url-sniff 1.0 review

Download
by rbytes.net on

url-sniff script provides the ability to sniff HTML 1.1 GET request that goes throught our server. Requirements: · Perl 5.x (late

License: GPL (GNU General Public License)
File size: 0K
Developer: Pawel Pawilcz
0 stars award from rbytes.net

url-sniff script provides the ability to sniff HTML 1.1 GET request that goes throught our server.

Requirements:
Perl 5.x (latest stable for your distro because of security reasons)
ngrep

Installation:

Download script: url-sniff
Download example configuration: url-sniff.conf
Copy url-sniff to some location that is in your PATH variable, for example /usr/sbin.
chmod +x /path_to_script/url-sniff
Modify accordingly to your needs url-sniff.conf and place somewhere, for example in /etc.

Usage:

Configuration file may contain as follows:

$iface = "eth0";

Tells on what interface to sniff. If not set, first interface will be used.

$promisc = "1";

Tells to enable or disable promiscuous mode on interface. Default promiscuous mode is disabled "0".

$lookup = "1";

Tells to enable or disable dns lookups for source IPs.

$ports = "80,8080,3128";

Tells to what destination ports can be send GET request that should be captured. Default: only GETs to port 80 will be captured.

$srchost = "";

Regular expression that matches only requests with appropriate source IPs (specified here in regexp).

For example : "192.168.2.1[67]d$", "192.168.2.16$", "10.1.|192.168.1." etc.
If not set, request from all clients will be shown, if not discarded by other filters.

$dsthost = "";

Regular expression that matches only requests where Host: header contains appropriate strings (specified here in regexp).

For example : "google|yahoo", ".com$", "^yahoo.com$" etc.
If not set, all request will be shown, if not discarded by other filters.

$query = "";

Regular expression that matches only requests where path and query part of URL contains appropriate strings (specified here in regexp).

For example : "yaguar|puma", "home", "little|big" etc.

If not set, all request will be shown, if not discarded by other filters.

$excl = "";

Regular expression that discards requests for files which extensions matches given regexp.

For example : ".jpg|.css|.jpeg|.gif|.js|.ico|.bmp|.png" etc.

If not set, all request will be shown, if not discarded by other filters.

$ads = "";

Regular expression that discards requests where path and query part of URL matches given regexp.

For example : "ads|advert|ad.js|dot.gif|banner" etc.

If not set, all request will be shown, if not discarded by other filters.

$ifcolors="1";

Enables colored output "1". Default is "0", colored output is disabled. If we want to redirect output to file, then to clear output from color codes, colors should be disabled.

%color_set = (
'Settings' => 'BLU', # color of used Settings; default BLU
'Src' => 'GRE', # source IP/hostname color; default GRE
'Dst' => 'YEL', # destination IP/hostname color; default YEL
'Query' => 'BBLU', # query color; default BBLU
'Neutral' => 'BPIN', # delimiters, settings names color; default BPIN
);

Codes for colors that can be used:

'RST' - reset (white), 'RED' - red, 'GRE' - green, 'YEL' - yellow, 'BLU' - blue, 'PIN' - pink,
'LBL' - light blue, 'BRED' - bold red, 'BGRE' - bold green, 'BYEL' - bold yellow,
'BBLU' - bold blue, 'BPIN' - bold pink, 'BLBL' - bold light blue

BRACKETS, SEMICOLONS, QUOTES ARE NECESSARY AND SHOULDN'T BE OMITTED.

If default values are good enough for some parameters, then simple don't put them in configuration file.

Now we can do appropriate configuration files for every need and use them with url-sniff specifing in command line.

url-sniff 1.0 search tags