Skip to content

phreakocious/pcapedit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits

.gitignore

.gitignore

 
 

HTTP.py

HTTP.py

 
 

README.md

README.md

 
 

cmds.search.txt

cmds.search.txt

 
 

cmds.searchreplace.txt

cmds.searchreplace.txt

 
 

cmds.settcp.txt

cmds.settcp.txt

 
 

cmds.setudp.txt

cmds.setudp.txt

 
 

http.cap

http.cap

 
 

pcapedit.py

pcapedit.py

 
 

requirements.txt

requirements.txt

 
 

todo

todo

 
 

Repository files navigation

pcapedit

This script will help you interactively search within and edit a pcap file. Check following sample output from included command files for more details.

Usage:

$ python pcapedit.py <cmds.search.txt 
PcapEdit - An Interactive Pcap Editor

Nothing to search! Use 'analyze' first.

Read 43 packets from http.cap

search for tcp packets
Found 41 matches for search query '6 in ip.proto': 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43

search for udp packets
Found 2 matches for search query '17 in ip.proto': 13, 17

search for raw string
Found 5 matches for search query '(?i)Google in pay.load': 8, 10, 18, 26, 36

search for raw string
Incorrect searchvalue 'test' for protofield 'dns.ns', expected <type 'int'>

search for raw string
Found 19 matches for search query '.* in pay.load': 4, 6, 8, 10, 11, 14, 16, 18, 20, 21, 23, 26, 27, 29, 31, 32, 34, 36, 38

search within ether packets
Found 20 matches for search query '00:00:01:00:00:00 in ether.src': 1, 3, 4, 7, 9, 12, 13, 15, 18, 19, 22, 25, 28, 30, 33, 35, 37, 39, 41, 42
$ 
$ python pcapedit.py <cmds.searchreplace.txt 
PcapEdit - An Interactive Pcap Editor

Read 43 packets from http.cap

Replacing IP.src to '1.1.1.1' where IP.src is '145.254.160.237'
     0: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     2: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     3: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     6: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
     8: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    11: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    12: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    14: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    17: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    18: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    21: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    24: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    27: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    29: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    32: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    34: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    36: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    38: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    40: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
    41: IP.src: 145.254.160.237 -> 1.1.1.1 (coz IP.src is 145.254.160.237)
Replacing IP.dst to '1.1.1.1' where IP.dst is '145.254.160.237'
     1: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     4: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     5: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     7: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
     9: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    10: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    13: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    15: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    16: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    19: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    20: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    22: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    23: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    25: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    26: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    28: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    30: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    31: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    33: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    35: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    37: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    39: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)
    42: IP.dst: 145.254.160.237 -> 1.1.1.1 (coz IP.dst is 145.254.160.237)

Replacing IP.src to '2.2.2.2' where IP.src is '65.208.228.223'
     1: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     4: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     5: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     7: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
     9: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    10: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    13: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    15: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    19: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    20: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    22: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    28: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    30: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    31: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    33: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    37: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    39: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
    42: IP.src: 65.208.228.223 -> 2.2.2.2 (coz IP.src is 65.208.228.223)
Replacing IP.dst to '2.2.2.2' where IP.dst is '65.208.228.223'
     0: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     2: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     3: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     6: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
     8: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    11: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    14: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    18: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    21: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    24: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    29: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    32: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    34: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    38: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    40: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)
    41: IP.dst: 65.208.228.223 -> 2.2.2.2 (coz IP.dst is 65.208.228.223)

     0: 2004/05/13 03:17:07            1.1.1.1:3372 -> 2.2.2.2:80              TCP S
     1: 2004/05/13 03:17:08              2.2.2.2:80 -> 1.1.1.1:3372            TCP SA
     2: 2004/05/13 03:17:08            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
     3: 2004/05/13 03:17:08            1.1.1.1:3372 -> 2.2.2.2:80              TCP PA (479 bytes)
     4: 2004/05/13 03:17:08              2.2.2.2:80 -> 1.1.1.1:3372            TCP A
     5: 2004/05/13 03:17:08              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
     6: 2004/05/13 03:17:09            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
     7: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
     8: 2004/05/13 03:17:09            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
     9: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    10: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (1380 bytes)
    11: 2004/05/13 03:17:09            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    12: 2004/05/13 03:17:09            1.1.1.1:3009 -> 145.253.2.203:53        UDP (47 bytes)
    13: 2004/05/13 03:17:09              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    14: 2004/05/13 03:17:10            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    15: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    16: 2004/05/13 03:17:10        145.253.2.203:53 -> 1.1.1.1:3009            UDP (146 bytes)
    17: 2004/05/13 03:17:10            1.1.1.1:3371 -> 216.239.59.99:80        TCP PA (721 bytes)
    18: 2004/05/13 03:17:10            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    19: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    20: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (1380 bytes)
    21: 2004/05/13 03:17:10            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    22: 2004/05/13 03:17:10              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    23: 2004/05/13 03:17:10        216.239.59.99:80 -> 1.1.1.1:3371            TCP A
    24: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    25: 2004/05/13 03:17:11        216.239.59.99:80 -> 1.1.1.1:3371            TCP PA (1430 bytes)
    26: 2004/05/13 03:17:11        216.239.59.99:80 -> 1.1.1.1:3371            TCP PA (160 bytes)
    27: 2004/05/13 03:17:11            1.1.1.1:3371 -> 216.239.59.99:80        TCP A
    28: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (1380 bytes)
    29: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    30: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    31: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    32: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    33: 2004/05/13 03:17:11              2.2.2.2:80 -> 1.1.1.1:3372            TCP A (1380 bytes)
    34: 2004/05/13 03:17:11            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    35: 2004/05/13 03:17:12        216.239.59.99:80 -> 1.1.1.1:3371            TCP PA (1430 bytes)
    36: 2004/05/13 03:17:12            1.1.1.1:3371 -> 216.239.59.99:80        TCP A
    37: 2004/05/13 03:17:12              2.2.2.2:80 -> 1.1.1.1:3372            TCP PA (424 bytes)
    38: 2004/05/13 03:17:12            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    39: 2004/05/13 03:17:25              2.2.2.2:80 -> 1.1.1.1:3372            TCP FA
    40: 2004/05/13 03:17:25            1.1.1.1:3372 -> 2.2.2.2:80              TCP A
    41: 2004/05/13 03:17:37            1.1.1.1:3372 -> 2.2.2.2:80              TCP FA
    42: 2004/05/13 03:17:37              2.2.2.2:80 -> 1.1.1.1:3372            TCP A

Wrote 43 packet(s) to http.mod.cap
$

Credits:

About

An Interactive Pcap Editor (based on Scapy)

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%