Skip to content

Instantly share code, notes, and snippets.

@gtmtech
Created April 8, 2016 12:57
Show Gist options
  • Save gtmtech/9af0453db143c8a18e4fbd4460e00a91 to your computer and use it in GitHub Desktop.
Save gtmtech/9af0453db143c8a18e4fbd4460e00a91 to your computer and use it in GitHub Desktop.
Realtime dumping of HTTP traffic headers
#!/usr/bin/perl
open (FH, "tshark -V -Y 'http.request || http.response' port 80 |") or die "Could not run tshark";
%requests=();
while (<FH>) {
if (/^[^\s]/) {
# Headers
if (/Hypertext/) {
$log=1;
$payload="";
} elsif (/Transmission.*?Src Port: (\d+).*?Dst Port: (\d+)/) {
$srcport=$1;
$destport=$2;
# Save most recent payload
$request_key = $destport.":".$srcport;
if ($srcport eq "80") { # ie if this is outgoing response
print STDOUT $requests{ $request_key };
print STDOUT $payload;
} else {
$request_key = $srcport.":".$destport;
$requests{$request_key} = $payload;
}
# Assign new payload key
$log=0;
} else {
$srcport=-1;
$destport=-1;
$log=0;
}
}
if ($log == 1) {
$skip=0;
if (/^\s+\[/) { # Special type headers
$skip=1;
}
if (/^ /) { # Meta information is indented more
$skip=1;
}
if ($skip == 0) {
s/\\r\\n//;
$payload.=$_;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment