Created
January 21, 2010 07:26
-
-
Save slumos/282647 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env ruby | |
| $: << '/ops/lib/ruby' | |
| TARGET_HOST='' | |
| TARGET_USER='' | |
| TARGET_PASS='' | |
| TARGET_DB='' | |
| require 'rubygems' | |
| require 'pcaplet' | |
| require 'mysql' | |
| MYSQL_COM_QUERY = 0x03 | |
| target_db = Mysql.real_connect(TARGET_HOST, TARGET_USER, TARGET_PASS, TARGET_DB) | |
| mysqlsniff = Pcaplet.new('-s 65535 -i eth0') | |
| mysqlsniff.add_filter Pcap::Filter.new("tcp port 3306 and not dst #{TARGET_HOST}", | |
| mysqlsniff.capture) | |
| query = '' | |
| query_length = 0 | |
| mysqlsniff.each_packet do |pkt| | |
| next unless pkt.tcp_data | |
| if query then | |
| if query.length == query_length then | |
| if query[/^select/i] then | |
| start_time = Time.now | |
| puts query | |
| target_db.query query | |
| times = "== [%.2fs] ==" % (Time.now - start_time) | |
| puts times + '=' * (80 - times.length) | |
| puts | |
| end | |
| query = nil | |
| query_length = 0 | |
| else | |
| query << pkt.tcp_data | |
| end | |
| end | |
| if pkt.tcp_data[3] == 0 and pkt.tcp_data[4] == MYSQL_COM_QUERY then | |
| query_length = (pkt.tcp_data[0,3] + "\0").unpack('V')[0] - 1 | |
| next if query_length < 1 | |
| query = pkt.tcp_data[5..-1] | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment