Local tcp_dissector_table = DissectorTable.get("tcp.port") Treeitem:add(http_wrapper_len, hdr_len):set_generated() Local hdr_len = string.find(hdr_str, "\r\n\r\n") or string.find(hdr_str, "\n\n\n\n") the field to the tree (allowing us to filter for it) which indicates the length of the HTTP header, and then add ![]() find the position of the header terminator (two new lines), if the request method or response code is present, Original_http_dissector:call(tvbuffer, pinfo, treeitem) Let's wrap the call in a pcall in order to catch but we still want the original to run, especially because we need We've replaced the original http dissector in the dissector table, Local f_resp_code = Field.new("")įunction http_wrapper_proto.dissector(tvbuffer, pinfo, treeitem) so we can check for them later in the dissector. request method or HTTP response code, so declare those here HTTP frames that contain a header usually include the HTTP Http_wrapper_len = ProtoField.uint32("http.hdr_len", "Header length (bytes)") Local http_wrapper_proto = Proto("http_extra", "Extra analysis of the HTTP protocol") ![]() This can be achieved simply with a Lua dissector that adds an HTTP header field to the packet tree, allowing you to filter for it, as shown in this screenshot:Ĭopy this Lua script into your plugins directory (e.g., $/plugins/1.4.6/http_a), and restart Wireshark (if already running).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |