Got a file with you & wondered if you could have the same file in a pcap with http transaction for your testing.
Now, have come up with a simple python script which can create a pcap out of a file. No more capturing of the same using wireshark or having 3 servers(client, server,sniffer) to generate the pcap. You would just need a linux with one single interface with web server running on it. As simple as that.
1. Ubuntu(Linux) server
2. apache2 web server running on port 80
3. tcpreplay suite >=3.4.4(this will have tcpprep,tcprewrite) –>http://tcpreplay.synfin.net/zip-attachment/wiki/Download/
4. tcpdump –>http://www.tcpdump.org/#latest-release
5. wget –> http://ftp.gnu.org/gnu/wget/
6. python 2.7 or greater –> comes with Ubuntu by default
Instruction to use:
1. Download file_to_pcap.py python file and save it in your Linux server
2. Make sure all the above system requirement are met and running
3. Login as root
4. For help use -h or –help option .
example: python file_to_pcap.py –help
file_to_pcap.py -i -o –src_ip –dst_ip
command lime parameters:
-i = directory path where you have placed files to convert to pcap
-o = provide path to save generated pcap
–src_ip = ip address of source you want in pcap
–dst_ip = ip address of endpoint(destination) you want in pcap
full command looks like this:
root@ubuntu:/home/xyz# python file_to_pcap.py -i /malware/raghav/input_file_dir/ -o /malware/raghav/output_pcap_dir/ –src_ip 10.2.2.2 –dst_ip 10.2.2.4
5. Once done please see the output pcap under “pcap file output directory” you specified.
Download Source code:
PS: You can modify the code to suite your requirement. If you want to generate pcap with ftp,https or any other protocol modify wget part of the code under create_pcap function and you are ready to go.
Let me know if it works for you guys…