scapy.layers.http module

HTTP 1.0 layer.

Load using: >>> load_layer(“http”) Note that this layer ISN’T loaded by default, as quite experimental for now.

To follow HTTP packets streams = group packets together to get the whole request/answer, use TCPSession as: >>> sniff(session=TCPSession) # Live on-the-flow session >>> sniff(offline=”./http_chunk.pcap”, session=TCPSession) # pcap

This will decode HTTP packets using Content_Length or chunks, and will also decompress the packets when needed. Note: on failure, decompression will be ignored.

You can turn auto-decompression/auto-compression off with: >>> conf.contribs[“http”][“auto_compression”] = True

class scapy.layers.http.HTTP

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.http.HTTP'>, <class 'scapy.packet.Packet'>]
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc = []
guess_payload_class(payload)

Decides if the payload is an HTTP Request or Response, or something else.

show_indent = 0
classmethod tcp_reassemble(data, metadata)
class scapy.layers.http.HTTPRequest

Bases: scapy.layers.http._HTTPContent

aliastypes = [<class 'scapy.layers.http.HTTPRequest'>, <class 'scapy.layers.http._HTTPContent'>, <class 'scapy.packet.Packet'>]
do_dissect(s)

From the HTTP packet string, populate the scapy object

fields_desc = [<Field (HTTPRequest).Method>, <Field (HTTPRequest).Path>, <Field (HTTPRequest).Http_Version>, <Field (HTTPRequest).A_IM>, <Field (HTTPRequest).Accept>, <Field (HTTPRequest).Accept_Charset>, <Field (HTTPRequest).Accept_Datetime>, <Field (HTTPRequest).Accept_Encoding>, <Field (HTTPRequest).Accept_Language>, <Field (HTTPRequest).Access_Control_Request_Headers>, <Field (HTTPRequest).Access_Control_Request_Method>, <Field (HTTPRequest).Authorization>, <Field (HTTPRequest).Cache_Control>, <Field (HTTPRequest).Connection>, <Field (HTTPRequest).Content_Length>, <Field (HTTPRequest).Content_MD5>, <Field (HTTPRequest).Content_Type>, <Field (HTTPRequest).Cookie>, <Field (HTTPRequest).DNT>, <Field (HTTPRequest).Date>, <Field (HTTPRequest).Expect>, <Field (HTTPRequest).Forwarded>, <Field (HTTPRequest).From>, <Field (HTTPRequest).Front_End_Https>, <Field (HTTPRequest).HTTP2_Settings>, <Field (HTTPRequest).Host>, <Field (HTTPRequest).If_Match>, <Field (HTTPRequest).If_Modified_Since>, <Field (HTTPRequest).If_None_Match>, <Field (HTTPRequest).If_Range>, <Field (HTTPRequest).If_Unmodified_Since>, <Field (HTTPRequest).Keep_Alive>, <Field (HTTPRequest).Max_Forwards>, <Field (HTTPRequest).Origin>, <Field (HTTPRequest).Permanent>, <Field (HTTPRequest).Pragma>, <Field (HTTPRequest).Proxy_Authorization>, <Field (HTTPRequest).Proxy_Connection>, <Field (HTTPRequest).Range>, <Field (HTTPRequest).Referer>, <Field (HTTPRequest).Save_Data>, <Field (HTTPRequest).TE>, <Field (HTTPRequest).Upgrade>, <Field (HTTPRequest).Upgrade_Insecure_Requests>, <Field (HTTPRequest).Upgrade_Insecure_Requests>, <Field (HTTPRequest).User_Agent>, <Field (HTTPRequest).Via>, <Field (HTTPRequest).Warning>, <Field (HTTPRequest).X_ATT_DeviceId>, <Field (HTTPRequest).X_Correlation_ID>, <Field (HTTPRequest).X_Csrf_Token>, <Field (HTTPRequest).X_Forwarded_For>, <Field (HTTPRequest).X_Forwarded_Host>, <Field (HTTPRequest).X_Forwarded_Proto>, <Field (HTTPRequest).X_Http_Method_Override>, <Field (HTTPRequest).X_Request_ID>, <Field (HTTPRequest).X_Requested_With>, <Field (HTTPRequest).X_UIDH>, <Field (HTTPRequest).X_Wap_Profile>, <Field (HTTPRequest).Unknown_Headers>]
mysummary()

DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 mysummary() must be called if they are present.

class scapy.layers.http.HTTPResponse

Bases: scapy.layers.http._HTTPContent

aliastypes = [<class 'scapy.layers.http.HTTPResponse'>, <class 'scapy.layers.http._HTTPContent'>, <class 'scapy.packet.Packet'>]
answers(other)

DEV: true if self is an answer from other

do_dissect(s)

From the HTTP packet string, populate the scapy object

fields_desc = [<Field (HTTPResponse).Http_Version>, <Field (HTTPResponse).Status_Code>, <Field (HTTPResponse).Reason_Phrase>, <Field (HTTPResponse).Accept_Patch>, <Field (HTTPResponse).Accept_Ranges>, <Field (HTTPResponse).Access_Control_Allow_Credentials>, <Field (HTTPResponse).Access_Control_Allow_Headers>, <Field (HTTPResponse).Access_Control_Allow_Methods>, <Field (HTTPResponse).Access_Control_Allow_Origin>, <Field (HTTPResponse).Access_Control_Expose_Headers>, <Field (HTTPResponse).Access_Control_Max_Age>, <Field (HTTPResponse).Age>, <Field (HTTPResponse).Allow>, <Field (HTTPResponse).Alt_Svc>, <Field (HTTPResponse).Cache_Control>, <Field (HTTPResponse).Connection>, <Field (HTTPResponse).Content_Disposition>, <Field (HTTPResponse).Content_Encoding>, <Field (HTTPResponse).Content_Language>, <Field (HTTPResponse).Content_Length>, <Field (HTTPResponse).Content_Location>, <Field (HTTPResponse).Content_MD5>, <Field (HTTPResponse).Content_Range>, <Field (HTTPResponse).Content_Security_Policy>, <Field (HTTPResponse).Content_Type>, <Field (HTTPResponse).Date>, <Field (HTTPResponse).Delta_Base>, <Field (HTTPResponse).ETag>, <Field (HTTPResponse).Expires>, <Field (HTTPResponse).IM>, <Field (HTTPResponse).Keep_Alive>, <Field (HTTPResponse).Last_Modified>, <Field (HTTPResponse).Link>, <Field (HTTPResponse).Location>, <Field (HTTPResponse).P3P>, <Field (HTTPResponse).Permanent>, <Field (HTTPResponse).Permanent>, <Field (HTTPResponse).Pragma>, <Field (HTTPResponse).Proxy_Authenticate>, <Field (HTTPResponse).Public_Key_Pins>, <Field (HTTPResponse).Refresh>, <Field (HTTPResponse).Retry_After>, <Field (HTTPResponse).Server>, <Field (HTTPResponse).Set_Cookie>, <Field (HTTPResponse).Status>, <Field (HTTPResponse).Strict_Transport_Security>, <Field (HTTPResponse).Timing_Allow_Origin>, <Field (HTTPResponse).Tk>, <Field (HTTPResponse).Trailer>, <Field (HTTPResponse).Transfer_Encoding>, <Field (HTTPResponse).Upgrade>, <Field (HTTPResponse).Vary>, <Field (HTTPResponse).Via>, <Field (HTTPResponse).WWW_Authenticate>, <Field (HTTPResponse).Warning>, <Field (HTTPResponse).X_Content_Duration>, <Field (HTTPResponse).X_Content_Security_Policy>, <Field (HTTPResponse).X_Content_Type_Options>, <Field (HTTPResponse).X_Correlation_ID>, <Field (HTTPResponse).X_Frame_Options>, <Field (HTTPResponse).X_Powered_By>, <Field (HTTPResponse).X_Request_ID>, <Field (HTTPResponse).X_UA_Compatible>, <Field (HTTPResponse).X_WebKit_CSP>, <Field (HTTPResponse).X_XSS_Protection>, <Field (HTTPResponse).Unknown_Headers>]
mysummary()

DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 mysummary() must be called if they are present.

scapy.layers.http.http_request(host, path='/', port=80, timeout=3, display=False, verbose=None, **headers)

Util to perform an HTTP request, using the TCP_client.

Parameters:
  • host – the host to connect to
  • path – the path of the request (default /)
  • port – the port (default 80)
  • timeout – timeout before None is returned
  • display – display the resullt in the default browser (default False)
  • headers – any additional headers passed to the request
Returns:

the HTTPResponse packet