Wireshark · Wireshark-dev: Re: [Wireshark-dev] Lua script: get to HTTP GET / POST body [sort-of-SOLVED]

Wireshark-dev: Re: [Wireshark-dev] Lua script: get to HTTP GET / POST body [sort-of-SOLVED]

Date: Thu, 25 Feb 2010 15:07:26 +0100

varname wrote:

I hope this hasn't been answered somewhere before (I did my best
searching the various sources of information (wiki, mailinglists, user
guide)), but I'm trying to get to the body of a HTTP GET and / or POST
inside a Lua script for wireshark.


to answer my own question:

to get to the body of a HTTP response from a Lua script, you can do thefollowing (in fi a tap for HTTP packets):


____________________________________________________________

-- this is for text-based bodies (text/html, etc)
http_data_text_f = Field.new("data-text-lines")

-- for media-based bodies (media/*)
http_media_f = Field.new("media")

...

http_body  = http_data_text_f()
http_media = http_media_f()

...

[do whatever you want]
____________________________________________________________

I found the field names looking through the epan/dissectors/* files (the'filters' parameter to the 'proto_register_protocol' function in the'proto_register_*' functions?). Others probably also work (likeimage/gif, image/jpeg, etc).

Data is returned as userdata; I haven't figured out yet how to do anyfurther processing on it in Lua.

Lengths of bodies and media fields seem to work out with what regularwireshark reports, YMMV.


regards

Follow-Ups:
- Re: [Wireshark-dev] Lua script: get to HTTP GET / POST body [sort-of-SOLVED]
  - From: Stig Bjørlykke

References:
- [Wireshark-dev] Lua script: get to HTTP GET / POST body
  - From: varname

Prev by Date: [Wireshark-dev] Wireshark and Google Summer of Code 2010
Next by Date: Re: [Wireshark-dev] Lua script: get to HTTP GET / POST body [sort-of-SOLVED]
Previous by thread: [Wireshark-dev] Lua script: get to HTTP GET / POST body
Next by thread: Re: [Wireshark-dev] Lua script: get to HTTP GET / POST body [sort-of-SOLVED]
Index(es):
- Date
- Thread