API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 6th, 2014
1,582
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 2.02 KB | None | 0 0
raw download clone embed print report
  1. -- Written by Eitam Doodai
  2. -- trivial postdissector example
  3. -- declare some Fields to be read
  4. full_uri_from_request = Field.new("http.request.full_uri")
  5.  
  6. -- declare our (pseudo) protocol
  7. http_query_params_proto = Proto("http.query_parameters","HTTP Query Parameters Postdissector")
  8.  
  9. -- create the fields for our "protocol"
  10. query_param1 = ProtoField.string("http.query_parameters.param1","PARAM1")
  11. query_param2 = ProtoField.string("http.query_parameters.param2","PARAM2")
  12. query_param3 = ProtoField.string("http.query_parameters.param3","PARAM3")
  13.  
  14. -- add the field to the protocol
  15. http_query_params_proto.fields = {query_param1}
  16. http_query_params_proto.fields = {query_param2}
  17. http_query_params_proto.fields = {query_param3}
  18.  
  19. -- Add prefs
  20. local p1 = http_query_params_proto.prefs
  21. p1.value1 = Pref.string ("Param1 Value", "123", "Param key to extract")
  22. p1.value2 = Pref.string ("Param2 Value", "456", "Param key to extract")
  23. p1.value3 = Pref.string ("Param3 Value", "789", "Param key to extract")
  24.  
  25. -- create a function to "postdissect" each frame
  26. function http_query_params_proto.dissector(buffer,pinfo,tree)
  27.     -- obtain the current values the protocol fields
  28.     local full_uri_value = full_uri_from_request()
  29.     if full_uri_value then
  30.         local value = tostring(full_uri_value)
  31.         local subtree = tree:add(http_query_params_proto,"Query Param1")
  32.         local subtree = tree:add(http_query_params_proto,"Query Param2")
  33.         local subtree = tree:add(http_query_params_proto,"Query Param3")
  34.         _, _, query_param1_str = string.find(value,p1.value1 .. "=([^&]+)")
  35.         _, _, query_param2_str = string.find(value,p1.value2 .. "=([^&]+)")
  36.         _, _, query_param3_str = string.find(value,p1.value3 .. "=([^&]+)")
  37.         if query_param1_str then
  38.             subtree:add(query_param1,query_param1_str)
  39.         end
  40.  
  41.         if query_param2_str then
  42.             subtree:add(query_param2,query_param2_str)
  43.         end
  44.         if query_param3_str then
  45.             subtree:add(query_param3,query_param3_str)
  46.         end
  47.     end
  48. end
  49.  
  50. -- register our protocol as a postdissector
  51. register_postdissector(http_query_params_proto)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!