Sometimes, you would like to manipulate an application by supplying a custom HTTP header that contains custom information. For example, adding an authorization header can be useful to implement the HTTP basic authentication in your packet capture code.
Let us sniff the packets using the sniff()
function of Scapy
and define a callback function, modify_packet_header()
, which adds an extra header of certain packets.
Listing 9.3 gives the code for adding an extra header in HTTP packets, as follows:
#!/usr/bin/env python # Python Network Programming Cookbook -- Chapter - 9 # This program is optimized for Python 2.7. # It may run on any other version with/without modifications. from scapy.all import * def modify_packet_header(pkt): """ Parse the header and add an extra header""" if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80 and pkt.haslayer(Raw): hdr = pkt[TCP].payload.__dict__ extra_item = {'Extra Header' : ' extra value'} hdr.update(extra_item) send_hdr = ' '.join(hdr) pkt[TCP].payload = send_hdr pkt.show() del pkt[IP].chksum send(pkt) if __name__ == '__main__': # start sniffing sniff(filter="tcp and ( port 80 )", prn=modify_packet_header)
If you run this script, it will show a captured packet; print the modified version of it and send it to the network, as shown in the following output. This can be verified by other packet capturing tools such as tcpdump
or wireshark
:
$ python 9_3_add_extra_http_header_in_sniffed_packet.py ###[ Ethernet ]### dst = 52:54:00:12:35:02 src = 08:00:27:95:0d:1a type = 0x800 ###[ IP ]### version = 4L ihl = 5L tos = 0x0 len = 525 id = 13419 flags = DF frag = 0L ttl = 64 proto = tcp chksum = 0x171 src = 10.0.2.15 dst = 82.94.164.162 options ###[ TCP ]### sport = 49273 dport = www seq = 107715690 ack = 216121024 dataofs = 5L reserved = 0L flags = PA window = 6432 chksum = 0x50f urgptr = 0 options = [] ###[ Raw ]### load = 'Extra Header sent_time fields aliastypes post_transforms underlayer fieldtype time initialized overloaded_fields packetfields payload default_fields' . Sent 1 packets.
First, we set up the packet sniffing using the sniff()
function of Scapy, specifying modify_packet_header()
as the callback function for each packet. All TCP packets having TCP and a raw layer that are destined to port 80
(HTTP) are considered for modification. So, the current packet header is extracted from the packet's payload data.
The extra header is then appended to the existing header dictionary. The packet is then printed on screen using the show()
method, and for avoiding the correctness checking failure, the packet checksum data is removed from the packet. Finally, the packet is sent over the network.
13.58.51.36