【Python】QQ查IP工具
Python,QQ,IP,工具
2025-03-25 08:59:30 时间
根据wireshark分析可知,通过分析qq语音通话,发现采用的是dup协议(应该是叫这个) 检测数据包的标志
020048即可 需要pypacp这个库,但是python3 的环境下,推荐pacp-ct 具体缺啥库就安装啥....
import psutil,netaddr,pcap,dpkt
import time
import platform
import binascii
if 'Windows' in platform.platform():
import winreg as wr
FINGERPRINT = {
'qq.exe':('udp','020048'),
'tim.exe':('udp','020048')
}
IF_REG = r'SYSTEM\CurrentControlSet\Control\Network\{4d36e972-e325-11ce-bfc1-08002be10318}'
def get_interface_name(name):
reg = wr.ConnectRegistry(None, wr.HKEY_LOCAL_MACHINE)
reg_key = wr.OpenKey(reg, IF_REG)
for i in range(wr.QueryInfoKey(reg_key)[0]):
subkey_name = wr.EnumKey(reg_key, i)
try:
reg_subkey = wr.OpenKey(reg_key, subkey_name + r'\Connection')
Name = wr.QueryValueEx(reg_subkey, 'Name')[0]
wr.CloseKey(reg_subkey)
if Name == name:
return r'\Device\NPF_' + subkey_name
except FileNotFoundError as e:
pass
return None
if 'Windows' in platform.platform():
iface = get_interface_name('Router') # WLAN
else:
iface = 'enp2s0'
def get_pid_sessions(is_show=True):
sessions = {}
for session in psutil.net_connections(kind="all"):
if session.laddr and session.raddr:
pid = session.pid #进程pid
pid_name = psutil.Process(int(pid)).name().lower() #进程名
pid_create_time = time.strftime("%Y-%m-%d %H:%M:%S",time.localtime(psutil.Process(int(pid)).create_time())) #进程创建时间
src_ip = session.laddr.ip #源IP
sport = session.laddr.port #源端口
des_ip = session.raddr.ip #目的IP
dport = session.raddr.port #目的端口
status = session.status #会话状态
filter_des_ip = netaddr.IPAddress(des_ip) #格式化目的IP地址,用于后续判断是否是公网IP
filter_src_ip = netaddr.IPAddress(src_ip)
if not filter_des_ip.is_private() and filter_des_ip.is_unicast() and not filter_des_ip.is_link_local() and not filter_src_ip.is_loopback(): #判断目的IP不是私网IP,是一个单播地址,不是linklocal地址,如果符合条件就记录
if pid_name not in sessions:
sessions[pid_name] = {}
if pid not in sessions[pid_name]:
sessions[pid_name][pid] = {}
if f'{src_ip}:{sport}' not in sessions[pid_name][pid]:
sessions[pid_name][pid][f'{src_ip}:{sport}'] = {}
if f'{des_ip}:{dport}' not in sessions[pid_name][pid][f'{src_ip}:{sport}']:
sessions[pid_name][pid][f'{src_ip}:{sport}'][f'{des_ip}:{dport}'] = {
'create_time':'',
'status':''
}
sessions[pid_name][pid][f'{src_ip}:{sport}'][f'{des_ip}:{dport}']['status'] = status
sessions[pid_name][pid][f'{src_ip}:{sport}'][f'{des_ip}:{dport}']['create_time'] = pid_create_time
if is_show:
print(f'[{pid_create_time}] [{pid}] [{pid_name}] [{src_ip}:{sport}] ---> [{des_ip}:{dport}] ---- [{status}]')
return sessions
def sniffer(pname):
transport = FINGERPRINT[pname][0]
fingerprint = FINGERPRINT[pname][1]
pc = pcap.pcap(iface, promisc=True, immediate=True)
pc.setfilter(transport)
if transport.lower() == 'tcp':
check_transport = dpkt.tcp.TCP
else:
check_transport = dpkt.udp.UDP
for timestamp, raw_buf in pc:
eth = dpkt.ethernet.Ethernet(raw_buf)
if not isinstance(eth.data, dpkt.ip.IP):
continue
df = bool(eth.data.off & dpkt.ip.IP_DF)
mf = bool(eth.data.off & dpkt.ip.IP_MF)
offset = eth.data.off & dpkt.ip.IP_OFFMASK
traffic = eth.data.data
if not isinstance(traffic,check_transport):
continue
if not len(traffic.data):
continue
packet = {
'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime(timestamp))),
'src':'%d.%d.%d.%d'%tuple(eth.data.src),
'dst':'%d.%d.%d.%d'%tuple(eth.data.dst),
'protocol':eth.data.p,
'len':eth.data.len,
'ttl':eth.data.ttl,
'df':df,
'mf':mf,
'offset':offset,
'checksum':eth.data.sum,
'traffic':binascii.b2a_hex(traffic.data).decode()
}
if packet['traffic'].startswith(fingerprint):
print()
for key in packet:
length = len(key)
ins_space_left = ''
ins_space_right = ''
if length < 8:
ins_space_left = ' ' * int((8-length)/2)
if length % 2:
ins_space_right = ' '* int((8-length)/2+1)
else:
ins_space_right = ' '* int((8-length)/2)
print(f'[ {pname} ] [ {ins_space_left}{key}{ins_space_right} ] ----> {packet[key]}')
else:
print('\r[%s] No capture!' %time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime(time.time()))),end='')
if __name__ == "__main__":
sessions = get_pid_sessions(False)
pid_names = FINGERPRINT.keys()
for pname in pid_names:
if pname in sessions:
sniffer(pname=pname)
break相关文章
- python换行符使用_python中怎么换行?「建议收藏」
- Python项目51-课程页面
- python求逆矩阵的方法,Python 如何求矩阵的逆「建议收藏」
- Python <算法思想集结>之初窥基础算法
- Python-drf前戏38.4-前端Vue04
- 用Python画一棵带音乐的雪夜圣诞树
- Python迭代DataLoader时出现TypeError: Caught TypeError in DataLoader worker process 0.错误。
- 快速了解 OJ 判题系统如何在python中使用?
- Easy Games With Python and Pygame(三)- Pygame Event
- 【Python矩阵转置】| 试使用多方法实现[通俗易懂]
- 自动化神器!Python 批量读取身份证信息写入 Excel
- 我用python算出了同事的身份证号码!
- pyqt ui设计_python pyqt5界面开发
- python部分依赖踩坑
- Python+Flask实现的学生培养计划管理系统
- python 字符串(字符序列)和字节序列
- Python自动化办公小程序:实现报表自动化和自动发送到目的邮箱
- 8000 字 Python 数据可视化实操指南
- Python基本数据类型-字符型
- Python-yield关键字详解