写一个http嗅探器 [英] writing a http sniffer

问题描述

我想编写一个程序，通过数据包捕获来提取系统访问的网站的URL（IP地址）。我认为这个URL将出现在数据部分（即不在任何标题中 - 以太网） / ip / tcp-udp）..（这些程序有时被称为http嗅探器，我不应该使用任何可用的工具）。作为初学者，我刚刚学习了这个基本的嗅探程序： sniffex.c 。谁能告诉我我应该朝哪个方向前进..

I would like to write a program to extract the URLs of websites visited by a system (an IP address) through packet capture.. I think this URL will come in the data section ( ie not in any of the headers - ethernet / ip / tcp-udp ).. ( Such programs are sometimes referred to as http sniffers , i'm not supposed to use any available tool ). As a beginner , I've just now gone through this basic sniffer program : sniffex.c.. Can anyone please tell me in which direction i should proceed..

推荐答案

注意：在下面的信息中，假设GET也是包括POST和其他HTTP方法。

Note: In the info below, assume that GET also includes POST and the other HTTP methods too.

这肯定比查看一个数据包要多得多，但是如果你捕获整个流，你应该能够从发出的HTTP标头中获取它。

It's definitely going to be a lot more work than looking at one packet, but if you capture the entire stream you should be able to get it from the HTTP headers sent out.

如果提供了此标头，请尝试查看主机标头，以及GET实际请求的内容。 GET可以是完整的URL，也可以只是服务器上的文件名。

Try looking at the Host header if that's provided, and also what is actually requested by the GET. The GET can be either a full URL or just a file name on the server.

另请注意，这与从IP地址获取域名无关。如果你想要域名，你必须深入研究数据。

Also note that this has nothing to do with getting a domain name from an IP address. If you want the domain name, you have to dig into the data.

我的机器上的快速示例，来自Wireshark：

Quick example on my machine, from Wireshark:

GET http://www.google.ca HTTP/1.1
Host: www.google.ca
{other headers follow}

另一个例子，不是来自浏览器，只有GET中的路径：

Another example, not from a browser, and with only a path in the GET:

GET /ccnet/XmlStatusReport.aspx HTTP/1.1
Host: example.com

在第二个示例中，实际的网址是 http ：//example.com/ccnet/XmlStatusReport.aspx

In the second example, the actual URL is http://example.com/ccnet/XmlStatusReport.aspx

这篇关于写一个http嗅探器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！