Get full HTTP request description through TShark

Question

Get full HTTP request description through TShark

I need to get a full description of HTTP requests using the TShark sniffer. I mean something like the Wireshark GUI, where you can get:

raw request data (zipped / unzipped);
fairly printed extracted HTTP fields: (Host, Accepted-Encoding, Cookies, etc.).

Now I can parse HTTP with

tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -d tcp.port=80,http

it prints something like this:

 139389.228821 xxxx -> yyyy HTTP GET /test.html HTTP/1.1

or can I print a cookie (or all cookies?), for example using

 tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -T fields -e http.cookie

But I want a full description of the HTTP request with raw data. Is it possible?

+4

http tshark sniffer

Shcheklein Sep 7 '11 at 9:20

source share

2 answers

If you only track traffic from your own computer, try Fiddler

Or use Firefox Firebug and / or Live HTTP headers and / or web developers toolbar

+1

Rolando Cruz Sep 7 '11 at 9:23

source share

ghostJago · Accepted Answer · 2011-09-07T09:26:57+0000

Note. See comments on accepted answer.

Curl can do it for you. when you publish your data via curl, use the -v and -i options. You can also use -b and -c to read / write cookie information to a file so you can look at it.

This may not be exactly what you want, because it seems that you already have a program that performs posting, but if you can re-create the message and send it using curl, you will see all the raw data (if you use the correct options).

Curl docs here

Get full HTTP request description through TShark

More articles: