master

分支 (1)

管理

管理

master

pcapcreate
/
pcaps_create.py

# -- coding: utf-8 --
# Name: pcaps_create.py
# Where:
from scapy.all import *
from scapy.utils import wrpcap
from scapy.layers.inet import IP, TCP, Ether
from scapy.layers.http import HTTPRequest, HTTPResponse
import re
import random
import os
import http_responses

# 定义源和目标MAC地址
src_mac = "c0:25:a5:80:a4:79"
dst_mac = "c0:26:a5:80:a4:79"


# HTTP请求的原始字符串
http_request_prv ='''POST /CDGServer3/LinkFilterService HTTP/1.1

aa=bb
'''

# HTTP响应的原始字符串
http_response_prv = '''HTTP/1.1 302 Moved Temporarily
'''

def fix_content_length(request_body:str):
    """
    修正HTTP请求内容的Content-Length头部值。

    如果请求方法不是GET且Content-Length字段不存在，将自动添加此字段并设置为请求体的长度。

    :param request_body: 原始HTTP请求内容字符串
    :return: 修正Content-Length头部后的HTTP请求内容字符串
    """
    # 标准化行结束符
    # request_body = request_body.replace('\n', '\r\n')

    # 尝试分割请求头和请求体
    header, _, body = request_body.partition('\r\n\r\n')

    # 检查是否已存在Content-Length字段
    content_length_match = re.search(r'Content-Length: (\d+)', header, re.IGNORECASE)

    # 如果存在，则更新长度，否则添加字段
    if content_length_match:
        expected_length = int(content_length_match.group(1))
        actual_length = len(body)
        if actual_length != expected_length:
            # 更新Content-Length字段
            header = re.sub(r'Content-Length: \d+', f'Content-Length: {actual_length}', header, flags=re.IGNORECASE)
    else:
        # 对于非GET请求，添加Content-Length字段
        if not header.startswith('GET'):
            actual_length = len(body)
            header += f'\r\nContent-Length: {actual_length}'

    # 重新组装请求头和请求体
    updated_request_body = header + '\r\n\r\n' + body

    return updated_request_body

def creat_http_pcap(http_request:str, http_response: str, src_ip="10.71.35.104", src_port=5000,
                    dst_ip="10.8.144.32", dst_port=8000, pcapname=''):
    """
    创建一个模拟HTTP请求和响应的PCAP文件。

    :param http_request: HTTP请求内容
    :param http_response: HTTP响应内容
    :param src_ip: 源IP地址
    :param src_port: 源端口
    :param dst_ip: 目标IP地址
    :param dst_port: 目标端口
    :param pcapname: 生成的PCAP文件名称
    """

    seq = random.randint(10, 5000)
    seq2 = random.randint(10, 5000)
    src_port = random.randint(20000, 50000)
    # 构建IP和TCP层
    ipsrc = Ether(src=src_mac, dst=dst_mac) / IP(src=src_ip, dst=dst_ip)
    ipdst = Ether(src=dst_mac, dst=src_mac) / IP(src=dst_ip, dst=src_ip)
    syn_packet = ipsrc / TCP(sport=src_port, dport=dst_port, seq=seq, flags="S")

    syn_ack_packet = ipdst / TCP(sport=dst_port, dport=src_port, flags="SA", seq=seq2, ack=syn_packet[TCP].seq + 1)

    ack_packet = ipsrc / TCP(sport=src_port, dport=dst_port, flags="A", seq=syn_ack_packet[TCP].ack,
                             ack=syn_ack_packet[TCP].seq + 1)

    # http_request = "GET / HTTP/1.1\r\nHost: www.example.com\r\nConnection: close\r\n\r\n"
   #  http_request_packet = ipsrc / TCP(sport=src_port, dport=dst_port, flags=24, seq=ack_packet[TCP].seq,
                                      # ack=syn_ack_packet[TCP].seq + 1) / http_request.encode()
    http_request_packet = ipsrc / TCP(sport=src_port, dport=dst_port, flags="P", seq=ack_packet[TCP].seq,
                                      ack=syn_ack_packet[TCP].seq + 1) / Raw(load=http_request.encode())

    httpack = ipdst / TCP(sport=dst_port, dport=src_port, seq=http_request_packet[TCP].ack,
                          ack=http_request_packet[TCP].seq + len(http_request), flags='A')

    # http_response = "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: close\r\n\r\n"
    # http_response_packet = ipdst / TCP(sport=dst_port, dport=src_port, flags=24, seq=httpack[TCP].seq,
    #                                    ack=httpack[TCP].ack) / http_response.encode()
    http_response_packet = ipdst / TCP(sport=dst_port, dport=src_port, flags="P", seq=httpack[TCP].seq,
                                       ack=httpack[TCP].ack) / Raw(load=http_response.encode())

    fin_packet = ipsrc / TCP(sport=src_port, dport=dst_port, flags="FA", seq=http_response_packet[TCP].ack,
                             ack=http_response_packet[TCP].seq + len(http_response))

    ack_packet_close = ipdst / TCP(sport=dst_port, dport=src_port, flags="A", seq=fin_packet[TCP].ack,
                                   ack=fin_packet[TCP].seq + 1)

    ack_packet_close2 = ipdst / TCP(sport=dst_port, dport=src_port, flags="FA", seq=ack_packet_close[TCP].seq,
                                    ack=fin_packet[TCP].seq + 1)

    fin_packet_ack = ipsrc / TCP(sport=src_port, dport=dst_port, flags="A", seq=ack_packet_close2[TCP].ack,
                                 ack=ack_packet_close2[TCP].seq + 1)
    # HTTP会话过程，包括TCP三次握手、HTTP请求/响应、TCP四次挥手
    http_traffic = [syn_packet, syn_ack_packet, ack_packet, http_request_packet, httpack, http_response_packet,
                    fin_packet, ack_packet_close, ack_packet_close2, fin_packet_ack]
    file_paths = './pcapss/' + pcapname + '.pcap'
    wrpcap(file_paths, http_traffic)
    return file_paths