please wait
- Forum
- General C++ Programming
- wPcap - Web Sniffer / Proxy
wPcap - Web Sniffer / Proxy
Mar 9, 2010 at 9:14pm
Hi,
I am in the process of learning C++ and am creating a project on sourceforge in the process. Cue the shameless self promotion!
http://sourceforge.net/projects/http-test/
The next stage is to write / source some sort of web sniffer. I have been looking at PCAP for windows and have compiled a basic example to start with but can't seem to get anywhere finding examples of expanding this into a web / http sniffer and also getting wireless capture to work.
There is a tool out there that gives the type of output I want:
http://www.ieinspector.com/httpanalyzer/
...specifically just the URLs that are requested directly and indirectly during navigation.
My question is, does anyone know of an example or soruce for an actual tool that can do something like the above. I don't mind doing any dirty work myself to learn but this is probably a bit out of my ability at the minute.
P.S i have also downloaded wireshark but it is a bit heavy duty!
Thanks
I am in the process of learning C++ and am creating a project on sourceforge in the process. Cue the shameless self promotion!
http://sourceforge.net/projects/http-test/
The next stage is to write / source some sort of web sniffer. I have been looking at PCAP for windows and have compiled a basic example to start with but can't seem to get anywhere finding examples of expanding this into a web / http sniffer and also getting wireless capture to work.
There is a tool out there that gives the type of output I want:
http://www.ieinspector.com/httpanalyzer/
...specifically just the URLs that are requested directly and indirectly during navigation.
My question is, does anyone know of an example or soruce for an actual tool that can do something like the above. I don't mind doing any dirty work myself to learn but this is probably a bit out of my ability at the minute.
P.S i have also downloaded wireshark but it is a bit heavy duty!
Thanks
Mar 10, 2010 at 8:31pm
Whats your ultimate goal, do you want to process sniffed data to show urls ? or some thing else
Mar 10, 2010 at 9:01pm
What I want is to capture a users navigation on a browser, capturing all the requests that are made - directly and indirectly. Also would want to capture post data etc to allow for navigation on sites where users logon etc.
For now my hope was to at least get something that logs the URLs that have been visited.
I have been looking about for a few days now and am starting to think a proxy server may be a better starting point but still can't really find a good example.
Hope that helps and thanks for your reply
For now my hope was to at least get something that logs the URLs that have been visited.
I have been looking about for a few days now and am starting to think a proxy server may be a better starting point but still can't really find a good example.
Hope that helps and thanks for your reply
Mar 10, 2010 at 9:25pm
So step would be capturing data, which you have already done with the winpcap library.
Next step is to read data again you can use winpacp for it. Parse each data packet for ip/tcp/udp
and finally for HTTP. take out url from this http data and then log it.
winpacp will help you to get to tcp payload, from where you need to parse http get request only.
And you can refer http rfc for get/post request format. I think this would do.
Regards
-Tajendra
http://www.tajendrasengar.blogspot.com/
Next step is to read data again you can use winpacp for it. Parse each data packet for ip/tcp/udp
and finally for HTTP. take out url from this http data and then log it.
winpacp will help you to get to tcp payload, from where you need to parse http get request only.
And you can refer http rfc for get/post request format. I think this would do.
Regards
-Tajendra
http://www.tajendrasengar.blogspot.com/
Last edited on Mar 10, 2010 at 9:30pm
Mar 10, 2010 at 9:40pm
Sorry the only problem with wPcap is that my wireless adaptor does not appear to be supported and not sure how to get it to work. It appears to be possible but not for me!
Mar 10, 2010 at 9:56pm
Ive set promiscious mode to 0 and it worked
i'll try what you suggested and report back what happens
Cheers
i'll try what you suggested and report back what happens
Cheers
Apr 6, 2010 at 9:35pm
Hi,
Ive finally got round to doing this properly and have started using windump.
I have used the following options
and then the following to turn it into ascii
The problem i'm now having is that this truncates the urls so anything of about 50 chars and over is truncated. Does anyone have any ideas please? windump doesn't appear to be brilliantly supported, nor does wpcap...
Ive finally got round to doing this properly and have started using windump.
I have used the following options
windump -p -i 1 -A -w dump.txt tcp dst port 80 and then the following to turn it into ascii
-A -r dump.txtThe problem i'm now having is that this truncates the urls so anything of about 50 chars and over is truncated. Does anyone have any ideas please? windump doesn't appear to be brilliantly supported, nor does wpcap...
Apr 7, 2010 at 8:45pm
Found it...
this sets the length to whatever is required. So much for not being well supported eh!
-s 0this sets the length to whatever is required. So much for not being well supported eh!
Topic archived. No new replies allowed.