'how do i change the payload in a pcap file with python
i am trying to change the payload in a *.pcap file with python without success. for example, after reading the first packet as show in the code attached ,i try to replace the "test" word in the sip invite message with "tttt" and than write it to new pcap file. clearly i am doing something wrong. can someone show me example how to do it? thanks, eli.
from scapy.all import rdpcap
from scapy.all import wrpcap
get_index = 0
pkts_list = rdpcap(r'c:\tmp\old.pcap')
num_of_pkts = len(pkts_list)
pkt = pkts_list[0]['Raw'].show()
if bytes("test", 'utf-8') not in pkts_list.res[0].original:
print("no")
else:
print("yes")
print(pkts_list.res[0].original)
pkts_list.res[0].original = pkts_list.res[0].original.replace(bytes("test", encoding='utf-8'), bytes("tttt", encoding='utf-8'))
print(pkts_list.res[0].original)
wrpcap(r'C:\tmp\new.pcap', pkts_list, append=True, sync=True)
> 0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ..............E.
0010 01 ea ed 85 40 00 40 11 33 5b 0a 00 02 14 0a 00 ....@[email protected][......
0020 02 0f 13 c4 13 c4 01 d6 1a 0a 49 4e 56 49 54 45 ..........INVITE
0030 20 73 69 70 3a 74 65 73 74 40 31 30 2e 30 2e 32 sip:[email protected]
0040 2e 31 35 3a 35 30 36 30 20 53 49 50 2f 32 2e 30 .15:5060 SIP/2.0
0050 0d 0a 56 69 61 3a 20 53 49 50 2f 32 2e 30 2f 55 ..Via: SIP/2.0/U
0060 44 50 20 31 30 2e 30 2e 32 2e 32 30 3a 35 30 36 DP 10.0.2.20:506
0070 30 3b 62 72 61 6e 63 68 3d 7a 39 68 47 34 62 4b 0;branch=z9hG4bK
0080 2d 32 34 34 31 31 2d 31 2d 30 0d 0a 46 72 6f 6d -24411-1-0..From
0090 3a 20 22 47 37 32 39 2f 38 30 30 30 22 20 3c 73 : "G729/8000" <s
00a0 69 70 3a 73 69 70 70 40 31 30 2e 30 2e 32 2e 32 ip:[email protected]
00b0 30 3a 35 30 36 30 3e 3b 74 61 67 3d 31 0d 0a 54 0:5060>;tag=1..T
00c0 6f 3a 20 74 65 73 74 20 3c 73 69 70 3a 74 65 73 o: test <sip:tes
00d0 74 40 31 30 2e 30 2e 32 2e 31 35 3a 35 30 36 30 [email protected]:5060
00e0 3e 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 2d 32 34 >..Call-ID: 1-24
00f0 34 31 31 40 31 30 2e 30 2e 32 2e 32 30 0d 0a 43 [email protected]
0100 53 65 71 3a 20 31 20 49 4e 56 49 54 45 0d 0a 43 Seq: 1 INVITE..C
0110 6f 6e 74 61 63 74 3a 20 73 69 70 3a 73 69 70 70 ontact: sip:sipp
0120 40 31 30 2e 30 2e 32 2e 32 30 3a 35 30 36 30 0d @10.0.2.20:5060.
0130 0a 4d 61 78 2d 46 6f 72 77 61 72 64 73 3a 20 37 .Max-Forwards: 7
0140 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 0..Content-Type:
0150 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 73 64 70 application/sdp
0160 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 ..Content-Length
0170 3a 20 20 20 31 32 35 0d 0a 0d 0a 76 3d 30 0d 0a : 125....v=0..
0180 6f 3d 2d 20 34 32 20 34 32 20 49 4e 20 49 50 34 o=- 42 42 IN IP4
0190 20 31 30 2e 30 2e 32 2e 32 30 0d 0a 73 3d 2d 0d 10.0.2.20..s=-.
01a0 0a 63 3d 49 4e 20 49 50 34 20 31 30 2e 30 2e 32 .c=IN IP4 10.0.2
01b0 2e 32 30 0d 0a 74 3d 30 20 30 0d 0a 6d 3d 61 75 .20..t=0 0..m=au
01c0 64 69 6f 20 36 30 30 30 20 52 54 50 2f 41 56 50 dio 6000 RTP/AVP
01d0 20 31 38 0d 0a 61 3d 72 74 70 6d 61 70 3a 31 38 18..a=rtpmap:18
01e0 20 47 37 32 39 2f 38 30 30 30 0d 0a 61 3d 72 65 G729/8000..a=re
01f0 63 76 6f 6e 6c 79 0d 0a cvonly..
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|