I need to get a full description of HTTP requests using the TShark sniffer. I mean something like the Wireshark GUI, where you can get:
- raw request data (zipped / unzipped);
- fairly printed extracted HTTP fields: (Host, Accepted-Encoding, Cookies, etc.).
Now I can parse HTTP with
tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -d tcp.port=80,http
it prints something like this:
139389.228821 xxxx -> yyyy HTTP GET /test.html HTTP/1.1
or can I print a cookie (or all cookies?), for example using
tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -T fields -e http.cookie
But I want a full description of the HTTP request with raw data. Is it possible?
source share