Giter Site home page Giter Site logo

pcapedit's Introduction

pcapedit

This script will help you interactively search within and edit a pcap file. Check following sample output from included command files for more details.

Usage:

$ python pcapedit.py <cmds.search.txt 
PcapEdit - An Interactive Pcap Editor

Nothing to search! Use 'analyze' first.

Read 43 packets from http.cap

search for tcp packets
Found 41 matches for search query '6 in ip.proto': 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43

search for udp packets
Found 2 matches for search query '17 in ip.proto': 13, 17

search for raw string
Found 5 matches for search query '(?i)Google in pay.load': 8, 10, 18, 26, 36

search for raw string
Incorrect searchvalue 'test' for protofield 'dns.ns', expected <type 'int'>

search for raw string
Found 19 matches for search query '.* in pay.load': 4, 6, 8, 10, 11, 14, 16, 18, 20, 21, 23, 26, 27, 29, 31, 32, 34, 36, 38

search within ether packets
Found 20 matches for search query '00:00:01:00:00:00 in ether.src': 1, 3, 4, 7, 9, 12, 13, 15, 18, 19, 22, 25, 28, 30, 33, 35, 37, 39, 41, 42
$ 
$ python pcapedit.py <cmds.searchreplace.txt 
PcapEdit - An Interactive Pcap Editor

Read 43 packets from http.cap

Replacing IP.src to '1.1.1.1' where IP.src is '145.254.160.237'
     0: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     2: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     3: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     6: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     8: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    11: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    12: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    14: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    17: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    18: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    21: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    24: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    27: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    29: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    32: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    34: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    36: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    38: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    40: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    41: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
Replacing IP.dst to '1.1.1.1' where IP.dst is '145.254.160.237'
     1: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     4: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     5: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     7: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     9: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    10: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    13: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    15: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    16: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    19: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    20: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    22: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    23: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    25: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    26: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    28: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    30: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    31: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    33: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    35: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    37: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    39: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    42: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)

Replacing IP.src to '2.2.2.2' where IP.src is '65.208.228.223'
     1: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     4: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     5: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     7: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     9: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    10: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    13: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    15: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    19: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    20: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    22: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    28: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    30: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    31: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    33: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    37: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    39: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    42: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
Replacing IP.dst to '2.2.2.2' where IP.dst is '65.208.228.223'
     0: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     2: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     3: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     6: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     8: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    11: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    14: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    18: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    21: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    24: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    29: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    32: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    34: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    38: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    40: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    41: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)

     0: 2004/05/13 03:17:07            1.1.1.1:3372 -> 2.2.2.2:80              TCP S
     1: 2004/05/13 03:17:08              2.2.2.2:80 -> 1.1.1.1:3372            TCP SA
     2: 2004/05/13 03:17:08            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
     3: 2004/05/13 03:17:08            1.1.1.1:3372 -> 2.2.2.2:80              TCP PA (479 bytes)
     4: 2004/05/13 03:17:08              2.2.2.2:80 -> 1.1.1.1:3372            TCP A
     5: 2004/05/13 03:17:08              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
     6: 2004/05/13 03:17:09            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
     7: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
     8: 2004/05/13 03:17:09            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
     9: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    10: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (1380 bytes)
    11: 2004/05/13 03:17:09            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    12: 2004/05/13 03:17:09            1.1.1.1:3009 -> 145.253.2.203:53        UDP (47 bytes)
    13: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    14: 2004/05/13 03:17:10            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    15: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    16: 2004/05/13 03:17:10        145.253.2.203:53 -> 1.1.1.1:3009            UDP (146 bytes)
    17: 2004/05/13 03:17:10            1.1.1.1:3371 -> 216.239.59.99:80        TCP PA (721 bytes)
    18: 2004/05/13 03:17:10            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    19: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    20: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (1380 bytes)
    21: 2004/05/13 03:17:10            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    22: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    23: 2004/05/13 03:17:10        216.239.59.99:80 -> 1.1.1.1:3371            TCP A
    24: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    25: 2004/05/13 03:17:11        216.239.59.99:80 -> 1.1.1.1:3371            TCP PA (1430 bytes)
    26: 2004/05/13 03:17:11        216.239.59.99:80 -> 1.1.1.1:3371            TCP PA (160 bytes)
    27: 2004/05/13 03:17:11            1.1.1.1:3371 -> 216.239.59.99:80        TCP A
    28: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (1380 bytes)
    29: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    30: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    31: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    32: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    33: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    34: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    35: 2004/05/13 03:17:12        216.239.59.99:80 -> 1.1.1.1:3371            TCP PA (1430 bytes)
    36: 2004/05/13 03:17:12            1.1.1.1:3371 -> 216.239.59.99:80        TCP A
    37: 2004/05/13 03:17:12              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (424 bytes)
    38: 2004/05/13 03:17:12            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    39: 2004/05/13 03:17:25              2.2.2.2:80 -> 1.1.1.1:3372            TCP FA
    40: 2004/05/13 03:17:25            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    41: 2004/05/13 03:17:37            1.1.1.1:3372 -> 2.2.2.2:80              TCP FA
    42: 2004/05/13 03:17:37              2.2.2.2:80 -> 1.1.1.1:3372            TCP A

Wrote 43 packet(s) to http.mod.cap
$

Credits:

pcapedit's People

Contributors

7h3ram avatar bitdeli-chef avatar phreakocious avatar priyamtyagi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

ruanmuller amarnathpg sjroot anr2me phreakocious shaakha priyamtyagi nitay-bachrach cybort rahmiy pythonmaster41 x00itachi gr3yr0n1n spriggsy

pcapedit's Issues

Code cleanup

  1. Remove manual checks and instead iterate over protocol fields list
  2. Add a global list of supported protocols
  3. Add more checks for parsing of cmdline input

Better it should have multi packet edit

Hi 7h3rAm,

It is better if your tool has multi-packet edit. Something like, if the user wants to change/replace a particular IP or Port, they should replicate all over the pcap as per the requirement matches.

I will also try to make changes.

-itachi

GUI for this tool

Seems like, people are more interested to use GUI rather than CLI.

-itachi

string match on packets

Hi 7h3rAm,

It is better to have a string matching on packets. whenever a user searches for a string/bytes, it should display matching packet/s.

Even if we have a string search in a particular field, that would be even better.

-itachi

Adding or removing headers

Instead of modifying existing header fields, we should have an option to add new header field like, adding or removing VLAN headers.

-itachi

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.