Written by
Martin
on
on
Capture http requests using tshark
While playing attack/defense CTFs I often want to see what kind of requests other teams are sending to our services. tshark, the cli version of wireshark, can be used the achieve this. This command prints the URL, parameters and body of incoming http requests on port 4000:
tshark -i eth0 -Y 'http.request and tcp.dstport == 4000 and http.request.full_uri' -T fields -e http.request.full_uri -e http.file_data
The output looks like this:
http://localhost:4000/styles.css
http://localhost:4000/assets/fonts/fonts.css
http://localhost:4000/
http://localhost:4000/ some=data
The filters and field names are the ones used by wireshark and are documented here.