Write a C++ program to read the HTTP header and analyze the
parameters.
#include <iostream>
#include <string>
#include <cstring>
#include <crafter.h>
#include <stdio.h>
using namespace std;
using namespace Crafter;
int tcpcount = 0;
int httpcount = 0;
int req_count = 0;
int res_count = 0;
int ok= 0;
int moved = 0;
int forbidden = 0;
struct Info
{
string hostname ;
int requestcount ;
string contenttype;
} ;
Info in[10];
int count=1;
void PacketHandler(Packet* sniff_packet, void* user) {
RawLayer* raw_payload = sniff_packet->GetLayer<RawLayer>();
if(raw_payload) {
TCP* tcp_layer = sniff_packet->GetLayer<TCP>();
cout << "[#] TCP packet from source port: " << tcp_layer->GetSrcPort() << endl;
tcpcount++;
string payload = raw_payload->GetStringPayload();
string test1="HTTP/1.1";
string test2="GET";
string test3="POST";
string test4="HTTP/1.0";
string test5="200";
string test6="302";
string test7="403";
if(strstr(payload.c_str(),test1.c_str())||strstr(payload.c_str(),test4.c_str()))
{
cout << "[+] ---PACKET--- [+]" << endl;
cout<<payload<<endl;
cout << "[#] With Properties: " << endl;
cout<<"HTTP PACKET FOUND!!!"<<endl;
httpcount++;
if((strstr(payload.c_str(),test5.c_str())))
{
ok++;
}
else if((strstr(payload.c_str(),test6.c_str())))
{
moved++;
}
else if((strstr(payload.c_str(),test7.c_str())))
{
forbidden++;
}
if((strstr(payload.c_str(),test2.c_str()))||(strstr(payload.c_str(),test3.c_str())))
{
cout<<"REQUEST PACKET FOUND!!!"<<endl;
req_count++;
}
else
{
cout<<"RESPONSE PACKET FOUND!!!"<<endl;
res_count++;
}
std::string delimiter = "\n";
size_t pos,pos1 = 0;
std::string token;
int isize=sizeof(in)/sizeof(in[0]);
int flag=0;
while ((pos = payload.find(delimiter)) != std::string::npos)
{
token = payload.substr(0, pos);
if((pos1=token.find("Host:"))!=std::string::npos)
{
for(int ii=0;ii<count;ii++)
{
if(in[ii].hostname==token)
{
in[ii].requestcount++;
flag=1;
}
else
{
flag=0;
}
}
if(flag==0)
{
in[count].hostname=token;
in[count].requestcount=1;
count++;
cout << "\n-->\t"<<token << endl;
}
}
payload.erase(0, pos + delimiter.length());
}
}
}
}
int main() {
string iface = "p4p1";
Sniffer sniff("tcp",iface,PacketHandler);
sniff.Capture(200);
cout <<"\nNumber of TCP packets: "<<tcpcount;
cout<<"\nNumber of HTTP headers :"<<httpcount<<endl;
cout<<"\nNumber of Request Packets :"<<req_count<<endl;
cout<<"\nNumber of Response Packets :"<<res_count<<endl;
cout<<"\nMoved :"<<moved<<endl;
cout<<"\nOK :"<<ok<<endl;
cout<<"\nForbidden :"<<forbidden<<endl;
for(int jj=0;jj<count;jj++)
{
cout<<"host name is "<<in[jj].hostname<<"\n";
cout<<"request count is "<<in[jj].requestcount<<"\n";
}
return 0;
}
#include <string>
#include <cstring>
#include <crafter.h>
#include <stdio.h>
using namespace std;
using namespace Crafter;
int tcpcount = 0;
int httpcount = 0;
int req_count = 0;
int res_count = 0;
int ok= 0;
int moved = 0;
int forbidden = 0;
struct Info
{
string hostname ;
int requestcount ;
string contenttype;
} ;
Info in[10];
int count=1;
void PacketHandler(Packet* sniff_packet, void* user) {
RawLayer* raw_payload = sniff_packet->GetLayer<RawLayer>();
if(raw_payload) {
TCP* tcp_layer = sniff_packet->GetLayer<TCP>();
cout << "[#] TCP packet from source port: " << tcp_layer->GetSrcPort() << endl;
tcpcount++;
string payload = raw_payload->GetStringPayload();
string test1="HTTP/1.1";
string test2="GET";
string test3="POST";
string test4="HTTP/1.0";
string test5="200";
string test6="302";
string test7="403";
if(strstr(payload.c_str(),test1.c_str())||strstr(payload.c_str(),test4.c_str()))
{
cout << "[+] ---PACKET--- [+]" << endl;
cout<<payload<<endl;
cout << "[#] With Properties: " << endl;
cout<<"HTTP PACKET FOUND!!!"<<endl;
httpcount++;
if((strstr(payload.c_str(),test5.c_str())))
{
ok++;
}
else if((strstr(payload.c_str(),test6.c_str())))
{
moved++;
}
else if((strstr(payload.c_str(),test7.c_str())))
{
forbidden++;
}
if((strstr(payload.c_str(),test2.c_str()))||(strstr(payload.c_str(),test3.c_str())))
{
cout<<"REQUEST PACKET FOUND!!!"<<endl;
req_count++;
}
else
{
cout<<"RESPONSE PACKET FOUND!!!"<<endl;
res_count++;
}
std::string delimiter = "\n";
size_t pos,pos1 = 0;
std::string token;
int isize=sizeof(in)/sizeof(in[0]);
int flag=0;
while ((pos = payload.find(delimiter)) != std::string::npos)
{
token = payload.substr(0, pos);
if((pos1=token.find("Host:"))!=std::string::npos)
{
for(int ii=0;ii<count;ii++)
{
if(in[ii].hostname==token)
{
in[ii].requestcount++;
flag=1;
}
else
{
flag=0;
}
}
if(flag==0)
{
in[count].hostname=token;
in[count].requestcount=1;
count++;
cout << "\n-->\t"<<token << endl;
}
}
payload.erase(0, pos + delimiter.length());
}
}
}
}
int main() {
string iface = "p4p1";
Sniffer sniff("tcp",iface,PacketHandler);
sniff.Capture(200);
cout <<"\nNumber of TCP packets: "<<tcpcount;
cout<<"\nNumber of HTTP headers :"<<httpcount<<endl;
cout<<"\nNumber of Request Packets :"<<req_count<<endl;
cout<<"\nNumber of Response Packets :"<<res_count<<endl;
cout<<"\nMoved :"<<moved<<endl;
cout<<"\nOK :"<<ok<<endl;
cout<<"\nForbidden :"<<forbidden<<endl;
for(int jj=0;jj<count;jj++)
{
cout<<"host name is "<<in[jj].hostname<<"\n";
cout<<"request count is "<<in[jj].requestcount<<"\n";
}
return 0;
}
OUTPUT:
[root@06 crafter-0.2]# g++ /home/tecomp/3425/assign1.cpp -lcrafter
[root@06 crafter-0.2]# ./a.out
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://ocsp.digicert.com/ HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive
0q0o0M0K0I0 + �&� ��~�B� /j �
0 Qh��� u<��edb� �Yr; ӷ �d�:'�� ��G�� 0 0 + 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: ocsp.digicert.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=506358
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:32 GMT
ETag: "586b34ab-1d7"
Expires: Mon, 09 Jan 2017 22:21:32 GMT
Last-Modified: Tue, 03 Jan 2017 05:20:43 GMT
Server: ECS (maa/AE9B)
X-Cache: HIT
Content-Length: 471
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://ocsp.digicert.com/ HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive
0q0o0M0K0I0 + ߪ �(� A���B��G@B�X� �>�i ��G Ԙ& �cd+� ����\��m�+B�]0�� 0 0 + 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=503978
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:32 GMT
ETag: "586b3534-1d7"
Expires: Mon, 09 Jan 2017 22:21:32 GMT
Last-Modified: Tue, 03 Jan 2017 05:23:00 GMT
Server: ECS (maa/AE9C)
X-Cache: HIT
Content-Length: 471
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[+] ---PACKET--- [+]
CONNECT start.fedoraproject.org:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: start.fedoraproject.org
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
--> Host: start.fedoraproject.org
[#] TCP packet from source port: 60275
[+] ---PACKET--- [+]
CONNECT piwik.fedorainfracloud.org:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: piwik.fedorainfracloud.org
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
--> Host: piwik.fedorainfracloud.org
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 Connection established
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60276
[+] ---PACKET--- [+]
GET http://www.google.com/ HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NID=94=fHprfB0JZPoVHBUrUVNhvIqg5ZWOXBKDO6wCrLoyyC7gzXub98cm6YQg-FfHNC9j6biMixluZucJIcYlx02AGC-msLXj7Kzlzu_Q65rtjeDdxuz0frFQc1Uj9d5fOw_DsUsO7ECJqsgfvs5p
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: www.google.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA
Content-Length: 261
Date: Tue, 03 Jan 2017 10:21:39 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60276
[+] ---PACKET--- [+]
GET http://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA HTTP/1.1
Host: www.google.co.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NID=94=EQCI91_cgorVVlAFLWvJmLQknPUD-Av1uGFz7aWB1YkweH2Qp5nBe8-TUZI_tJi1QgoeoGd7XTb3PSq_ffd0hTMk6hh913BoaLZiEoMLqc7OinozTPAdsLO5MrzSRraZP3bpImCoB9YNfnKNeAXIKik; OGPC=135465984-7:
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: www.google.co.in
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 302 Moved Temporarily
Location: https://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 03 Jan 2017 10:21:39 GMT
Server: gws
Content-Length: 277
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[+] ---PACKET--- [+]
CONNECT www.google.co.in:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google.co.in
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 Connection established
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://clients1.google.com/ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive
0i0g0E0C0A0 + ��j��� �p�I #z�� (~d J� ��h�v����b �Z�/+j8���� 0 0 +0 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: clients1.google.com
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:40 GMT
Expires: Sat, 07 Jan 2017 10:21:40 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://g.symcd.com/ HTTP/1.1
Host: g.symcd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 102
Content-Type: application/ocsp-request
Connection: keep-alive
0d0b0@0>0<0 + ��9 � ��yP �`�Ԣ<��� �*�A���¸>U��� � :�� 0 0 +0 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: g.symcd.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=592223, public, no-transform, must-revalidate
Last-Modified: Tue, 3 Jan 2017 06:51:03 GMT
Expires: Tue, 10 Jan 2017 06:51:03 GMT
Date: Tue, 03 Jan 2017 10:21:40 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
Number of TCP packets: 85
Number of HTTP headers :17
Number of Request Packets :6
Number of Response Packets :11
Moved :2
OK :6
Forbidden :0
host name is
request count is 0
host name is Host: ocsp.digicert.com
request count is 2
host name is Host: start.fedoraproject.org
request count is 1
host name is Host: piwik.fedorainfracloud.org
request count is 1
host name is Host: www.google.com
request count is 1
host name is Host: www.google.co.in
request count is 2
host name is Host: clients1.google.com
request count is 1
host name is Host: g.symcd.com
request count is 1
[root@A06 crafter-0.2]#
[root@06 crafter-0.2]# ./a.out
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://ocsp.digicert.com/ HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive
0q0o0M0K0I0 + �&� ��~�B� /j �
0 Qh��� u<��edb� �Yr; ӷ �d�:'�� ��G�� 0 0 + 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: ocsp.digicert.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=506358
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:32 GMT
ETag: "586b34ab-1d7"
Expires: Mon, 09 Jan 2017 22:21:32 GMT
Last-Modified: Tue, 03 Jan 2017 05:20:43 GMT
Server: ECS (maa/AE9B)
X-Cache: HIT
Content-Length: 471
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://ocsp.digicert.com/ HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive
0q0o0M0K0I0 + ߪ �(� A���B��G@B�X� �>�i ��G Ԙ& �cd+� ����\��m�+B�]0�� 0 0 + 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=503978
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:32 GMT
ETag: "586b3534-1d7"
Expires: Mon, 09 Jan 2017 22:21:32 GMT
Last-Modified: Tue, 03 Jan 2017 05:23:00 GMT
Server: ECS (maa/AE9C)
X-Cache: HIT
Content-Length: 471
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[+] ---PACKET--- [+]
CONNECT start.fedoraproject.org:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: start.fedoraproject.org
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
--> Host: start.fedoraproject.org
[#] TCP packet from source port: 60275
[+] ---PACKET--- [+]
CONNECT piwik.fedorainfracloud.org:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: piwik.fedorainfracloud.org
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
--> Host: piwik.fedorainfracloud.org
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 Connection established
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60270
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60276
[+] ---PACKET--- [+]
GET http://www.google.com/ HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NID=94=fHprfB0JZPoVHBUrUVNhvIqg5ZWOXBKDO6wCrLoyyC7gzXub98cm6YQg-FfHNC9j6biMixluZucJIcYlx02AGC-msLXj7Kzlzu_Q65rtjeDdxuz0frFQc1Uj9d5fOw_DsUsO7ECJqsgfvs5p
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: www.google.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA
Content-Length: 261
Date: Tue, 03 Jan 2017 10:21:39 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60276
[+] ---PACKET--- [+]
GET http://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA HTTP/1.1
Host: www.google.co.in
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: NID=94=EQCI91_cgorVVlAFLWvJmLQknPUD-Av1uGFz7aWB1YkweH2Qp5nBe8-TUZI_tJi1QgoeoGd7XTb3PSq_ffd0hTMk6hh913BoaLZiEoMLqc7OinozTPAdsLO5MrzSRraZP3bpImCoB9YNfnKNeAXIKik; OGPC=135465984-7:
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: www.google.co.in
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 302 Moved Temporarily
Location: https://www.google.co.in/?gfe_rd=cr&ei=M3trWMmQCOLs8AeuqoyYBA&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 03 Jan 2017 10:21:39 GMT
Server: gws
Content-Length: 277
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[+] ---PACKET--- [+]
CONNECT www.google.co.in:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google.co.in
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 Connection established
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://clients1.google.com/ocsp HTTP/1.1
Host: clients1.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 107
Content-Type: application/ocsp-request
Connection: keep-alive
0i0g0E0C0A0 + ��j��� �p�I #z�� (~d J� ��h�v����b �Z�/+j8���� 0 0 +0 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: clients1.google.com
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2017 10:21:40 GMT
Expires: Sat, 07 Jan 2017 10:21:40 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60271
[+] ---PACKET--- [+]
POST http://g.symcd.com/ HTTP/1.1
Host: g.symcd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 102
Content-Type: application/ocsp-request
Connection: keep-alive
0d0b0@0>0<0 + ��9 � ��yP �`�Ԣ<��� �*�A���¸>U��� � :�� 0 0 +0 0
+ 0
[#] With Properties:
HTTP PACKET FOUND!!!
REQUEST PACKET FOUND!!!
--> Host: g.symcd.com
[#] TCP packet from source port: 3128
[+] ---PACKET--- [+]
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=592223, public, no-transform, must-revalidate
Last-Modified: Tue, 3 Jan 2017 06:51:03 GMT
Expires: Tue, 10 Jan 2017 06:51:03 GMT
Date: Tue, 03 Jan 2017 10:21:40 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive
[#] With Properties:
HTTP PACKET FOUND!!!
RESPONSE PACKET FOUND!!!
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 60277
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
[#] TCP packet from source port: 3128
Number of TCP packets: 85
Number of HTTP headers :17
Number of Request Packets :6
Number of Response Packets :11
Moved :2
OK :6
Forbidden :0
host name is
request count is 0
host name is Host: ocsp.digicert.com
request count is 2
host name is Host: start.fedoraproject.org
request count is 1
host name is Host: piwik.fedorainfracloud.org
request count is 1
host name is Host: www.google.com
request count is 1
host name is Host: www.google.co.in
request count is 2
host name is Host: clients1.google.com
request count is 1
host name is Host: g.symcd.com
request count is 1
[root@A06 crafter-0.2]#
No comments:
Post a Comment