ruby TCP抓包工具[转]
抓包工具包括ruby版本和perl版本。
ruby版的抓包工具
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | require 'rubygems' ip = "your ip" cmd = "/usr/sbin/tcpdump -lnA -s 0" # dst host #{ip} or src host #{ip} f = IO.popen(cmd) do |f| while true packet = f.read(1024*100) cap = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/.match(packet) if cap client,host = cap[1],cap[2] #put 请求方法 ,这个可以根据你抓包的类型,进行自定义过滤 reg = /(\?xml|HTTP|XMLHttpRequest|XMLRequest|XMLSchema|XMLSchema-insta0x|XML|GET|POST|WWW-Authenticate|Authorization).+/i method = reg.match(packet) if method puts "source:#{client} > dest:#{host}" puts "method is #{method[1]}" puts "data >>>" puts method end#end if method end end end |
perl版的抓包工具
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | #!/usr/bin/perl $LIMIT = shift || 50000000; $|=1; open (STDIN,"/usr/sbin/tcpdump -lnx -s 0 |"); #dst host ip or src host ip while (<>) { if (/^\S/) { last unless $LIMIT--; while ($packet=~/(HTTP|XMLHttpRequest|XMLRequest|XMLSchema|XMLSchema-insta0x|XML|GET|POST|WWW-Authenticate|Authorization).+\ /g) { print "$client -> $host\t$&\n"; } undef $client; undef $host; undef $packet; ($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/ if /P \d+:\d+\((\d+)\)/ && $1 > 0; } next unless $client && $host; s/\s+//; s/0x[0-9a-f\s]+://; s/0x:[\s]+//; s/\s+//; s/([0-9a-f]{2})\s?/chr(hex($1))/eg; tr/\x1F-\x7E\r\n//cd; $packet .= $_; } |
原文地址:http://www.javaeye.com/topic/565859
Monitor Your Web Site 24/7 - Receive email and SMS alerts anytime your web site goes down.
