-1

I have a pcap with many tcp/http sessions. I would like to be able to handle each session as an object. Ideally, i could see all the requests in the sessions (get, post ...) and all of the responses to these requests. Each request and response will have it's headers as dictionary, etc.

so i want smth that does this: import smth

pcap_obj = smth.readpcap('pcap_file.txt')

for session in pcap_obj:
    for req in session.requests():
        print req.headers['Content-Type']
        ...
        print req.body
    for req in session.responses():
        print res.status_code
        print res.body
        ...

I know about scapy, and managed to read pcap, and get the list of sessions. But those are raw tcps, and i need to reconstruct and parse the HTTP. I've seen that BaseHTTPServer might have something like this, but it seems it's mainly to parse requests, and doesn't handle sessions with multiple requests.

Any ideas?

t0m9er
  • 143
  • 2
  • 11
  • First hit when looking for [python parse http pcap](https://www.google.com/search?q=python+parse+http+pcap) gives me [pcap-parser 0.5.10](https://pypi.python.org/pypi/pcap-parser) which *This module parses pcap/pcapng files, retrieves HTTP data, and shows as text.*. – Steffen Ullrich Apr 26 '17 at 04:06
  • Thanks for the comment, installed the module but there is hardly help, and it does not seem very supported. After doing a test with it i got multiple exceptions on a basic pcap so this doesn't really satisfy the needs. – t0m9er Apr 26 '17 at 07:38
  • stackoverflow.com is not a code writing service. I would suggest that you have a closer look at how the module uses pcap to extract http and either adapt the module to your needs or write your own based on what you've learned. If you get more specific questions while doing this ask a new and specific question. But in the current state the question is too broad and shows not enough attempts to solve the problem yourself. – Steffen Ullrich Apr 26 '17 at 09:05

1 Answers1

0

I think I found the solution:

https://github.com/vikwin/pcapfex

This project can parse pcap TCP sessions, and for each session extract the files sent in this session.

Some modification is needed around dispatcher.py to fit the needs, but it's the best I could find after testing with multiple packages.

t0m9er
  • 143
  • 2
  • 11