index

Download Back

# Copyright (c) 2012-2013, Geir Skjotskift, geir@underworld.no
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#     * Redistributions of source code must retain the above copyright
#       notice, this list of conditions and the following disclaimer.
#     * Redistributions in binary form must reproduce the above copyright
#       notice, this list of conditions and the following disclaimer in the
#       documentation and/or other materials provided with the distribution.
#     * Neither the name of the  nor the
#       names of its contributors may be used to endorse or promote products
#       derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL  BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

About

Reads data from a network interface or a pcap file and output a squid log like output.

Dependency

Scapy. Look for it in your packet repository or use pip/easyinstall... most likely named python-scapy, pyscapy or scapy.

Man

Usage: network2httplog.py [options]

Options:
  -h, --help            show this help message and exit
  -o FILE, --output=FILE
                        write output to FILE
  -r INPUT, --read=INPUT
                        Read from pcap FILE
  -i INTERFACE, --interface=INTERFACE
                        Listen interface
  -f LIST, --filter=LIST
                        LIST of ports to listen on. Default: 80,3128,8080
  -F, --forceflush      Force output flush after each log entry.

Example:

[geir@elm src]$ ./network2httplog.py -r ../tmp/smokeloader/output/dump.pcap
#Client [timestamp] "Referer" Host "Method URI" Type "UserAgent"
178.x.x.x [2013-07-10T18:33:52.154450] "-" 62.76.178.178:80 "POST /fexco/com/index.php" HTTP/1.1 "-"
178.x.x.x [2013-07-10T18:33:52.642477] "-" 62.76.178.178:80 "POST /fexco/com/index.php" HTTP/1.1 "-"
[geir@elm src]$