Raw load found, how to access?

python scapy payload
20,857

You can do:

data = packet[Raw].load
Share:
20,857
Colabambino
Author by

Colabambino

Security plzzzzzzz

Updated on May 12, 2020

Comments

  • Colabambino
    Colabambino almost 4 years

    To start off, I have read through other raw answers pertaining to scapy on here, however none have been useful, maybe I am just doing something wrong and thats what has brought me here today.

    So, for starters, I have a pcap file, which started corrupted with some retransmissions, to my belief I have gotten it back to gether correctly.

    It contains Radiotap header, IEEE 802.11 (dot11), logical-link control, IPv4, UDP, and DNS.

    To my understanding, the udp packets being transmitted hold this raw data, however, do to a some recent quirks, maybe the raw is in Radiotap/raw.

    Using scapy, I'm iterating through the packets, and when a packet with the Raw layer is found, I am using the .show() function of scapy to view it.

    As such, I can see that there is a raw load available

    ###[ Raw ]###
 \load      \
  |###[ Raw ]###
  |  load      = '@\x00\x00\x00\xff\xff\xff\xff\xff\xff\x10h?'

    So, I suppose my question is, how can I capture this payload to receive whatever this may be, To my knowledge the load is supposed to be an image file, however I have trouble believing such, so I assume I have misstepped somewhere.

    Here is the code I'm using to achieve the above result

    from scapy.all import *
from scapy.utils import *


pack = rdpcap('/home/username/Downloads/new.pcap')
for packet in pack:
    if packet.getlayer(Raw):
        print '[+] Found Raw' + '\n'
        l = packet.getlayer(Raw)
        rawr = Raw(l)
        rawr.show()

    Any help, or insight for further reading would be appreciated, I am new to scapy and no expert in packet dissection.

    *Side note, previously I had tried (using separate code and server) to replay the packets and send them to myself, to no avail. However I feel thats due to my lack of knowledge in receipt of UDP packets.

    UPDATES - I have now tested my pcap file with a scapy reassembler, and I've confirmed I have no fragmented packets, or anything of the sort, so I assume all should go smoothly... Upon opening my pcap in wireshark, I can see that there are retransmissions, but I'm not sure how much that will affect my goals since no fragmentation occurred?

    Also, I have tried the getlayer(Raw).load, if I use print on it I get some gibberish to the screen, I'm assuming its the data to my would-be-image, however I need to now get it into a usable format.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Scapy SYN send on our own IP address
python/scapy mac flooding script
How to install python-scapy centos?
Passing a Python string into JSON payload
How to Derive the TSVal and TSecr TCP option fields using python?
Converting hex string to packet in Scapy
python/scapy DNS sniffer and parser
sniff traffic on a particular port using scapy
import error: no module named dns.query
how to add http headers to a packet sniffed using scapy