Created
February 26, 2018 18:32
-
-
Save vesche/1b6b1532779fef9f3d15baea9b7ff497 to your computer and use it in GitHub Desktop.
frontsidefix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # -*- coding: utf-8 -*- | |
| # | |
| # frontsidefix | |
| # https://github.com/vesche | |
| # | |
| import argparse | |
| import os | |
| import sys | |
| from scapy.all import * | |
| # this is the IPv4 version and header length const | |
| # \x08\x00\x45\x00 as a byte array | |
| STATIC = [8, 0, 69, 0] | |
| def get_parser(): | |
| parser = argparse.ArgumentParser(description='frontsidefix') | |
| parser.add_argument('-i', '--input', help='pcap file in', | |
| required=True, type=str) | |
| parser.add_argument('-o', '--output', help='pcap file out', | |
| required=True, type=str) | |
| return parser | |
| def main(): | |
| parser = get_parser() | |
| args = vars(parser.parse_args()) | |
| pcap_in = args['input'] | |
| pcap_out = args['output'] | |
| if not os.path.isfile(pcap_in): | |
| print("Error: {} does not exist.".format(pcap_in)) | |
| sys.exit(1) | |
| packets = rdpcap(pcap_in) | |
| for p in packets: | |
| ord_pkt = map(ord, str(p)) | |
| occ = [(i, i+len(STATIC)) for i in range(len(ord_pkt)) \ | |
| if ord_pkt[i:i+len(STATIC)] == STATIC] | |
| offset = occ[0][0] | |
| missing_bytes = 12 - offset | |
| frontside = [0 for i in range(missing_bytes)] | |
| fixed_ord_pkt = frontside + ord_pkt | |
| fixed_raw_pkt = ''.join(map(chr, fixed_ord_pkt)) | |
| new_pkt = p.__class__(fixed_raw_pkt) | |
| wrpcap(pcap_out, new_pkt, append=True) | |
| print("Finished, check out {} in Wireshark.".format(pcap_out)) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment