httpdump base on tcpdump

1/27/2019 - 5:39 AM

# string to hex
str2hex () {
    echo -n "$@" | xxd -p
}

# httpdump
hdump() {
    filter_cmd='s/^E.*?(GET|PUT|POST|HEAD|PATCH|CONNECT|DELETE|TRACE|OPTIONS|HTTP)/\1/'
    if [ "$1" = "-m" ];then
        method="0x`str2hex $2`"
        params=""
        for item in "${@:3}"
        do
            params="$params $item"
        done
        sudo tcpdump -A -l -nn -s0 `echo $params` "tcp[((tcp[12:1] & 0xf0) >> 2):4] = $method" | perl -pe "$filter_cmd"
    else
        sudo tcpdump -A -l -nn -s0 $@ "(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)" | perl -pe "$filter_cmd"
    fi
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

httpdump base on tcpdump