Content gets corrupted when I forward a scapy packet using the Rest Service

Question

I am trying to forward a network packet formed by scapy to the rest service, but somehow packet gets corrupted at receiver side (rest service side).

I formed the network packet using scapy:

0000  1a 0b 0c 14 05 16 00 00 00 00 00 00 08 00 45 00   ..............E.
0010  01 10 00 01 00 00 40 11 f0 d2 05 05 05 04 7f 00   ......@.........
0020  00 01 00 44 00 43 00 fc 85 7f 01 00 00 00 00 00   ...D.C..........
0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00d0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00f0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0100  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0110  00 00 00 00 00 00 63 82 53 63 35 01 01 ff         ......c.Sc5...

I forwarded the captured scapy packet to web service using python code :

h = httplib2.Http(".cache")
h.add_credentials("user","passworkd")
data = urllib.urlencode({"packet":pack})
resp, content = h.request(url, "POST", data, headers={'Content-Type': 'applicatoin/x-www-form-urlencodede'})

At the server side(implemented in java) I printed the obtained packet(byte stream) it shows the following output (which is different from the send packet) :

1a0b0c140516000000000000080045000110000100004011efbfbdefbfbd050505047f0000010044004300efbfbd7f010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063efbfbd5363350101efbfbd

Edit:

Java server side handling :

@Path("/test")
    @POST
    @StatusCodes({
        @ResponseCode(code = 200, condition = "Destination reachable"),
        @ResponseCode(code = 503, condition = "Internal error"),
        @ResponseCode(code = 503, condition = "Destination unreachable") })
    public Response rcvDHCPPkt(@FormParam("packet") String packet) {

        String pkt_decode = URLDecoder.decode(packet, "UTF-8"); // tried with and without it.

        // here it shows the packet corruption. I tried to print packet also it has same problem.
        System.out.println("packet received:" + byteArrayToHex(packet_decode.getBytes()));

used following function to print the hex equivalent.

   public static String byteArrayToHex(byte[] a) {
               StringBuilder sb = new StringBuilder(a.length * 2);
               for(byte b: a)
                  sb.append(String.format("%02x", b & 0xff));
               return sb.toString();
            }

Please suggest me, if I am missing something. I am suspecting two problem urlencoding or networks byte ordering.

@mhawke It is same as decode packet. Client is sending packet as argument, framed using the scapy. — subhash kumar singh, Aug 08 '14 at 13:30
It can't be the same as the decoded packet (after `URLdecode()`). What is the value of `packet` _before_ `String pkt_decode = URLDecoder.decode(packet, "UTF-8");`? — mhawke, Aug 08 '14 at 14:40

score 0 · Answer 1 · answered Aug 08 '14 at 11:54

I don't think that it's a url encoding problem, at least not at the Python end. Here I send the packet to a nc server running on my local machine. The Python code is:

import urllib
import httplib2
from binascii import unhexlify

data = '1a0b0c140516000000000000080045000110000100004011f0d2050505047f0000010044004300fc857f010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063825363350101ff'

h = httplib2.Http(".cache")
h.add_credentials("user", "passworkd")
data = urllib.urlencode({"packet": unhexlify(data)})
resp, content = h.request('http://localhost:12345', "POST", data, headers={'Content-Type': 'applicatoin/x-www-form-urlencodede'})

Here is what nc receives:

$ nc -l localhost 12345
POST / HTTP/1.1
Host: localhost:12345
Content-Length: 851
content-type: applicatoin/x-www-form-urlencodede
accept-encoding: gzip, deflate
user-agent: Python-httplib2/0.9 (gzip)

packet=%1A%0B%0C%14%05%16%00%00%00%00%00%00%08%00E%00%01%10%00%01%00%00%40%11%F0%D2%05%05%05%04%7F%00%00%01%00D%00C%00%FC%85%7F%01%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00c%82Sc5%01%01%FF

If you run urllib.unquote() on the data received by nc, it successfully compares to the original data... so, no encoding problem from the client.

But I did notice that you are not using a correct MIME type for Content-Type header:

headers={'Content-Type': 'applicatoin/x-www-form-urlencodede'}

should be

headers = {'Content-Type': 'application/x-www-form-urlencoded'}

My guess is that your Java server is misinterpreting the packet data because of the invalid Content-Type header.

using the `nc` I observed that contents are correct but at the server side if it finds the 0xff then if adds some additional character (same problem at server after correcting the content-type). I will add the server code to the question section, please take a look if I am missing something at server side. — subhash kumar singh, Aug 08 '14 at 12:33
So, correcting the Content-Type header didn't fix the problem? — mhawke, Aug 08 '14 at 12:36
I am using the opendaylight osgi bundle to handle the rest request. I have taken the code for rest service from the https://wiki.opendaylight.org/view/Ping — subhash kumar singh, Aug 08 '14 at 12:56

Content gets corrupted when I forward a scapy packet using the Rest Service

1 Answers1