0

I'm using python and scapy to send HTTP request to a specific URL address. After sending it, I want to read the response status code (200, 401, 404, etc.).

I used this method:

>>> syn = IP(dst='www.google.com') / TCP(dport=80, flags='S')
>>> syn_ack = sr1(syn)
>>> getStr = 'GET / HTTP/1.1\r\nHost: www.google.com\r\n\r\n'
>>> request = IP(dst='www.google.com') / TCP(dport=80, sport=syn_ack[TCP].dport, seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='A') / getStr
>>> reply = sr1(request)

For some reason, I can't see it in "reply".

Thanks for helping!

Improve this question
1
  • Could you give the output of reply.show()? Commented May 26, 2016 at 7:15

2 Answers 2

Reset to default
1

By using sr1(), you can only receive the first packet responded from server, in some cases an "empty" ACK to acknowledge the data you sent, so you cannot find the HTTP response and the response code. My suggestion is to use sr() instead of sr1(), as follows:

reply = sr(request, multi=1, timeout=2)

And this will receive all the packets including HTTP response arrived in 2 seconds, but you need to iterate over the reply packets to find the packet containing HTTP response code.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You are confusing TCP and HTTP here, the ACK segment acknowledge a TCP segment which itself contains the HTTP request, it has no knowledge of application layer. The ACK could be sent in the same segment than the HTTP response so your statement is wrong, (i.e. "always" should be removed).
Thanks, Jeff. I revised my answer.
0

It's likely that your OS will send a RST packet automatically in response to the SYN+ACK received. By using sniff tool like wireshark, you can see that.

The issue can be resolved by adding an iptables rules to suppress the outgoing RST

sudo iptables -A OUTPUT -p tcp --dport 80 --tcp-flags RST RST -j DROP

And remove it later 

sudo iptables -A OUTPUT -p tcp --dport 80 --tcp-flags RST RST -j DROP
Improve this answer

2 Comments

I tried it, the reply.show() command still has the same values. No response status code...
I got it. Seems the sr1 will only receive the first ACK packet from server, and it is an empty ACK, the second one is the HTTP response, so you need to use sr() instead of sr1() in order to capture the HTTP response

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.