NAME
HTTP::Sessioniser - Rebuild HTTP sessions from pcap streams
SYNOPSIS
use HTTP::Sessioniser;
# This will be called once per HTTP request/response pair
sub my_callback {
my ($request, $response, $info) = @_;
# $request is HTTP::Request
# $response is HTTP::Response
}
my $s = HTTP::Sessioniser->new();
$s->parse_file('/path/to/file.pcap', \&my_callback);DESCRIPTION
This module extracts HTTP sessions from pcap files with the help of Net::LibNIDS.
It will piece HTTP data back together and return a pair of HTTP::Request and HTTP::Response which correspond to one HTTP 'session'.
HTTP CONNECT sessions are dealt with specially: the first request/response pair will be returned as normal, subsequent requests will be skipped (as they do not contain HTTP requests or responses, only SSL data).
EXPORT
None by default.
Methods
new
my $s = HTTP::Sessioniser->new();Creates a new object.
parse_file
$s->parse_file('/path/to/file.pcap', \&callback);Parses a pcap file using libnids, rebuilding pairs of HTTP::Request and HTTP::Response. These will be passed to the callback function along with a hash of information about the current connection.
ports
$s->ports( [ 80, 443, 8080, 3128 ] );
my @p = $s->ports;Set or return and array of ports we expect to see HTTP transmission on. The default set of ports is 80, 443, 8080 and 3128.
If you are looking for HTTP on other ports (e.g. proxying or application servers) then use this to set the filter appropriately.
add_port
$s->add_port(8000);Add one port to the filter list.
BUGS
This module does not support HTTP pipelining. It could be added if I find data which requires it.
SEE ALSO
HTTP::Parser - used to parse data into HTTP::Request or HTTP::Response objects
AUTHOR
David Cannings <david@edeca.net>
COPYRIGHT AND LICENSE
Copyright (C) 2010 by David Cannings