financelkp.blogg.se - Wireshark https domain name

# this list will store all domain names in the dns packets

Step-3: Creating a function for extracting DNS resource recordsĬreate a function that extracts Domain Names from DNS packets. def filter_packets(file_path, disp_filter):Ĭapture = pyshark.FileCapture(file_path, display_filter=disp_filter)

Since Pyshark is just a wrapper of Thsark, you can even use the same filter in Wireshark as well or you can use your saved display filter from Wireshark. Step-2: Creating a display filter for interesting trafficĬreate a function that takes a file and display filter.

“ ip_address” will be used to eliminate private IP addresses since we have private IP addresses in our capture file and Virustotal does not have any idea of them.ĪLSO READ: How to analyze LDAP traffic with Wireshark - Tutorial.

“ pyshark” module will be used to extract resources from the capture file.

“ time” module will be used to create a request per 16 seconds, since we have a limit.

“ json” module will be used to convert response from the API into json format.

“ requests” module will be used to make a GET request to Virustotal API (version 2).

Step-1: Importing required Python modules For more information please read this article )

URLs from http/https requests (Unless you provide the SSL/TLS keys to Wireshark, you will not be able to obtain the URLSs from https.

Server Names (Domain Name) from TLS client hello packets.