scapy.layers.http

HTTP 1.0 layer.

Load using:

from scapy.layers.http import *

Or (console only):

>>> load_layer("http")

Note that this layer ISN’T loaded by default, as quite experimental for now.

To follow HTTP packets streams = group packets together to get the whole request/answer, use TCPSession as:

>>> sniff(session=TCPSession)  # Live on-the-flow session
>>> sniff(offline="./http_chunk.pcap", session=TCPSession)  # pcap

This will decode HTTP packets using Content_Length or chunks, and will also decompress the packets when needed. Note: on failure, decompression will be ignored.

You can turn auto-decompression/auto-compression off with:

>>> conf.contribs["http"]["auto_compression"] = False

(Defaults to True)

You can also turn auto-chunking/dechunking off with:

>>> conf.contribs["http"]["auto_chunk"] = False

(Defaults to True)

class scapy.layers.http.HTTP(_pkt, /)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.http.HTTP'>, <class 'scapy.packet.Packet'>]
clsreq[source]

alias of HTTPRequest

clsresp[source]

alias of HTTPResponse

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = []
guess_payload_class(payload)[source]

Decides if the payload is an HTTP Request or Response, or something else.

hdr = b'HTTP'
reqmethods = b'OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT'
show_indent = 0
classmethod tcp_reassemble(data, metadata, session)[source]
class scapy.layers.http.HTTPRequest(_pkt, /, *, Method=b'GET', Path=b'/', Http_Version=b'HTTP/1.1', A_IM=None, Accept=None, Accept_Charset=None, Accept_Datetime=None, Accept_Encoding=None, Accept_Language=None, Access_Control_Request_Headers=None, Access_Control_Request_Method=None, Authorization=None, Cache_Control=None, Connection=None, Content_Length=None, Content_MD5=None, Content_Type=None, Cookie=None, DNT=None, Date=None, Expect=None, Forwarded=None, From=None, Front_End_Https=None, HTTP2_Settings=None, Host=None, If_Match=None, If_Modified_Since=None, If_None_Match=None, If_Range=None, If_Unmodified_Since=None, Keep_Alive=None, Max_Forwards=None, Origin=None, Permanent=None, Pragma=None, Proxy_Authorization=None, Proxy_Connection=None, Range=None, Referer=None, Save_Data=None, TE=None, Upgrade=None, Upgrade_Insecure_Requests=None, User_Agent=None, Via=None, Warning=None, X_ATT_DeviceId=None, X_Correlation_ID=None, X_Csrf_Token=None, X_Forwarded_For=None, X_Forwarded_Host=None, X_Forwarded_Proto=None, X_Http_Method_Override=None, X_Request_ID=None, X_Requested_With=None, X_UIDH=None, X_Wap_Profile=None, Unknown_Headers=None)[source]

Bases: _HTTPContent

aliastypes = [<class 'scapy.layers.http.HTTPRequest'>, <class 'scapy.layers.http._HTTPContent'>, <class 'scapy.packet.Packet'>]
do_dissect(s)[source]

From the HTTP packet string, populate the scapy object

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<_HTTPHeaderField (HTTPRequest).Method>, <_HTTPHeaderField (HTTPRequest).Path>, <_HTTPHeaderField (HTTPRequest).Http_Version>, <_HTTPHeaderField (HTTPRequest).A_IM>, <_HTTPHeaderField (HTTPRequest).Accept>, <_HTTPHeaderField (HTTPRequest).Accept_Charset>, <_HTTPHeaderField (HTTPRequest).Accept_Datetime>, <_HTTPHeaderField (HTTPRequest).Accept_Encoding>, <_HTTPHeaderField (HTTPRequest).Accept_Language>, <_HTTPHeaderField (HTTPRequest).Access_Control_Request_Headers>, <_HTTPHeaderField (HTTPRequest).Access_Control_Request_Method>, <_HTTPHeaderField (HTTPRequest).Authorization>, <_HTTPHeaderField (HTTPRequest).Cache_Control>, <_HTTPHeaderField (HTTPRequest).Connection>, <_HTTPHeaderField (HTTPRequest).Content_Length>, <_HTTPHeaderField (HTTPRequest).Content_MD5>, <_HTTPHeaderField (HTTPRequest).Content_Type>, <_HTTPHeaderField (HTTPRequest).Cookie>, <_HTTPHeaderField (HTTPRequest).DNT>, <_HTTPHeaderField (HTTPRequest).Date>, <_HTTPHeaderField (HTTPRequest).Expect>, <_HTTPHeaderField (HTTPRequest).Forwarded>, <_HTTPHeaderField (HTTPRequest).From>, <_HTTPHeaderField (HTTPRequest).Front_End_Https>, <_HTTPHeaderField (HTTPRequest).HTTP2_Settings>, <_HTTPHeaderField (HTTPRequest).Host>, <_HTTPHeaderField (HTTPRequest).If_Match>, <_HTTPHeaderField (HTTPRequest).If_Modified_Since>, <_HTTPHeaderField (HTTPRequest).If_None_Match>, <_HTTPHeaderField (HTTPRequest).If_Range>, <_HTTPHeaderField (HTTPRequest).If_Unmodified_Since>, <_HTTPHeaderField (HTTPRequest).Keep_Alive>, <_HTTPHeaderField (HTTPRequest).Max_Forwards>, <_HTTPHeaderField (HTTPRequest).Origin>, <_HTTPHeaderField (HTTPRequest).Permanent>, <_HTTPHeaderField (HTTPRequest).Pragma>, <_HTTPHeaderField (HTTPRequest).Proxy_Authorization>, <_HTTPHeaderField (HTTPRequest).Proxy_Connection>, <_HTTPHeaderField (HTTPRequest).Range>, <_HTTPHeaderField (HTTPRequest).Referer>, <_HTTPHeaderField (HTTPRequest).Save_Data>, <_HTTPHeaderField (HTTPRequest).TE>, <_HTTPHeaderField (HTTPRequest).Upgrade>, <_HTTPHeaderField (HTTPRequest).Upgrade_Insecure_Requests>, <_HTTPHeaderField (HTTPRequest).User_Agent>, <_HTTPHeaderField (HTTPRequest).Via>, <_HTTPHeaderField (HTTPRequest).Warning>, <_HTTPHeaderField (HTTPRequest).X_ATT_DeviceId>, <_HTTPHeaderField (HTTPRequest).X_Correlation_ID>, <_HTTPHeaderField (HTTPRequest).X_Csrf_Token>, <_HTTPHeaderField (HTTPRequest).X_Forwarded_For>, <_HTTPHeaderField (HTTPRequest).X_Forwarded_Host>, <_HTTPHeaderField (HTTPRequest).X_Forwarded_Proto>, <_HTTPHeaderField (HTTPRequest).X_Http_Method_Override>, <_HTTPHeaderField (HTTPRequest).X_Request_ID>, <_HTTPHeaderField (HTTPRequest).X_Requested_With>, <_HTTPHeaderField (HTTPRequest).X_UIDH>, <_HTTPHeaderField (HTTPRequest).X_Wap_Profile>, <_HTTPHeaderField (HTTPRequest).Unknown_Headers>]
mysummary()[source]
class scapy.layers.http.HTTPResponse(_pkt, /, *, Http_Version=b'HTTP/1.1', Status_Code=b'200', Reason_Phrase=b'OK', Accept_Patch=None, Accept_Ranges=None, Access_Control_Allow_Credentials=None, Access_Control_Allow_Headers=None, Access_Control_Allow_Methods=None, Access_Control_Allow_Origin=None, Access_Control_Expose_Headers=None, Access_Control_Max_Age=None, Age=None, Allow=None, Alt_Svc=None, Cache_Control=None, Connection=None, Content_Disposition=None, Content_Encoding=None, Content_Language=None, Content_Length=None, Content_Location=None, Content_MD5=None, Content_Range=None, Content_Security_Policy=None, Content_Type=None, Date=None, Delta_Base=None, ETag=None, Expires=None, IM=None, Keep_Alive=None, Last_Modified=None, Link=None, Location=None, P3P=None, Permanent=None, Pragma=None, Proxy_Authenticate=None, Public_Key_Pins=None, Refresh=None, Retry_After=None, Server=None, Set_Cookie=None, Status=None, Strict_Transport_Security=None, Timing_Allow_Origin=None, Tk=None, Trailer=None, Transfer_Encoding=None, Upgrade=None, Vary=None, Via=None, WWW_Authenticate=None, Warning=None, X_Content_Duration=None, X_Content_Security_Policy=None, X_Content_Type_Options=None, X_Correlation_ID=None, X_Frame_Options=None, X_Powered_By=None, X_Request_ID=None, X_UA_Compatible=None, X_WebKit_CSP=None, X_XSS_Protection=None, Unknown_Headers=None)[source]

Bases: _HTTPContent

aliastypes = [<class 'scapy.layers.http.HTTPResponse'>, <class 'scapy.layers.http._HTTPContent'>, <class 'scapy.packet.Packet'>]
answers(other)[source]
do_dissect(s)[source]

From the HTTP packet string, populate the scapy object

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<_HTTPHeaderField (HTTPResponse).Http_Version>, <_HTTPHeaderField (HTTPResponse).Status_Code>, <_HTTPHeaderField (HTTPResponse).Reason_Phrase>, <_HTTPHeaderField (HTTPResponse).Accept_Patch>, <_HTTPHeaderField (HTTPResponse).Accept_Ranges>, <_HTTPHeaderField (HTTPResponse).Access_Control_Allow_Credentials>, <_HTTPHeaderField (HTTPResponse).Access_Control_Allow_Headers>, <_HTTPHeaderField (HTTPResponse).Access_Control_Allow_Methods>, <_HTTPHeaderField (HTTPResponse).Access_Control_Allow_Origin>, <_HTTPHeaderField (HTTPResponse).Access_Control_Expose_Headers>, <_HTTPHeaderField (HTTPResponse).Access_Control_Max_Age>, <_HTTPHeaderField (HTTPResponse).Age>, <_HTTPHeaderField (HTTPResponse).Allow>, <_HTTPHeaderField (HTTPResponse).Alt_Svc>, <_HTTPHeaderField (HTTPResponse).Cache_Control>, <_HTTPHeaderField (HTTPResponse).Connection>, <_HTTPHeaderField (HTTPResponse).Content_Disposition>, <_HTTPHeaderField (HTTPResponse).Content_Encoding>, <_HTTPHeaderField (HTTPResponse).Content_Language>, <_HTTPHeaderField (HTTPResponse).Content_Length>, <_HTTPHeaderField (HTTPResponse).Content_Location>, <_HTTPHeaderField (HTTPResponse).Content_MD5>, <_HTTPHeaderField (HTTPResponse).Content_Range>, <_HTTPHeaderField (HTTPResponse).Content_Security_Policy>, <_HTTPHeaderField (HTTPResponse).Content_Type>, <_HTTPHeaderField (HTTPResponse).Date>, <_HTTPHeaderField (HTTPResponse).Delta_Base>, <_HTTPHeaderField (HTTPResponse).ETag>, <_HTTPHeaderField (HTTPResponse).Expires>, <_HTTPHeaderField (HTTPResponse).IM>, <_HTTPHeaderField (HTTPResponse).Keep_Alive>, <_HTTPHeaderField (HTTPResponse).Last_Modified>, <_HTTPHeaderField (HTTPResponse).Link>, <_HTTPHeaderField (HTTPResponse).Location>, <_HTTPHeaderField (HTTPResponse).P3P>, <_HTTPHeaderField (HTTPResponse).Permanent>, <_HTTPHeaderField (HTTPResponse).Pragma>, <_HTTPHeaderField (HTTPResponse).Proxy_Authenticate>, <_HTTPHeaderField (HTTPResponse).Public_Key_Pins>, <_HTTPHeaderField (HTTPResponse).Refresh>, <_HTTPHeaderField (HTTPResponse).Retry_After>, <_HTTPHeaderField (HTTPResponse).Server>, <_HTTPHeaderField (HTTPResponse).Set_Cookie>, <_HTTPHeaderField (HTTPResponse).Status>, <_HTTPHeaderField (HTTPResponse).Strict_Transport_Security>, <_HTTPHeaderField (HTTPResponse).Timing_Allow_Origin>, <_HTTPHeaderField (HTTPResponse).Tk>, <_HTTPHeaderField (HTTPResponse).Trailer>, <_HTTPHeaderField (HTTPResponse).Transfer_Encoding>, <_HTTPHeaderField (HTTPResponse).Upgrade>, <_HTTPHeaderField (HTTPResponse).Vary>, <_HTTPHeaderField (HTTPResponse).Via>, <_HTTPHeaderField (HTTPResponse).WWW_Authenticate>, <_HTTPHeaderField (HTTPResponse).Warning>, <_HTTPHeaderField (HTTPResponse).X_Content_Duration>, <_HTTPHeaderField (HTTPResponse).X_Content_Security_Policy>, <_HTTPHeaderField (HTTPResponse).X_Content_Type_Options>, <_HTTPHeaderField (HTTPResponse).X_Correlation_ID>, <_HTTPHeaderField (HTTPResponse).X_Frame_Options>, <_HTTPHeaderField (HTTPResponse).X_Powered_By>, <_HTTPHeaderField (HTTPResponse).X_Request_ID>, <_HTTPHeaderField (HTTPResponse).X_UA_Compatible>, <_HTTPHeaderField (HTTPResponse).X_WebKit_CSP>, <_HTTPHeaderField (HTTPResponse).X_XSS_Protection>, <_HTTPHeaderField (HTTPResponse).Unknown_Headers>]
mysummary()[source]
class scapy.layers.http.HTTPS_Server(self, debug: int = 0, store: int = 0, session: Any = None, **kargs: Any)[source]

Bases: HTTP_Server

HTTPS server automaton

This has the same arguments and attributes as HTTP_Server, with the addition of:

Parameters:

  • sslcontext – an optional SSLContext object. If used, key is ignored but cert can still be used for channel bindings.

  • cert – path to the certificate

  • key – path to the key

  • require_cbt – require Channel Bindings to be valid

actions: Dict[str, List[_StateWrapper]] = {'allow_reauth': [], 'auth_eof': [], 'new_request': [], 'received_unauthenticated': [], 'serve_eof': [], 'should_authenticate': []}
conditions: Dict[str, List[_StateWrapper]] = {'AUTH': [], 'AUTH_ERROR': [<function HTTP_Server.allow_reauth>], 'BEGIN': [], 'CLOSED': [], 'ERROR': [], 'SERVE': []}
eofs: Dict[str, _StateWrapper] = {'AUTH': <function HTTP_Server.auth_eof>, 'SERVE': <function HTTP_Server.serve_eof>}
initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
ioevents: Dict[str, List[_StateWrapper]] = {'AUTH': [], 'AUTH_ERROR': [], 'BEGIN': [], 'CLOSED': [], 'ERROR': [], 'SERVE': []}
ionames: List[str] = []
iosupersockets: List[SuperSocket] = []
recv_conditions: Dict[str, List[_StateWrapper]] = {'AUTH': [<function HTTP_Server.received_unauthenticated>], 'AUTH_ERROR': [], 'BEGIN': [<function HTTP_Server.should_authenticate>], 'CLOSED': [], 'ERROR': [], 'SERVE': [<function HTTP_Server.new_request>]}
socketcls = None
states: Dict[str, _StateWrapper] = {'AUTH': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'AUTH_ERROR': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'CLOSED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ERROR': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SERVE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
stop_state: _StateWrapper | None = None
timeout: Dict[str, _TimerList] = {'AUTH': [], 'AUTH_ERROR': [], 'BEGIN': [], 'CLOSED': [], 'ERROR': [], 'SERVE': []}
class scapy.layers.http.HTTP_AUTH_MECHS(*values)[source]

Bases: Enum

BASIC = 'Basic'
NEGOTIATE = 'Negotiate'
NONE = 'NONE'
NTLM = 'NTLM'
class scapy.layers.http.HTTP_Client(mech=HTTP_AUTH_MECHS.NONE, verb=True, sslcontext=None, ssp=None, no_check_certificate=False, no_chan_bindings=False)[source]

Bases: object

A basic HTTP client

Parameters:

  • mech – one of HTTP_AUTH_MECHS

  • ssl – whether to use HTTPS or not

  • ssp – the SSP object to use for binding

  • no_check_certificate – with SSL, do not check the certificate

  • no_chan_bindings – force disable sending the channel bindings

close()[source]
request(url, data=b'', timeout=5, follow_redirects=True, http_headers={}, **headers)[source]

Perform a HTTP(s) request.

Parameters:

  • url – the full URL to connect to. e.g. https://google.com/test

  • data – the data to send as payload

  • follow_redirects – if True, request() will follow 302 return codes

  • http_headers – if specified, overwrites the HTTP headers (except Host and Path).

  • headers – any additional HTTPRequest parameter to add. e.g. Method=”POST”

sr1(req, **kwargs)[source]
class scapy.layers.http.HTTP_Server(self, debug: int = 0, store: int = 0, session: Any = None, **kargs: Any)[source]

Bases: Automaton

HTTP server automaton

Parameters:

  • ssp – the SSP to serve. If None, unauthenticated (or basic).

  • mech – the HTTP_AUTH_MECHS to use (default: NONE)

  • require_cbt – require Channel Bindings to be valid (default: False)

  • cbt_cert – the path to the certificate used for channel bindings. Useful if behind a reverse proxy. (default: None)

Other parameters:

Parameters:

  • BASIC_IDENTITIES – a dict that contains {“user”: “password”} for Basic authentication.

  • BASIC_REALM – the basic realm.

AUTH(*args: ATMT, **kargs: Any) NewStateRequested[source]
AUTH_ERROR(*args: ATMT, **kargs: Any) NewStateRequested[source]
BEGIN(*args: ATMT, **kargs: Any) NewStateRequested[source]
CLOSED(*args: ATMT, **kargs: Any) NewStateRequested[source]
ERROR(*args: ATMT, **kargs: Any) NewStateRequested[source]
SERVE(*args: ATMT, **kargs: Any) NewStateRequested[source]
actions: Dict[str, List[_StateWrapper]] = {'allow_reauth': [], 'auth_eof': [], 'new_request': [], 'received_unauthenticated': [], 'serve_eof': [], 'should_authenticate': []}
allow_reauth()[source]
answer(pkt)[source]

HTTP_server answer function.

Parameters:

pkt – a HTTPRequest packet

Returns:

a HTTPResponse packet

auth_eof()[source]
conditions: Dict[str, List[_StateWrapper]] = {'AUTH': [], 'AUTH_ERROR': [<function HTTP_Server.allow_reauth>], 'BEGIN': [], 'CLOSED': [], 'ERROR': [], 'SERVE': []}
eofs: Dict[str, _StateWrapper] = {'AUTH': <function HTTP_Server.auth_eof>, 'SERVE': <function HTTP_Server.serve_eof>}
initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
ioevents: Dict[str, List[_StateWrapper]] = {'AUTH': [], 'AUTH_ERROR': [], 'BEGIN': [], 'CLOSED': [], 'ERROR': [], 'SERVE': []}
ionames: List[str] = []
iosupersockets: List[SuperSocket] = []
new_request(pkt)[source]
pkt_cls[source]

alias of HTTP

received_unauthenticated(pkt)[source]
recv_conditions: Dict[str, List[_StateWrapper]] = {'AUTH': [<function HTTP_Server.received_unauthenticated>], 'AUTH_ERROR': [], 'BEGIN': [<function HTTP_Server.should_authenticate>], 'CLOSED': [], 'ERROR': [], 'SERVE': [<function HTTP_Server.new_request>]}
send(resp)[source]
serve_eof()[source]
should_authenticate(pkt)[source]
states: Dict[str, _StateWrapper] = {'AUTH': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'AUTH_ERROR': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'CLOSED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ERROR': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SERVE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
stop_state: _StateWrapper | None = None
timeout: Dict[str, _TimerList] = {'AUTH': [], 'AUTH_ERROR': [], 'BEGIN': [], 'CLOSED': [], 'ERROR': [], 'SERVE': []}
vprint(s='')[source]

Verbose print (if enabled)

scapy.layers.http.http_request(host, path='/', port=None, timeout=3, display=False, tls=False, verbose=0, **headers)[source]

Util to perform an HTTP request.

Parameters:

  • host – the host to connect to

  • path – the path of the request (default /)

  • port – the port (default 80/443)

  • timeout – timeout before None is returned

  • display – display the result in the default browser (default False)

  • iface – interface to use. Changing this turns on “raw”

  • headers – any additional headers passed to the request

Returns:

the HTTPResponse packet