys.argv[1]
	output_file = sys.argv[2]
	write_http_packets_to_file(pcap_file, output_file)