Posted By

narkisr on 12/29/09


Tagged

http sniff pcap


Versions (?)

Who likes this?

2 people have marked this snippet as a favorite

t9md
4rp70x1n


http sniffing Ruby


 / Published in: Ruby
 

URL: http://www.google.com/codesearch/p?hl=en#e3Lo27gapsI/UNIX/utilities/framework-3.0.tar.gz|z3AQRfppUi8/framework-3.0/external/ruby-pcapx/examples/httpdump.rb&q=Pcap::Filter

Sniffing http request & response using pcap in Ruby.

  1. #!/usr/local/bin/ruby
  2. require 'pcaplet'
  3. httpdump = Pcaplet.new('-s 1500 -i eth0')
  4.  
  5. HTTP_REQUEST = Pcap::Filter.new('tcp and dst port 80', httpdump.capture)
  6. HTTP_RESPONSE = Pcap::Filter.new('tcp and src port 80', httpdump.capture)
  7.  
  8. httpdump.add_filter(HTTP_REQUEST | HTTP_RESPONSE)
  9. httpdump.each_packet {|pkt|
  10. data = pkt.tcp_data
  11. case pkt
  12. when HTTP_REQUEST
  13. if data and data =~ /^GET\s+(\S+)/
  14. path = $1
  15. host = pkt.dst.to_s
  16. host << ":#{pkt.dst_port}" if pkt.dport != 80
  17. s = "#{pkt.src}:#{pkt.sport} > GET http://#{host}#{path}"
  18. end
  19. when HTTP_RESPONSE
  20. if data and data =~ /^(HTTP\/.*)$/
  21. status = $1
  22. s = "#{pkt.dst}:#{pkt.dport} < #{status}"
  23. end
  24. end
  25. puts s if s
  26. }

Report this snippet  

You need to login to post a comment.