View unanswered posts | View active topics It is currently Wed Nov 14, 2018 1:04 pm



Post new topic Reply to topic  [ 2 posts ] 
 How to see HTTP headers? 
Author Message

Joined: Tue Apr 03, 2012 8:45 pm
Posts: 1
Reply with quote
Post How to see HTTP headers?
Hello, new user here. I'm still trying to learn Xplico. What I need to do is feed it a pcap file and from that see every HTTP request and response that happened. The command that I used was:
./xplico -m pcap -fpcap1.cap
This created files under xdecode in a structure like this:
xdecode/172.18.0.203/http/dell.com/http_rs_body_1333469115_0x980e4d0_887
This filename appears to indicate an http response body, a timestamp (of what?), but what are the last 2 items in the filename?

This file has in it the http response, but I also need to see many of the request and response headers. How do I enable those to be logged?

xplico -i http shows this:
http: Hypertext Transfer Protocol
-----------------------------------------------------------
Pkt info:
http.user_agent: User-Agent
http.host: Host
http.content_type: Content-Type
http.content_range: Content-Range
http.content_encoding: Content-Encoding
-----------------------------------------------------------
Pei components type:
url: Uniform Resource Locator
client: Client
host: Host
content_type: Content Type
method: Method
status: Status response
req.header: Request header
req.body: Request body
res.header: Response header
res.body: Response body
boundary: Boundary contents

which has many of the items that I need. However, I don't understand how to use the PEI or Packet info items.

xplico version = 1.0.0
OS = Ubuntu 10.04

Please help.
Thank you.


Wed Apr 04, 2012 3:31 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: How to see HTTP headers?
Hi dalton,
you can develop your own version of cli dispatcher, where you can select the (file-)name and the location of every http (message) contents.
To start I have developed a cli version for you (view function DispHttp).
Attachment:
cli.c

The http data will be saved in ./xdecode/<ip>/http/ directory (like the original version) but, with this new version all data of http message will be saved and the files names will have form:
<http_message_id>_http_rq_hdr_xxxxx : http request header
<http_message_id>_http_rq_body_xxxxx : http request body (ie POST body)
<http_message_id>_http_rs_hdr_xxxxx : http response header
<http_message_id>_http_rs_body_xxxxx : http response body
An http message (http_message_id) is compose by an request and e response where the request is composed by and header (http_rq_hdr) and sometimes a body (http_rq_body), the response is composed by and header (http_rs_hdr) and a body (http_rs_body).

Ciao.
Gianluca


You do not have the required permissions to view the files attached to this post.


Mon Apr 09, 2012 11:22 am
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.