重新编译后如何获取元素?

时间:2015-05-19 11:34:13

标签: python hash filter

使用" re"我编译握手的数据如下: 

 piece_request_handshake = re.compile('13426974546f7272656e742070726f746f636f6c(?P<reserved>\w{16})(?P<info_hash>\w{40})(?P<peer_id>\w{40})')

 handshake = piece_request_handshake.findall(hex_data)

然后我打印

我无法添加图片,因为我是新的,所以这是输出: 

root@debian:/home/florian/Téléchargements# python script.py 
[('0000000000100005', '606d4759c464c8fd0d4a5d8fc7a223ed70d31d7b', '2d5452323532302d746d6e6a657a307a6d687932')]

我的问题是,我怎样才能只接受这个数据的第二部分,即&#34; hash_info&#34; (&#34; 606d47 ......&#34;)?

我已尝试使用以下行重新组: 

   print handshake.group('info_hash')

但结果是错误(对不起,我无法显示屏幕......): 

*root@debian:/home/florian/Téléchargements# python script.py 
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
    self.run()
  File "script.py", line 122, in run
    self.p.dispatch(0, PieceRequestSniffer.cb)
  File "script.py", line 82, in cb
    print handshake.group('info_hash')
AttributeError: 'list' object has no attribute 'group'*

这是好奇的完整代码的开头:

import pcapy
import dpkt
from threading import Thread
import re
import binascii
import socket
import time

liste=[]
prefix = '13426974546f7272656e742070726f746f636f6c'
hash_code = re.compile('%s(?P<reserved>\w{16})(?P<info_hash>\w{40})(?P<peer_id>\w{40})' % prefix)
match = hash_code.match()
piece_request_handshake = re.compile('13426974546f7272656e742070726f746f636f6c(?P<aaa>\w{16})(?P<bbb>\w{40})(?P<ccc>\w{40})')
piece_request_tcpclose = re.compile('(?P<start>\w{12})5011')


#-----------------------------------------------------------------INIT------------------------------------------------------------

class PieceRequestSniffer(Thread):
    def __init__(self, dev='eth0'):
        Thread.__init__(self)

        self.expr = 'udp or tcp'

        self.maxlen = 65535  # max size of packet to capture
        self.promiscuous = 1  # promiscuous mode?
        self.read_timeout = 100  # in milliseconds
        self.max_pkts = -1  # number of packets to capture; -1 => no limit

        self.active = True
        self.p = pcapy.open_live(dev, self.maxlen, self.promiscuous, self.read_timeout)
        self.p.setfilter(self.expr)

    @staticmethod
    def cb(hdr, data):

        eth = dpkt.ethernet.Ethernet(str(data))
        ip = eth.data



#------------------------------------------------------IPV4 AND TCP PACKETS ONLY---------------------------------------------------           



            #Select Ipv4 packets because of problem with the .p in Ipv6
        if eth.type == dpkt.ethernet.ETH_TYPE_IP6:
            return
        else:

            #Select only TCP protocols
            if ip.p == dpkt.ip.IP_PROTO_TCP:
                tcp = ip.data

                src_ip = socket.inet_ntoa(ip.src)
                dst_ip = socket.inet_ntoa(ip.dst)

                fin_flag = ( tcp.flags & dpkt.tcp.TH_FIN ) != 0
                #if fin_flag:
                    #print "TH_FIN src:%s dst:%s" % (src_ip,dst_ip)




                try:
                    #Return hexadecimal representation
                    hex_data = binascii.hexlify(tcp.data)
                except:
                    return



#-----------------------------------------------------------HANDSHAKE-------------------------------------------------------------




                handshake = piece_request_handshake.findall(hex_data)
                if handshake and (src_ip+" "+dst_ip) not in liste and (dst_ip+" "+src_ip) not in liste and handshake != '':
                    liste.append(src_ip+" "+dst_ip)
                    print match.group('info_hash')

2 个答案:

答案 0 :(得分:4)

re.findall()返回元组列表,每个元组包含与重新模式中的命名组对应的匹配字符串。此示例(使用简化模式)演示了您可以使用索引来访问所需的项目:

import re

prefix = 'prefix'
pattern = re.compile('%s(?P<reserved>\w{4})(?P<info_hash>\w{10})(?P<peer_id>\w{10})' % prefix)
handshake = 'prefix12341234567890ABCDEF1234'    # sniffed data
match = pattern.findall(handshake)

>>> print match
[('1234', '1234567890', 'ABCDEF1234')]
>>> info_hash = match[0][1]
>>> print info_hash
1234567890

但命名组的目的是提供一种方法来按名称访问命名组的匹配值。您可以改为使用re.match()

import re

prefix = 'prefix'
pattern = re.compile('%s(?P<reserved>\w{4})(?P<info_hash>\w{10})(?P<peer_id>\w{10})' % prefix)
handshake = 'prefix12341234567890ABCDEF1234'    # sniffed data
match = pattern.match(handshake)

>>> print match
<_sre.SRE_Match object at 0x7fc201efe918>
>>> print match.group('reserved')
1234
>>> print match.group('info_hash')
1234567890
>>> print match.group('peer_id')
ABCDEF1234

使用字典访问也可以使用这些值:

>>> d = match.groupdict()
>>> d
{'peer_id': 'ABCDEF1234', 'reserved': '1234', 'info_hash': '1234567890'}
>>> d['info_hash']
'1234567890'

最后,如果输入数据中有多个握手序列,您可以使用re.finditer()

import re

prefix = 'prefix'
pattern = re.compile('%s(?P<reserved>\w{4})(?P<info_hash>\w{10})(?P<peer_id>\w{10})' % prefix)
handshake = 'blahprefix12341234567890ABCDEF1234|randomjunkprefix12349876543210ABCDEF1234,more random junkprefix1234hellothereABCDEF1234...'    # sniffed data

for match in pattern.finditer(handshake):
    print match.group('info_hash')

输出:

1234567890
9876543210
hellothere

答案 1 :(得分:1)

re.findall将返回元组列表。 group()调用适用于Match对象,由re中的其他一些函数返回:

for match in re.finditer(needle, haystack):
    print match.group('info_hash')

此外,如果您只是匹配一次握手,则可能不需要findall

相关问题
最新问题