I dont get HTTP answer with sr function. Just an A

2019-09-09 20:22发布

问题:

I am trying to send an HTTP GET request to google.com, but the answer I get is an ACK and not the HTML file. Here is the code:

def Make_Get():
        synR = IP(dst = 'www.google.com', ttl = 64)/TCP(dport = 80,sport = randint(1024,65535), flags = 'S')
        synAckAN = sr1(synR)
        req = (IP(dst='www.google.com') / TCP(dport=80, sport=synAckAN[TCP].dport, seq=synAckAN[TCP].ack, ack=synAckAN[TCP].seq + 1, flags='A')/"GET / HTTP/1.0 \n\n")

        ans, a = sr(req)
        return ans

and this are the two packets I got in return of this function:

###[ IP ]###
  version   = 4
  ihl       = None
  tos       = 0x0
  len       = None
  id        = 1
  flags     = 
  frag      = 0
  ttl       = 64
  proto     = tcp
  chksum    = None
  src       = 192.168.233.128
  dst       = 216.58.214.100
  \options   \
###[ TCP ]###
     sport     = 35534
     dport     = http
     seq       = 1
     ack       = 1964930533
     dataofs   = None
     reserved  = 0
     flags     = A
     window    = 8192
     chksum    = None
     urgptr    = 0
     options   = {}
###[ Raw ]###
        load      = 'GET / HTTP/1.0 \n\n'
None


###[ IP ]###
  version   = 4L
  ihl       = 5L
  tos       = 0x0
  len       = 40
  id        = 32226
  flags     = 
  frag      = 0L
  ttl       = 128
  proto     = tcp
  chksum    = 0x6425
  src       = 216.58.214.100
  dst       = 192.168.233.128
  \options   \
###[ TCP ]###
     sport     = http
     dport     = 35534
     seq       = 1964930533
     ack       = 18
     dataofs   = 5L
     reserved  = 0L
     flags     = A
     window    = 64240
     chksum    = 0xe5e6
     urgptr    = 0
     options   = {}
###[ Padding ]###
        load      = '\x00\x00\x00\x00\x00\x00'
None

When I sniffed the traffic while I sent this packet, I got this:

###[ Ethernet ]###
  dst= 00:0c:29:bb:8e:79
  src= 00:50:56:e9:b8:b1
  type= 0x800
###[ IP ]###
     version= 4L
     ihl= 5L
     tos= 0x0
     len= 517
     id= 32136
     flags= 
     frag= 0L
     ttl= 128
     proto= tcp
     chksum= 0x5004
     src= 172.217.20.100
     dst= 192.168.233.128
     \options\
###[ TCP ]###
        sport= http
        dport= 1928
        seq= 1828330545
        ack= 18
        dataofs= 5L
        reserved= 0L
        flags= FPA
        window= 64240
        chksum= 0x8b5f
        urgptr= 0
        options= []
###[ HTTP ]###
###[ HTTP Response ]###
              Status-Line= u'HTTP/1.0 302 Found'
              Accept-Ranges= None
              Age= None
              E-Tag= None
              Location= u'http://www.google.co.il/?gfe_rd=cr&ei=9fiTV6P6FuWg8weei7rQDA'
              Proxy-Authenticate= None
              Retry-After= None
              Server= None
              Vary= None
              WWW-Authenticate= None
              Cache-Control= u'private'
              Connection= None
              Date= u'Sat, 23 Jul 2016 23:08:37 GMT'
              Pragma= None
              Trailer= None
              Transfer-Encoding= None
              Upgrade= None
              Via= None
              Warning= None
              Keep-Alive= None
              Allow= None
              Content-Encoding= None
              Content-Language= None
              Content-Length= u'261'
              Content-Location= None
              Content-MD5= None
              Content-Range= None
              Content-Type= u'text/html; charset=UTF-8'
              Expires= None
              Last-Modified= None
              Headers= u'Date: Sat, 23 Jul 2016 23:08:37 GMT\r\nContent-Length: 261\r\nContent-Type: text/html; charset=UTF-8\r\nLocation: http://www.google.co.il/?gfe_rd=cr&ei=9fiTV6P6FuWg8weei7rQDA\r\nCache-Control: private'
              Additional-Headers= None
###[ Raw ]###
                 load= '<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">\n<TITLE>302 Moved</TITLE></HEAD><BODY>\n<H1>302 Moved</H1>\nThe document has moved\n<A HREF="http://www.google.co.il/?gfe_rd=cr&amp;ei=9fiTV6P6FuWg8weei7rQDA">here</A>.\r\n</BODY></HTML>\r\n'

As you can see, the last layer in this one, contain the code I need.

my question is:

Why don't I get the packet with sr() and how can I obtain it to collect the HTML code?

EDIT:

The call to the function:

print Make_Get('www.google.com')[0][Raw]

The function:

def Make_Get(ipp):
        ip = DNS_Req(ipp)
        synR = IP(dst = ip)/TCP(dport = 80,sport = randint(1024,65535), flags = 'S')
        syn_ack = sr1(synR)
        getStr = "GET / HTTP/1.1\r\nHost: {}\r\n\r\n".format(ip)
        request = (IP(dst= ip) / TCP(dport=80, sport=syn_ack[TCP].dport, seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='A')/getStr)
        an = sr(request)
        return an

The resuls:

    Begin emission:
.Finished to send 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
Begin emission:
*Finished to send 1 packets.

Received 1 packets, got 1 answers, remaining 0 packets
[]

回答1:

First, in HTTP, a correct newline is "\r\n", not "\n".

Second, is there any reason why you use HTTP/1.0 and not HTTP/1.1? If not, you should change your request to:

GET / HTTP/1.1\r\n
Host: www.google.com\r\n
\r\n

Third, the ACK you are getting is usually sent by the server before sending the actual HTTP response to acknowledge your request faster. A second segment is then sent with the HTTP response. You are missing this one in your first show() example.

Have a look here.

To catch this segment, you can use sr() function with its parameter timeout and multi:

ans, unans = sr(request, timeout=2, multi=True)

for c, s in ans:
    if s.haslayer(Raw):
        print b[Raw]
    print("-----------") # just a delimiter

timeout is used to ensure that sr() will stop (value 2 is arbitrary). multi mean "accept multiple answers for the same stimulus" unless it is there, sr() will stop sniffing after one answer to the request sent.



标签: http get scapy