.scripts/tshark.sh

   1 #!/usr/bin/env bash
   2
   3 # http.request.method=="POST"
   4
   5 interface=
   6 add_to_group(){
   7         usermod -a -G wireshark $USER
   8 }
   9
  10 select_int(){
  11         up_interfaces=$(ifconfig | grep "UP,BROADCAST" |\
  12                 sed 's/://' | awk '{print $1}')
  13         interface=$(echo "$up_interfaces" | dmenu -l 10 )
  14 }
  15
  16 find_pass(){
  17         select_int
  18         tshark -i $interface -Y 'http.request.method == POST and tcp contains "password"' | grep password
  19 }
  20
  21 caputre_all(){
  22         select_int
  23 #       tshark -i $interface -w capture-output.pcap
  24         tshark -i $interface -w capture-output.pcap
  25 }
  26
  27 read(){
  28         tshark -r $1
  29 #       tshark -r $1 -V -x > result.log
  30 #       tshark -r $1 -Y "http"
  31 #       tshark -r $1 -Y http.request -T fields -e http.host -e http.user_agent | sort | uniq -c | sort -n
  32 #       tshark -r $1 -Y http.request -T fields -e http.host -e ip.dst -e http.request.full_uri
  33 #       tshark -r $1 -T fields -e http.host -e ip.dst -e http.request.full_uri
  34 }
  35
  36 read_ssl(){
  37         tshark -r $1 -q -o "ssl.keys_list:127.0.0.1,4443,http,server.pem" -z "follow,ssl,ascii,1"
  38 }
  39
  40 dns(){
  41         select_int
  42 #       tshark -i $interface -f "src port 53" -n -T fields -e dns.qry.name -e dns.resp.addr
  43 #       tshark -i wlan0 -f "src port 53" -n -T fields -e frame.time -e ip.src -e ip.dst -e dns.qry.name -e dns.resp.addr
  44         tshark -i $interface -f "src port 53" -n -T fields -e dns.qry.name
  45 }
  46
  47 agents(){
  48         select_int
  49         tshark -i $interface -Y http.request -T fields -e http.host -e http.user_agent
  50 }
  51
  52 case $1 in
  53         pass) find_pass ;;
  54         all) caputre_all ;;
  55         agents) agents ;;
  56         read) read $2 ;;
  57         ssl) read_ssl $2 ;;
  58         dns) dns ;;
  59 esac