When I look at LLMNR Query pocket with Scapy I see that the LLMNR-Query have inside a DNSQR.
When I like to retrieve data from the LLMNR-Query I can with:
pkts[x].sprintf("%LLMNRQuery.qr%")
but I didn’t figure out how to retrieve data from the DNSQR that inside the LLMNR-Query; I tried :
pkts[x].sprintf("%DNSQR.qname%")`
but the unser I get is '??'
I'd be happy to know how to retrieve the DNSQR
Try:
pkts[x].qd.sprintf('%DNSQR.qname%')
Or:
pkts[x].qd.qname
Related
I am trying to pull data out of data packets that I am recieving from another device. I have isolated the packet I want to pull the data from but cannot figure out how to extract the data that I want. I am using pyshark to get to the packet but this does not allow to me to actually see that data. I can see the data when I am in wireshark. The data I am looking to pull is circled in red. Wireshark
Here is my code in python.
import pyshark
capture=pyshark.LiveCapture(interface='wlan0', display_filter='frame.len>190 and upd.port==1700')
for i in capture:
print(i)
Which displays all of the same information that wireshark does minus the latitude, longitude coordinates.
I would ask for a sample PCAP file, but most people don't want to share real world data. Without a PCAP file, I cannot give you a complete answer, but I can give you one that is 95% there.
This is the way that I would attack your problem:
import pyshark
capture = pyshark.LiveCapture(interface='your_interface')
for raw_packet in capture.sniff_continuously():
# filter only UDP packet that have a frame length greater
# than 190 and that have a port number of 1700.
if hasattr(raw_packet, 'udp') and int(packet.frame_info.cap_len) > 190 and packet[packet.transport_layer].srcport == '1700':
# Get the details for the packets by accessing
# _all_fields and _all_fields.values()
field_names = raw_packet.udp._all_fields
field_values = raw_packet.udp._all_fields.values()
for field_name in field_names:
for field_value in field_values:
# you can add another filter here to get your
# lat & long coordinates
print(f'{field_name} -- {field_value}')
# if you need to access the packet data you need to do this,
# but it might come back in hex, which will need to be decoded.
# if "DATA" in str(packet.layers):
# print(packet.data.data)
Please reach out if you have any issues filtering out the packets that you're looking for. if you can share a sample PCAP, I will tweak my answer.
I have a document and code examples on GitHub named pyshark packet analysis that you might find useful.
Long story short, i get the query from spotify api which is JSON that has data about newest albums. How do i get the specific info from that like let's say every band name or every album title. I've tried a lot of ways to get that info that i found on the internet and nothing seems to work for me and after couple of hours im kinda frustrated
JSON data is on jsfiddle
here is the request
endpoint = "https://api.spotify.com/v1/browse/new-releases"
lookup_url = f"{endpoint}"
r = requests.get(lookup_url, headers=headers)
print(r.json())
you can find the
When you make this request like the comments have mentioned you get a dictionary which you can then access the keys and values. For example if you want to get the album_type you could do the following:
print(data["albums"]["items"][0]["album_type"])
Since items contains a list you would need to get the first values 0 and then access the album_type.
Output:
single
Here is a link to the code I used with your json.
I suggest you look into how to deal with json data in python, this is a good place to start.
I copied the data from the jsfiddle link.
Now try the following code:
import ast
pyobj=ast.literal_eval(str_cop_from_src)
later you can try with keys
pyobj["albums"]["items"][0]["album_type"]
pyobj will be a python dictionary will all data.
I'm trying to get url from object data, but it isn't right. This program has stopped on line 4. Code is under.
My code:
import requests
gifs = str(requests.get("https://api.giphy.com/v1/gifs/random?
api_key=APIKEY"))
dump = json.dumps(gifs)
json.loads(dump['data']['url'])
Your description is not clear enough. You expect to read a json and select a field that brings you something?
I recommend you check this section of requests quickstart guide this i suspect you want to read the data to json and extract from some fields.
Maybe something like this might help:
r = requests.get('http://whatever.com')
url = r.json()['url']
dnsPackets = rdpcap(dnsPcap)
domain = 'stackoverflow.com'
for packet in dnsPackets:
if packet.haslayer(DNSQR):
query = packet[DNSQR].qname
if domain in query:
outFile.write(query + '\n')
This code gives me a nice list of DNS queries containing the domain stackoverflow.com.
However, comparing the results in wireshark i can see that i have 1 more query, and that query is in a malformed packet (wireshark reads it fine). How would i go extracting that as well?
Thank you.
This was solved. Above code was correct but bug in code later on.
I have some mails in txt format, that have been forwarded multiple times.
I want to extract the content/the main body of the mail. This should be at the last position in the hierarchy..right? (Someone point this out if I'm wrong).
The email module doesn't give me a way to extract the content. if I make a message object, the object doesn't have a field for the content of the body.
Any idea on how to do it? Any module that exists for the same or any any particular way you can think of except the most naive one of-course of starting from the back of the text file and looking till you find the header.
If there is an easy or straightforward way/module with any other language ( I doubt), please let me know that as well!
Any help is much appreciated!
The email module doesn't give me a way to extract the content. if I make a message object, the object doesn't have a field for the content of the body.
Of course it does. Have a look at the Python documentation and examples. In particular, look at the walk and payload methods.
Try get_payload on the parsed Message object. If there is only one message, the return type will be string, otherwise it will be a list of Message objects.
Something like this:
messages = parsed_message.get_payload()
while type(messages) <> Types.StringType:
messages = messages[-1].get_payload()