Find ASCII String in a Packet with Scapy

from scapy.all import *

def find_str(pkt):
    if IP in pkt:
        ip_src=pkt[IP].src
        ip_dst=pkt[IP].dst
    if TCP in pkt:
        tcp_sport=pkt[TCP].sport
        tcp_dport=pkt[TCP].dport

        #print " IP src " + str(ip_src) + " TCP sport " + str(tcp_sport)
        #print " IP dst " + str(ip_dst) + " TCP dport " + str(tcp_dport)

        if (pkt[TCP].dport == 80):
                if(str(pkt[TCP].payload).find("username") > 0):
                        print(pkt[TCP].payload)

# Filter out the packets we aren't interested in...
sniff(offline='unsecure_login_updated.pcap',filter="ip and host 192.168.1.3 and tcp",prn=find_str)

Leave a Reply