# Copyright (c) 2012-2013, Geir Skjotskift, geir@underworld.no # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # * Neither the name of the nor the # names of its contributors may be used to endorse or promote products # derived from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Reads data from a network interface or a pcap file and output a squid log like output.
Scapy. Look for it in your packet repository or use pip/easyinstall... most likely named python-scapy, pyscapy or scapy.
Usage: network2httplog.py [options] Options: -h, --help show this help message and exit -o FILE, --output=FILE write output to FILE -r INPUT, --read=INPUT Read from pcap FILE -i INTERFACE, --interface=INTERFACE Listen interface -f LIST, --filter=LIST LIST of ports to listen on. Default: 80,3128,8080 -F, --forceflush Force output flush after each log entry.
[geir@elm src]$ ./network2httplog.py -r ../tmp/smokeloader/output/dump.pcap #Client [timestamp] "Referer" Host "Method URI" Type "UserAgent" 178.x.x.x [2013-07-10T18:33:52.154450] "-" 62.76.178.178:80 "POST /fexco/com/index.php" HTTP/1.1 "-" 178.x.x.x [2013-07-10T18:33:52.642477] "-" 62.76.178.178:80 "POST /fexco/com/index.php" HTTP/1.1 "-" [geir@elm src]$