from dpkt.ethernet import Ethernet import dpkt import re import urllib
result = [] f = file("test.pcapng") pcap = dpkt.pcapng.Reader(f) (ts, buf) = pcap.next() while True: http_data = Ethernet(buf).data.data.data request = dpkt.http.Request(http_data) (ts, buf) = pcap.next() http_data = Ethernet(buf).data.data.data response = dpkt.http.Response(http_data) payload = urllib.unquote(request.uri) entity_body = response.entity_body if "ctf.flag " in payload: if "123456" in entity_body: result.append({"payload": payload, "result": True}) else: result.append({"payload": payload, "result": False}) try: (ts, buf) = pcap.next() except StopIteration: break number = 1 flag = "" c = 0 for y in result: [(x, h)] = re.findall("1\),(\d+).+>(\d+)", y['payload']) x, h = int(x), int(h) if x > number: number = x flag += chr(c) else: if y['result']: c = h + 1
