Skip to content

Instantly share code, notes, and snippets.

@ashb

ashb/gist:cce8edd491de4de9b36017e50cd0c542

Forked from gtmtech/gist:9af0453db143c8a18e4fbd4460e00a91
Last active April 13, 2016 11:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ashb/cce8edd491de4de9b36017e50cd0c542 to your computer and use it in GitHub Desktop.
Save ashb/cce8edd491de4de9b36017e50cd0c542 to your computer and use it in GitHub Desktop.
Download ZIP
Realtime dumping of HTTP traffic headers
Raw
gistfile1.txt
#!/usr/bin/perl
my $port = shift or "80";
open (FH, "tshark -d tcp.port==$port,http -V -Y 'http.request || http.response' port $port |") or die "Could not run tshark";
%requests=();
while (<FH>) {
if (/^[^\s]/) {
# Headers
if (/Hypertext/) {
$log=1;
$payload="";
} elsif (/Transmission.*?Src Port: (\d+).*?Dst Port: (\d+)/) {
$srcport=$1;
$destport=$2;
# Save most recent payload
$request_key = $destport.":".$srcport;
if ($srcport eq $port) { # ie if this is outgoing response
print STDOUT $requests{ $request_key };
print STDOUT $payload;
} else {
$request_key = $srcport.":".$destport;
$requests{$request_key} = $payload;
}
# Assign new payload key
$log=0;
} else {
$srcport=-1;
$destport=-1;
$log=0;
}
}
if ($log == 1) {
$skip=0;
if (/^\s+\[/) { # Special type headers
$skip=1;
}
if (/^ /) { # Meta information is indented more
$skip=1;
}
if ($skip == 0) {
s/\\r\\n//;
$payload.=$_;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment