对于大量的数据,一般先用 Wireshark 软件先进行,然后在用 tshark 或 pyshark 分析
# 过滤出所有有uri请求的响应file_data
tshark -nr [pcap文件] -Y 'http.request.full_uri' -T fields -e http.file_data
pyshark
import pyshark
input_file = "./ant/Ant.pcapng"
pcap = pyshark.FileCapture(input_file, display_filter="http.file_data", tshark_path="F:/Wireshark/tshark.exe")
for i, packet in enumerate(pcap):
print(packet.http.file_data)
sql
import pyshark
input_file = "./ant/Ant.pcapng"
display_filter="http.request.full_uri"
pcap = pyshark.FileCapture(input_file, display_filter=display_filter, tshark_path="F:/Wireshark/tshark.exe")
uri_list = []
for i, packet in enumerate(pcap):
uri_list.append(packet.http.request_full_uri)
print(uri_list)