HttpSniffer 是一个用PERL写的用来捕获HTTP消息的东东。今天为了弄HTTP COOKIE的事,又拿出来用了一下,总结下常用的命令:
1.启动:
E:\HttpSniffer>HttpSniffer.pl -p 8080 -r www.google.com
-p:本地端口
-r:远程主机
2.使用HttpSniffer
在IE中输入http://localhost:8080/
3.在httpsniffer窗口就可以看见SNIFF到的消息
HttpSniffer waiting for clients on port 8080...
--> C04 --> S05 ==== (3.568) Request <GET / HTTP/1.1>
--> C04 --> S05 GET / HTTP/1.1
--> C04 --> S05 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-pow
erpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
--> C04 --> S05 Accept-Language: zh-cn
--> C04 --> S05 Accept-Encoding: gzip, deflate
--> C04 --> S05 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
--> C04 --> S05 Host: localhost:8080
--> C04 --> S05 Connection: Keep-Alive
--> C04 --> S05 ==== Body 0 bytes
<-- C04 <-- S05 ==== (3.946) Response 200 to <GET / HTTP/1.1>
<-- C04 <-- S05 HTTP/1.1 200 OK
<-- C04 <-- S05 Cache-Control: private
<-- C04 <-- S05 Content-Type: text/html
<-- C04 <-- S05 Set-Cookie: PREF=ID=2248df2531c15b60:NW=1:TM=1104414621:LM=1104414621:S=Dch_FXvbc_C
0oOmF; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
<-- C04 <-- S05 Content-Encoding: gzip
<-- C04 <-- S05 Server: GWS/2.1
<-- C04 <-- S05 Content-Length: 1750
<-- C04 <-- S05 Date: Thu, 30 Dec 2004 13:50:21 GMT
<-- C04 <-- S05 ==== Body 1750 bytes
......
4.有时为了显示HTTP BODY的内容,用下面这个命令
E:\HttpSniffer>HttpSniffer.pl -p 8080 -r www.google.com -body=all
<-- C04 <-- S05 ==== (5.087) Response 200 to <GET /webhp?hl=zh-CN&tab=gw&q= HTTP/1.1>
<-- C04 <-- S05 HTTP/1.1 200 OK
<-- C04 <-- S05 Cache-Control: private
<-- C04 <-- S05 Content-Type: text/html
<-- C04 <-- S05 Set-Cookie: PREF=ID=85b8bba61eb66751:NW=1:TM=1104414971:LM=1104414971:S=hfVxyX2mcerD42vn; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
<-- C04 <-- S05 Content-Encoding: gzip
<-- C04 <-- S05 Server: GWS/2.1
<-- C04 <-- S05 Content-Length: 1749
<-- C04 <-- S05 Date: Thu, 30 Dec 2004 13:56:12 GMT
<-- C04 <-- S05 ==== Body 1749 bytes
<-- C04 <-- S05 Body => ...........W[o...~...x.RdMr)ZT...<.n."..6..n...,w...rw(JQ...rq.#..R..P.ub ....q.(.1...S.B...."..J...=...w.l.W..l....F.*.|.......c.)......j.t.X.n*[o.#..0...t...U..PLq.|E.6........?.J..-.n..[...X..=.,y...............y..'3...K.P..l...m"....*."...v..<........,P.G..z.(&...|a...../.^.[.`....0.".J.."QE...6.......4*l.....z./..QH.......;.s..s.F..4OT...#...W_...%..~H=}.2.....7...7~..{...v.>w.._.......G.wQ.o..m....Z.$<..........RA..+N.8.aV...^m!lV...J.....c.l.p...].....y.]...SIVQ..Y.d.......w5j[8!k..m.EK*%;............r.y..\.;K.U.S....*[email protected]...[[email protected] ;q..M8."......d..[3.$.f...........L.......X...%,q..ZZ.6.E.O..n.........`..R...I..t.U....p....(......v3..4....{.*..3..~.-.>...\.... .....pVv.)..`...Q.:...S|...h...SZ...n.....c.N9.%@K.9.LH...Mxm....{'....i..z....^E.Gt...c.......Ks...&..!.L.iyT?B.C....Y..u...w.......~wWg('ZQP..n`.\g....E......./..y./.}-..9}f...rF.8V..$J.,*..f|......6>FWuF..G3..........w..#N.*M...K.....5.i..$0'F.N...I..R.J-}..O.*Xc6.......0...}.......|..,......g4.,..........{....#5.....>.2.....j....3.>..dG..AO!=88>s]*Lg.9JHj|..:x.U*....).Z.l.......q.^..Tv.........7..m)...;...4xrs.....w.;........O3.PZ.D.....Pw...QF....e..[c.N.vl.B..4..G.......7...>......c......................?$.3U..bRW.p....tS2..J...0..e........H...:8nQ....[.&...-..................;...S:.1g(3.....X.$<.\0..\.....g.....N..!.lp...c............e..C..m...r;.A......vb/..<.=..s...g...9.q.d...#{...W.....u.)...\,..A...5.#b...X..9.=.}0....}..i.Au...............I...4.qk.........v....c.}.c....?...f..../..>.?.R.F%4W.%{*.938.......m..CA.t.^"&.9..,...hz....t..Z.....N`../...=..|...P.`eG..!...!I.-...... ..~.XLM..r..H..VV+.b.f.......y....t..;.-..._.......rf..8...:<..oD.2..O>B.".i....onC.'...Va..,...l..mrD.[.j........Z-Vj.Y^....P.._3r...(;kM.~...$.....M.....
可见BODY为乱码,这是因为 Content-Encoding为gzip,即是经过压缩的
本文地址:http://com.8s8s.com/it/it30957.htm