<p>我正在尝试从python脚本从libpcap文件重建网页。我有所有的包,所以我想目标是有一个libpcap文件作为输入,你找到所有必要的包,不知何故有一个网页文件作为输出,所有的图片和数据来自该页面。谁能帮我从正确的方向出发吗。我想我需要dkpt和/或SCAPE。在</p>
<p><strong>更新1:代码如下!</strong>这是我目前用Python编写的代码。假设它从单个HTTP会话获取第一组数据包,从SYN和ACK标志设置为1的数据包开始,以FIN标志设置为1的数据包结束。在</p>
<p>假设在包捕获过程中只有一个网站被访问,那么这个代码是否会附加所有必要的包来重建访问的网页?在</p>
<p>假设我有所有必要的包,我如何重建网页?在</p>
<pre><code>import scaPy
pktList = list() #create a list to store the packets we want to keep
pcap = rdpcap('myCapture.pcap') #returns a packet list with every packet in the pcap
count = 0 #will store the index of the syn-ack packet in pcap
for pkt in pcap: #loops through packet list named pcap one packet at a time
count = count + 1 #increments by 1
if pkt[TCP].flags == 0x12 and pkt[TCP].sport == 80: #if it is a SYN-ACK packet session has been initiated as http
break #breaks out of the for loop
currentPkt = count #loop from here
while pcap[currentPkt].flags&0x01 != 0x01: #while the FIN bit is set to 0 keep loops stop when it is a 1
if pcap[currentPkt].sport == 80 and pcap[currentPkt].dport == pcap[count].dport and pcap[currentPkt].src == pcap[count].src and pcap[currentPkt].dst == pcap[count].dst:
#if the src, dst ports and IP's are the same as the SYN-ACK packet then the http packets belong to this session and we want to keep them
pktList.<a href="https://www.cnpython.com/list/append" class="inner-link">append</a>(pcap[currentPkt])
#once the loop exits we have hit the packet with the FIN flag set and now we need to reconstruct the packets from this list.
currentPkt = currentPkt + 1
</code></pre>