[Perl]获取从web页面上传的文件名称及POST操作
时间:2005-09-12 来源:huhuegg
1.获取所有web页面的POST
2.获取从web页面上传的文件名称。
#!/usr/bin/perl
# use strict;
use Net::PcapUtils;
use Time::Format;
$time{$format};
$time{$format, $unixtime};
sub process_pkt {
my($arg, $hdr, $pkt) = @_;
my($packages)=unpack('H*', $pkt);
### START PACKAGE INFO ###
my(%PACKTYPE)=('0800'=>'IP', '0806'=>'ARP', '8035'=>'RARP');
my($source_mac)=substr($packages,0,12);
my($dest_mac)=substr($packages,12,12);
my($type)=substr($packages,24,4);
$type=$PACKTYPE{$type};
### START IP HEAD ###
if ($type eq IP) {
## get ip head info ##
my($ipversion)=substr($packages,28,1);
my($ipheadlength)=substr($packages,29,1);
my($typeofservice)=substr($packages,30,2);
my($totlength)=hex(substr($packages,32,4));
my($id)=hex(substr($packages,36,4));
my($fragment_offset)=hex(substr($packages,40,4));
my($time_to_live)=hex(substr($packages,44,2));
my($protocol)=substr($packages,46,2);
my($ipchecksum)=hex(substr($packages,48,4));
my($sourceipA)=hex(substr($packages,52,2));
my($sourceipB)=hex(substr($packages,54,2));
my($sourceipC)=hex(substr($packages,56,2));
my($sourceipD)=hex(substr($packages,58,2));
my($sourceip)=$sourceipA . "." . $sourceipB . "." . $sourceipC . "." . $sourceipD;
my($destipA)=hex(substr($packages,60,2));
my($destipB)=hex(substr($packages,62,2));
my($destipC)=hex(substr($packages,64,2));
my($destipD)=hex(substr($packages,66,2));
my($destip)=$destipA . "." . $destipB . "." . $destipC . "." . $destipD;
my(%TCPORUDP)=('06'=>'TCP', '17'=>'UDP');
$protocol=$TCPORUDP{$protocol};
### END IP HEAD ###
### START TCP HEAD ###
if ($protocol eq TCP) {
my($sourceport)=hex(substr($packages,68,4));
my($destport)=hex(substr($packages,72,4));
my($sequence)=hex(substr($packages,76,8));
my($acknowledgement)=hex(substr($packages,84,8));
my($tcphederlength)=hex(substr($packages,92,2));
### get all flag ###
my($flags)=hex(substr($packages,94,2));
my(%flags)=('1'=>'FIN', '2'=>'SYN', '3'=>'RST', '4'=>'PSH', '5'=>'ACT', '6'=>'URG');
my(%flag)=('FIN'=>'fin', 'SYN'=>'syn', 'RST'=>'rst', 'PSH'=>'psh', 'ACT'=>'act', 'URG'=>'urg');
$number=1;
while ($flags>0) {
$mo=$flags % 2;
$flags=($flags-$mo)/2;
$flag{$flags{$number}}=$mo;
$number=$number+1;
}
$mo=$flags % 2;
$flag{$flags{$number}}=$mo;
### end get flag ###
my($window)=hex(substr($packages,96,4));
my($tcpchecksum)=hex(substr($packages,100,4));
my($urgent_pointer)=hex(substr($packages,104,4));
### END TCP HEAD ###
### START DATA ###
my($data)=substr($packages,108);
### END DATA ###
### START CHANGE DATA TO ASCII ##
### END CHANGE DATA TO ASCII ##
### START CHECK DATA HEAD ###
my($DATAdata)=$data;
my($num) = length($DATAdata);
my($datatoascii)="";
my($datalocal)=0;
while ($datalocal <= $num) {
$tempascii=chr(hex(substr($DATAdata,$datalocal,2)));
$datatoascii=$datatoascii . $tempascii;
$datalocal=$datalocal+2;
}
my($CMD)=substr($datatoascii,0,4);
if (($sourceport == 80) or ($destport == 80)) {
print("$CMD ");
if($CMD eq POST) {
$_=$datatoascii;
print("#POST START### ");
print("$time{'yyyy/mm/dd'} $time{'hh:mm:ss'} $sourceip:$sourceport -> $destip:$destport ");
print("$datatoascii ");
print("#POST STOP### ");
$_=$datatoascii;
$searchfilename="filename=";
if(m/filename="/) {
$filenamestr0 = index($_, $searchfilename);
$cutfilename=substr($_,$filenamestr0);
@filename=split(/"/, $cutfilename);
print("#UPLOAD START### ");
print("$time{'yyyy/mm/dd'} $time{'hh:mm:ss'} $sourceip:$sourceport > $destip:$destport "); print("LocalFile: $filename[1] ");
print("#UPLOAD STOP### ");
}
}
}
}
}
Net::PcapUtils::loop(&process_pkt, SNAPLEN => 999999999);
#close(FHTEMP);
相关阅读 更多 +
排行榜 更多 +
