maleadt/http_sniffer.pl

## http_sniffer.pl
#!/usr/bin/perl

#
# Configuration
#

# Write nicely
use warnings;
use strict;

# Modules
use Net::Pcap;
use Sniffer::HTTP;
use Net::Pcap::FindDevice;
use URI::Escape;
use DateTime;

# Constants
my $VERBOSE = 0;


#
# Main
#

# Get the output path
my $path = shift || die("Usage: ./capture <path> <opt:device> <opt:pcap filter>");
die("Output path not accessible") unless (-d $path);

# Generate a subfolder
my $dt = DateTime->now;
$path .= '/' . $dt->strftime('%Y%m%dT%H%M%SZ');
die("Session subfolder already exists") if (-d $path);
mkdir $path || die("Could not create session subfolder");

# Get the device
my $device = shift;
if ($^O =~ /MSWin32|cygwin/ && $device) {
    $device = qr/$device/i
};

# Get the filter
my $filter = shift;

# Sniff for data
my %counters;
print "* Starting sniffer\n";
my $sniffer = Sniffer::HTTP->new(
    callbacks => {
        request  => sub {
            my ($req, $conn) = @_;
            print "REQUEST\t", $req->uri, "\n";
        },
        response => sub {
            my ($res, $req, $conn) = @_;
            print "REPLY\t", $res->status_line, "\n";

            # Get the host
            my $host = $req->header("host") || "unknown";
            my $subfolder = "$path/$host";
            mkdir $subfolder unless (-d $subfolder);

            # Get a filename
            my $filename = $res->filename;
            if (!$filename && uri_unescape($req->uri) =~ m{/([^/]+\.\w+)($|\?.*)}) {
                $filename = $1;
            }
            if (!$filename) {
                $counters{$host} = 0 unless defined($counters{$host});
                $filename = ++$counters{$host};
            }

            # Save the contents
            if (length $res->content) {
                # Detect duplicates
                my $filepath = "$subfolder/$filename";
                my $dupcount = 0;
                $filepath = "$subfolder/$filename." . ++$dupcount while (-e $filepath);

                # Write!
                open(my $write, ">", $filepath) || die("Could not write data");
                print $write $res->decoded_content;
                close($write);
            }
        },
        log      => sub {
            print $_[0] if $VERBOSE
        },
        tcp_log  => sub {
            print $_[0] if $VERBOSE > 1
        },
    }
)->run($device, $filter);
	#!/usr/bin/perl

	#
	# Configuration
	#

	# Write nicely
	use warnings;
	use strict;

	# Modules
	use Net::Pcap;
	use Sniffer::HTTP;
	use Net::Pcap::FindDevice;
	use URI::Escape;
	use DateTime;

	# Constants
	my $VERBOSE = 0;


	#
	# Main
	#

	# Get the output path
	my $path = shift \|\| die("Usage: ./capture <path> <opt:device> <opt:pcap filter>");
	die("Output path not accessible") unless (-d $path);

	# Generate a subfolder
	my $dt = DateTime->now;
	$path .= '/' . $dt->strftime('%Y%m%dT%H%M%SZ');
	die("Session subfolder already exists") if (-d $path);
	mkdir $path \|\| die("Could not create session subfolder");

	# Get the device
	my $device = shift;
	if ($^O =~ /MSWin32\|cygwin/ && $device) {
	$device = qr/$device/i
	};

	# Get the filter
	my $filter = shift;

	# Sniff for data
	my %counters;
	print "* Starting sniffer\n";
	my $sniffer = Sniffer::HTTP->new(
	callbacks => {
	request => sub {
	my ($req, $conn) = @_;
	print "REQUEST\t", $req->uri, "\n";
	},
	response => sub {
	my ($res, $req, $conn) = @_;
	print "REPLY\t", $res->status_line, "\n";

	# Get the host
	my $host = $req->header("host") \|\| "unknown";
	my $subfolder = "$path/$host";
	mkdir $subfolder unless (-d $subfolder);

	# Get a filename
	my $filename = $res->filename;
	if (!$filename && uri_unescape($req->uri) =~ m{/([^/]+\.\w+)($\|\?.*)}) {
	$filename = $1;
	}
	if (!$filename) {
	$counters{$host} = 0 unless defined($counters{$host});
	$filename = ++$counters{$host};
	}

	# Save the contents
	if (length $res->content) {
	# Detect duplicates
	my $filepath = "$subfolder/$filename";
	my $dupcount = 0;
	$filepath = "$subfolder/$filename." . ++$dupcount while (-e $filepath);

	# Write!
	open(my $write, ">", $filepath) \|\| die("Could not write data");
	print $write $res->decoded_content;
	close($write);
	}
	},
	log => sub {
	print $_[0] if $VERBOSE
	},
	tcp_log => sub {
	print $_[0] if $VERBOSE > 1
	},
	}
	)->run($device, $filter);