SniffHttpReq

This is a small script in LUA that I made in order to be able to see in real time what web pages are being accessed by my browser, mp3 player, flash player, etc...

Several years ago, I wrote a program in C that was based on a friend's source and allowed me to capture the whole http traffic to an arbitrary web page in order to compute some statistics. This required coding a sniffing module a TCP connection assembling module, an http parser and an html parser. It was a lot of work and I eventually lost the source code anyway after a disk failure.

I thought that rather than rewriting everything from scratch, I could use an already existing excellent packet sniffer and dissector: tshark (text mode wireshark, former ethereal program).
All I needed was to learn a bit of LUA, an interpreted language.

The advantage of using a sniffer rather than a firefox extension is that this approach will work with any browser on (hopefully) any system.

To use SniffHttpReq, open /etc/wireshark/init.lua and make the following changes.
Comment out the line that disables lua:

-- disable_lua = true; do return end;

Thange the following variable to true:

run_user_scripts_when_superuser = true

The former is needed for lua scripts to run at all. The latter allows running scripts when tshark is running as root which is obviously what we will be doing if we want to capture any traffic.

Optionally, you may want to change the owner of the script to root for increased security:

chown root:root requests.lua #On linux
chown root:wheel requests.lua #On FreeBSD

After having made the changes above, run tshark:

tshark -i any -f "outbound" -q -X lua_script:requests.lua

This will list any http URL that is accessed from your computer. You can then get it using wget for example. It is very useful for grabbing mp3's from myspace ;)

Attachment	Size
requests.lua	1.12 KB

Citylight

Programming

Other stuff

User login