New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TCPSession rebuild http session bug #4340
Comments
gpotter2
added a commit
to gpotter2/scapy
that referenced
this issue
Apr 27, 2024
- fixes secdev#4197 - also fixes secdev#4340: handling of HTTP reconstruction when gzip is involved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Brief description
When I tried to analyze a traffic packet, I found that TCPSession was sometimes unable to reconstruct the TCP data.
I tried to analyze why this happened. Through testing, I learned that it seems that TCPSession did not consider Retransmission.
You can notice this Retransmission TCP package in Wireshark. Wireshark also reconstructed it very well, but for TCPSession it seems to treat it as an independent TCP package (or is there a problem with HTTP's tcp_reassemble?)
I am not very familiar with the scapy framework. I can only pinpoint the general problem here. Please improve the session reconstruction function as soon as possible.
PS: I tried the latest development version, but this problem has not been improved.
Scapy version
2.5.0
Python version
3.11
Operating system
Windows10
Additional environment information
No response
How to reproduce
Actual result
Due to the influence of the Retransmission packet, there will be problems in parsing subsequent HTTP packets starting from that packet.
Expected result
Request and Response in all sessions can be parsed normally.
The following is just my guess of the possible results
Related resources
tcp.zip
The text was updated successfully, but these errors were encountered: