WEBVTT 00:02.960 --> 00:08.680 Okay, here we are capturing all and everything that we are browsing. 00:08.720 --> 00:12.600 Okay, that is not very good for us to do this, okay? 00:12.600 --> 00:15.320 Because that is not readable. 00:15.800 --> 00:17.080 I want to filter this. 00:17.120 --> 00:18.080 Okay. 00:18.120 --> 00:22.080 Filter and only capture the thing I want. 00:22.120 --> 00:22.920 Okay. 00:22.960 --> 00:31.040 So if you want to filter this you can do that right here we have another option called filter. 00:31.040 --> 00:38.960 And this filter is equal to any type of package that you want to capture for example if it is going 00:38.960 --> 00:39.680 to be UDP. 00:39.680 --> 00:41.600 So you provide UDP here. 00:41.600 --> 00:51.800 If it is TCP then TCP if it is um, if you want to capture on a specific port, for example port 80. 00:51.840 --> 00:54.560 So you provide that here okay. 00:54.600 --> 00:56.520 Port 80. 00:56.560 --> 00:59.960 And it is how it work okay. 01:00.000 --> 01:08.360 But the goal of this program is to capture the browsers link or the link that while we are browsing 01:08.360 --> 01:11.010 think while the target is browsing. 01:11.010 --> 01:15.930 And also another thing like username, password, something like that. 01:16.170 --> 01:21.090 So if you want to do such kind of thing, that is not possible to do that right here. 01:21.330 --> 01:32.330 So for doing that we need to use a third party module that is called http, uh I think HTTP request. 01:32.370 --> 01:33.170 Okay. 01:33.170 --> 01:37.770 So let's come right here and try to install it. 01:37.810 --> 01:40.450 It calls http okay. 01:41.290 --> 01:43.890 Use pip install skip http. 01:44.730 --> 01:47.530 And as you see I already installed this. 01:47.650 --> 01:52.050 You can install it by using pip install escape underscore http. 01:53.010 --> 01:55.690 And here let's use that okay. 01:57.090 --> 02:01.210 Uh for example I want to capture only the HTTP packet. 02:01.250 --> 02:02.010 So let's see. 02:02.570 --> 02:06.170 And if it is going to work or not. 02:06.490 --> 02:08.370 So here I'm going to import that. 02:08.530 --> 02:15.090 So from Scapy dot layer. 02:17.780 --> 02:22.820 Import http okay. 02:23.220 --> 02:25.620 Now I import this here. 02:26.300 --> 02:36.140 Down here inside this process sniffed packet method I can use an if condition, and I can print the 02:36.180 --> 02:39.780 packets or the details about packet that I want here. 02:40.820 --> 02:43.860 Let's do that okay I use if condition again here. 02:44.060 --> 02:46.300 If we have the packet okay. 02:46.340 --> 02:47.460 If packet. 02:48.380 --> 02:59.300 And this Skippy has a method called as layer okay has layer and it asks for HTTP. 02:59.660 --> 03:04.660 For example I am trying to use http dot http request. 03:04.700 --> 03:11.620 Okay HTTP is all capital and request with capital e and something like this. 03:12.260 --> 03:15.660 If it has this then let's print it okay. 03:17.940 --> 03:19.180 Let's tap here. 03:19.180 --> 03:22.540 Not really there here. 03:22.980 --> 03:24.380 And like this. 03:25.560 --> 03:27.440 Now, if I try to execute this. 03:27.440 --> 03:34.000 Okay, we have an if condition here that try to search on each packet, that if this packet has a layer 03:34.000 --> 03:40.160 by the name of HTTP request or HTTP layer, then it will print that packet for me. 03:40.160 --> 03:44.000 Not all and every packet that has UDP, TCP and everything. 03:44.040 --> 03:44.320 Okay. 03:44.320 --> 03:47.360 Like on port 18, port 21 anything. 03:47.640 --> 03:50.680 Not all of them, only the HTTP. 03:51.400 --> 03:55.720 Let's save this and try to go back here okay. 03:55.720 --> 04:01.240 Let's use pseudo python packet sniffer.py hit enter. 04:01.240 --> 04:02.960 And right now it's doing nothing. 04:03.320 --> 04:04.840 Let me come here. 04:06.200 --> 04:08.880 Uh Bing. 04:13.520 --> 04:14.240 Dot com. 04:16.800 --> 04:17.280 Okay. 04:17.280 --> 04:18.480 Net hundred pro. 04:20.840 --> 04:21.160 Okay. 04:21.160 --> 04:24.480 That is something that I hit on colony Hunter okay. 04:24.520 --> 04:25.680 That is come. 04:25.680 --> 04:28.160 And I'm sure this captures something. 04:28.200 --> 04:28.600 Okay. 04:29.680 --> 04:37.410 You see that it is capturing this data like either IP, TCP, IP, http, post, gate, and this thing. 04:37.450 --> 04:37.810 Okay. 04:38.450 --> 04:40.370 And also this is a JavaScript file. 04:40.370 --> 04:42.370 This is a png which is an image. 04:42.370 --> 04:45.170 And these all are get okay not post. 04:45.210 --> 04:50.850 That means these are HTTP data okay. 04:50.850 --> 04:56.330 You see again we have the data that is not really readable okay. 04:56.370 --> 04:57.290 Of course it is. 04:57.290 --> 05:03.530 HTTP is bing.com and a lot of data here links something like that. 05:03.730 --> 05:06.410 But these are really not what we want okay. 05:06.450 --> 05:17.490 We want some specific thing like only the link, the browse link okay or URL and also some specific 05:17.530 --> 05:21.650 thing like username and password, something like that. 05:21.650 --> 05:21.970 Okay. 05:22.010 --> 05:28.450 While the target is entering any kind of username or password we need to capture them. 05:28.450 --> 05:30.450 Not everything okay. 05:30.450 --> 05:35.210 Like passport ASP log okay. 05:35.970 --> 05:40.770 So let's go and try to see if you're able to do that or not.