环境配置:
代码:
#! /usr/bin/env python
#coding=utf-8
from scapy.all import *
import time
import re
def timestamp2time(timestamp):
timeArray = time.localtime(timestamp)
mytime = time.strftime("%Y-%m-%d %H:%M:%S", timeArray)
return mytime
def pack_callback(packet):
if packet[TCP].payload:
strpacket=str(packet[TCP].payload)
host = re.search('Host: ([a-zA-Z0-9.-]*)\r\n', strpacket)
URL = re.search('(GET|HEAD|POST|DELETE) (.*) HTTP/1.1\r\n', strpacket)
useragent = re.search('User-Agent: (.*)\r\n', strpacket)
if URL:
domain = host.group(1)
url = URL.group(2)
agent = useragent.group(1)
if "/etc/passwd" in url.lower():
print "%s --- %s:%s --> %s:%s(%s) >>>文件包含" \
%(timestamp2time(packet.time),packet[IP].src,packet.sport,packet[IP].dst,packet.dport,domain)
print "URL: http://%s/%s" % (domain,url)
print "User-Agent: %s" % agent
print "\n"
elif "%27%20union" in url or "%27union" in url.lower():
print "%s --- %s:%s --> %s:%s(%s) >>>注入漏洞" \
%(timestamp2time(packet.time),packet[IP].src,packet.sport,packet[IP].dst,packet.dport,domain)
print "URL: http://%s%s" % (domain,url)
print "User-Agent: %s" % agent
print "\n"
sniff(filter="tcp port 80 and src host 192.168.88.3",prn=pack_callback,iface="eth0",count=0)
效果截图
2222.png
