Dump HTTP packet Using Tcpdump and Perl
// capture network packet using tcpdump and print in human readable HTTP request and response using perl
#!/usr/bin/perl
use Socket;
$|=1;
open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
if (/^S/) {
while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g) {
$time = localtime;
$iaddr = inet_aton($client);
$client_name = gethostbyaddr($iaddr, AF_INET);
print "[$time] $client ($client_name) -> $host\t$&\n";
}
undef $client; undef $host; undef $packet;
($client,$host) = /(d+.d+.d+.d+).+ > (d+.d+.d+.d+)/
if /P d+:d+((d+))/ && $1 > 0;
}
next unless $client && $host;
s/s+//;
s/([0-9a-fA-F]{2})s?/chr(hex($1))/eg;
tr/x1F-x7Ern//cd;
s/0x.?: //g;
$packet .= $_;
}
0 Comments