Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env ruby
- # = extractURL.rb
- #
- # Autor: Alejandro Perez
- #
- # == Test Script
- #
- # Extracts URIs from a tcpdump capture in offline mode.
- # - Input: pcap file
- # - Output: URIs extracted (plain text)
- #
- require 'pcaplet'
- # handle input arguments
- if ARGV.length != 1
- puts "Usage: ruby #{$0} INPUT_FILE"
- exit
- end
- file = ARGV[0]
- # open the input tcpdump row file and filter it
- capture = Pcap::Capture.open_offline(file)
- filter = Pcap::Filter.new('tcp and dst port 8080', capture)
- capture.setfilter(filter)
- # regular expression to extract the URLs
- regexp = /(GET|POST|HEAD)([^\r\n]*?)HTTP.*?Host:([^\r\n]*)/xm
- # main loop
- nPackets = 0
- nUrls = 0
- capture.loop do |pkt|
- nPackets += 1
- if pkt.tcp_data =~ regexp
- pkt.tcp_data.scan(regexp) { |method, path, host|
- puts "http://#{host.strip}#{path.strip}"
- nUrls += 1
- }
- end
- end
- # summary output
- puts "# #{nPackets} packets processed"
- if nPackets > 0
- puts "# #{nUrls} URLs extracted (#{nUrls*100/nPackets}%)"
- end
- # close
- capture.close
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement