-
-
Save nizq/62958e58c3270bd81666ffe7ef1cfc8a to your computer and use it in GitHub Desktop.
#parse http request and response in wireshark #this was originally posted at http://blog.csdn.net/jasonhwang/article/details/5525700 by Huang Qiangxiong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Decode param=value from "application/x-www-form-urlencoded" type http body | |
| -- Original Author: Huang Qiangxiong ([email protected]) | |
| -- change log: | |
| -- 2010-04-20 | |
| -- Just can play. | |
| -- 2010-04-24 | |
| -- Add option "Turn on/off debug tree item" to preference window. | |
| -- Add option "add_orig_item" to preference window. | |
| ------------------------------------------------------------------------------------------------ | |
| do | |
| local form_urlencoded_proto = Proto("my_form_urlencoded", | |
| "MIME Encapsulation: application/x-www-form-urlencoded") | |
| local text_html_proto = Proto("text_html", "text/html") | |
| --setup options that could be found in preferences->MY_FORM_URLENCODED | |
| local prefs = form_urlencoded_proto.prefs | |
| prefs.debug_flag = Pref.bool("Turn on debug (a [DEBUG Tree proto: my_form_urlencoded] item will appear in Package Details tree)", | |
| false, | |
| "If you turn of debug, (a [DEBUG Tree proto: my_form_urlencoded] item will appear in Package Details tree)") | |
| prefs.add_orig_item = Pref.bool("Show orignal wireshark's data-text-lines dissection item in Package Details tree", | |
| false, | |
| "Show orignal wireshark's data-text-lines dissection item in Package Details tree") | |
| -----------DEBUG Function ------------------------------------------------ | |
| --local debug_flag = true | |
| local dmap = {} | |
| function d(tree, msg) | |
| if prefs.debug_flag and tree then | |
| local dt = dmap[tree] | |
| if dt == nil then | |
| dt = tree:add("[DEBUG Tree for " .. form_urlencoded_proto.name .. "]") | |
| dmap[tree] = dt | |
| end | |
| dt:add("[DEBUG] " .. msg) | |
| end | |
| end | |
| --------------------------------------------------------------------------------- | |
| ---- url decode (from www.lua.org guide) | |
| function unescape (s) | |
| s = string.gsub(s, "+", " ") | |
| s = string.gsub(s, "%%(%x%x)", function (h) | |
| return string.char(tonumber(h, 16)) | |
| end) | |
| return s | |
| end | |
| function split(str, pat) | |
| local t = {} -- NOTE: use {n = 0} in Lua-5.0 | |
| local fpat = "(.-)" .. pat | |
| local last_end = 1 | |
| local s, e, cap = str:find(fpat, 1) | |
| while s do | |
| if s ~= 1 or cap ~= "" then | |
| table.insert(t,cap) | |
| end | |
| last_end = e+1 | |
| s, e, cap = str:find(fpat, last_end) | |
| end | |
| if last_end <= #str then | |
| cap = str:sub(last_end) | |
| table.insert(t, cap) | |
| end | |
| return t | |
| end | |
| -- json = (loadfile "json.lua")() -- one-time load of the routines | |
| ---- save old dissector | |
| local media_type_table = DissectorTable.get("media_type") | |
| local old_dissector = media_type_table:get_dissector("application/x-www-form-urlencoded") | |
| local prev_html_disector = media_type_table:get_dissector("text/html") | |
| ---- my dissector | |
| function text_html_proto.dissector(tvb, pinfo, tree) | |
| local tvb_range = tvb() | |
| local my_tree = tree:add(text_html_proto, tvb_range) | |
| -- local my_tree = subtree:add(tvb_range, "Decoded Data") | |
| local content = tvb_range:string() | |
| local strings = split(content, ",") | |
| for k, v in pairs(strings) do | |
| local item = v | |
| if not (k == #strings) then | |
| item = item..',' | |
| end | |
| my_tree:add(tvb_range, item) | |
| end | |
| end | |
| function form_urlencoded_proto.dissector(tvb, pinfo, tree) | |
| d(tree, "pinfo.curr_proto=" .. pinfo.curr_proto) | |
| d(tree, "tvb:offset()=" .. tvb:offset()) | |
| d(tree, "tvb:len()=" .. tvb:len()) | |
| if prefs.add_orig_item then | |
| old_dissector:call(tvb, pinfo, tree) | |
| end | |
| -- begin build my tree | |
| local tvb_range = tvb() | |
| local content = tvb_range:string() | |
| -- add proto item to tree | |
| local subtree = tree:add(form_urlencoded_proto, tvb_range) | |
| -- add raw data to tree | |
| subtree:add(tvb_range, "Raw Data (" .. tvb_range:len() .. " bytes)"):add(tvb_range, content) | |
| -- add param value pair to tree | |
| local pairs_tree = subtree:add(tvb_range, "Decoded Data") | |
| local si = 1 | |
| local ei = 0 | |
| local count = 0 | |
| while ei do | |
| si = ei + 1 | |
| ei = string.find(content, "&", si) | |
| local xlen = (ei and (ei - si)) or (content:len() - si + 1) | |
| if xlen > 0 then | |
| json_str = unescape(content:sub(si, si+xlen-1)) | |
| local strings = split(json_str, ",") | |
| for k, v in pairs(strings) do | |
| local item = v | |
| if not (k == #strings) then | |
| item = item..',' | |
| end | |
| pairs_tree:add(tvb_range, item) | |
| end | |
| count = count + 1 | |
| end | |
| end | |
| pairs_tree:append_text(" (" .. count .. ")") | |
| end | |
| -- register this dissector | |
| media_type_table:add("application/x-www-form-urlencoded", form_urlencoded_proto) | |
| media_type_table:add("text/html", text_html_proto) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment