Has anyone properly interpreted HTTP request based on this demo of winpcap?
Posted
by httpinterpret
on Stack Overflow
See other posts from Stack Overflow
or by httpinterpret
Published on 2010-05-07T10:22:23Z
Indexed on
2010/05/07
10:28 UTC
Read the original article
Hit count: 172
The example is here, and I tried it by changing the filter to tcp and dst port 80
and the following:
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
....
ip_len = (ih->ver_ihl & 0xf) * 4;
tcp_len = (((u_char*)ih)[ip_len + 12] >> 4) * 4;
tcpPayload = (u_char*)ih + ip_len + tcp_len;
/* start of url - skip "GET " */
url = tcpPayload + 4;
end_url = strchr((char*)url, ' ');
url_length = end_url - url;
final_url = (u_char*)malloc(url_length + 1);
strncpy((char*)final_url, (char*)url, url_length);
final_url[url_length] = '\0';
printf("%s\n", final_url);
....
}
But through debug, I see tcpPayload
is full of messy code,not supposed "GET ...
" stuff.
What's wrong with my implement?
© Stack Overflow or respective owner