Reassembling Sniffed Firmware or a Binary With Scapy
[url]https://www.openrce.org/blog/view/1146/Reassembling_Sniffed_Firmware_or_a_Binary_With_Scapy[/url]Author: apridgen # Views: 315
So, I got bored one night (or morning depending on your perspective), and I decided to sniff the firmware upgrade process for my network printer, Fun! :) I used Wireshark (yeah my tcpdump foo is bar) to isolate the TCP stream between the VM upgrading the firmware and the printer and saved the pcap.
I have been meaning to play with Scapy for quite some time, so I fired up ipython and in about 20 minutes I had a quick script to extract the data I needed. The script is pretty basic and may not work in all cases, but I figured I'd document somewhere just in case or someone else might need it in the future.
# IP Address of the VM sending the upgrade
src="192.168.44.128"
f = "captured_firmware_upgrade.pcap"
pcap = rdpcap(f)
data = ""
for packet in pcap:
il = packet.getlayer("IP")
if il.src != src:
continue
tl = packet.getlayer("TCP")
# check for data in the payload, if not skip the packet
if isinstance(tl.payload,scapy.NoPayload):
continue
data += str(tl.payload)
# write our raw data file
f = open("raw_data.dat", 'w')
f.write(data)
f.close()
Hope it helps someone in the future :) 问题是要分析重传、IP重组之类的,否则重组出来的东东岂非非常不可靠
页:
[1]