Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <Array.au3>
- #include <GUIConstantsEx.au3>
- #include <WindowsConstants.au3>
- #Include <GuiListView.au3>
- #include <StaticConstants.au3>
- #include <EditConstants.au3>
- #Include <WinAPI.au3>
- #include <ComboConstants.au3>
- #include <Winpcap.au3>
- $winpcap=_PcapSetup()
- If ($winpcap=-1) Then
- MsgBox(16,"Pcap error !","WinPcap not found !")
- exit
- EndIf
- $pcap_devices=_PcapGetDeviceList()
- If ($pcap_devices=-1) Then
- MsgBox(16,"Pcap error !",_PcapGetLastError())
- exit
- EndIf
- $int=SelectInterface($pcap_devices)
- $pcap=_PcapStartCapture($pcap_devices[$int][0],"host "&$pcap_devices[$int][7]&" and tcp port (80 or 8080)",0,65536,2^24,0)
- If IsInt($pcap) Then
- MsgBox(16,"Pcap error !",_PcapGetLastError())
- _PcapFree()
- exit
- EndIf
- $file = FileOpen("domains.txt", 1)
- ; Check if file opened for writing OK
- If $file = -1 Then
- MsgBox(0, "Error", "Unable to open file.")
- Exit
- EndIf
- $i=0
- Do
- If IsPtr($pcap) Then ; If $pcap is a Ptr, then the capture is running
- $time0=TimerInit()
- While (TimerDiff($time0)<500) ; Retrieve packets from queue for maximum 500ms before returning to main loop, not to "hang" the window for user
- $packet=_PcapGetPacket($pcap)
- If IsInt($packet) Then ExitLoop
- $http=HttpCapture($packet[3])
- If $http == False Then ContinueLoop
- FileWriteLine($file, $http & @CRLF)
- $i+=1
- Wend
- EndIf
- Until false
- ; close all remaining open captures
- For $j=0 to Ubound($recordings)-2
- _WinAPI_CloseHandle($recordings[$j][1])
- Next
- ; close winpcap wrapper
- _PcapStopCapture($pcap)
- _PcapFree()
- Func HttpCapture ($data)
- Local $ipheaderlen=BitAnd(_PcapBinaryGetVal($data,15,1),0xF)*4
- Local $tcpoffset=$ipheaderlen+14
- Local $tcplen=_PcapBinaryGetVal($data,17,2)-$ipheaderlen ; ip total len - ip header len
- Local $tcpheaderlen=BitShift(_PcapBinaryGetVal($data, $tcpoffset+13,1),4)*4
- Local $tcpsrcport=_PcapBinaryGetVal($data,$tcpoffset+1,2)
- Local $tcpdstport=_PcapBinaryGetVal($data,$tcpoffset+3,2)
- Local $tcpsequence=_PcapBinaryGetVal($data,$tcpoffset+5,4)
- Local $tcpflags=_PcapBinaryGetVal($data, $tcpoffset+14,1)
- Local $r[2]=["",""]
- ; From here, we are watching http payload
- Local $httpoffset=$tcpoffset+$tcpheaderlen+1
- Local $httplen=$tcplen-$tcpheaderlen
- If $httplen=0 Then return false
- Local $http=BinaryToString(BinaryMid ($data, $httpoffset, $httplen))
- Local $host = StringRegExp ( $http, "Host: (.*)" , 1)
- If @Error<>0 Then return false
- return $host[0]
- EndFunc
- Func SelectInterface($devices) ; auto selects an ethernet pcap interface or prompt user for choice
- Local $ipv4=0,$int=0,$i,$win0,$first,$interface,$ok,$which,$msg
- For $i=0 To Ubound($devices)-1
- If $devices[$i][3]="EN10MB" AND StringLen($devices[$i][7])>6 Then ; for ethernet devices with valid ip address only !
- $ipv4+=1
- $int=$i
- EndIf
- Next
- If $ipv4=0 Then
- MsgBox(16,"Error","No network interface found with a valid IPv4 address !")
- _PcapFree()
- Exit
- EndIf
- If $ipv4>1 Then
- $win0=GUICreate("Interface choice", 500, 50)
- $interface=GUICtrlCreateCombo("", 10, 15, 400,default,$CBS_DROPDOWNLIST)
- $first=true
- For $i = 0 to Ubound($devices)-1
- If $devices[$i][3]="EN10MB" AND StringLen($devices[$i][7])>6 Then
- If $first Then
- GUICtrlSetData(-1, $devices[$i][7]&" - "&_PcapCleanDeviceName($devices[$i][1]),$devices[$i][7]&" - "&_PcapCleanDeviceName($devices[$i][1]))
- $first=false
- Else
- GUICtrlSetData(-1, $devices[$i][7]&" - "&_PcapCleanDeviceName($devices[$i][1]))
- EndIf
- EndIf
- Next
- $ok=GUICtrlCreateButton ( " Ok ", 430, 15,60)
- GUISetState()
- While true
- $msg = GUIGetMsg()
- If $msg=$ok Then
- $which=GUICtrlRead($interface)
- For $i=0 To Ubound($devices)-1
- If StringLen($devices[$i][7])>6 AND StringInStr($which,$devices[$i][7]) Then
- $int=$i
- ExitLoop
- EndIf
- Next
- GUIDelete($win0)
- ExitLoop
- EndIf
- If $msg=$GUI_EVENT_CLOSE Then Exit
- Wend
- EndIF
- return $int
- EndFunc
Add Comment
Please, Sign In to add comment