cap icon indicating copy to clipboard operation
cap copied to clipboard
verified publisher icon mscdex

How to decode ipv4, tcp, html response?

Open JaLe29 opened this issue 7 years ago • 2 comments

I am trying sniff web communication over my web, all works good, but I am not able read buffer: console.log(buffer.toString('binary', ret.offset, ret.offset + datalen));

And response in console is:

F¨còNb)‡&¶¸ÞôI¢[ïØó×Ï7ûP•æ&ã E%-Bémz–^¬v˜L»aeKþôëåêÙxÍçEí]?=VùÜNIt2y²Á¤ÛCÕ"ƒÐ í£KÊo;ãÛ(ÿò<Ÿ|0qè Ü?ŽÜø0V…wüGõ„§Îq'2Ü(ƒ=i,ãE#&°EÔQÍ&Ӌ%w­’¤sMÀZÉúI²32"bª†õ‘Å-olU^ǜ‚¶Þœ}C½(Xw v:ÙǬt×wIõèŒ÷¨•×~RåðÏ~¼i#ƒWŠtJ—b'ÛÕ^ëå

Whats is wrong with response?

JaLe29 avatar Feb 27 '18 19:02 JaLe29

There is an example in the readme that shows how to decode some of the low level protocols. Is this what you're using?

Is it possible that that packet is not the first one? The binary data you're seeing could be part of a binary HTTP response body.

mscdex avatar Feb 27 '18 20:02 mscdex

Yes, I am using code from example (readme).

Packet is first, response is html plaintext. Full example:

const TARGET = '81.2.240.145'

var Cap = require('cap').Cap;
var decoders = require('cap').decoders;
var PROTOCOL = decoders.PROTOCOL;

var c = new Cap();

var device = Cap.findDevice('192.168.1.5');
console.dir(device)

var filter = 'tcp';
var bufSize = 10 * 1024 * 1024;
var buffer = Buffer.alloc(2147483647);

var linkType = c.open(device, filter, bufSize, buffer);

c.setMinBytes && c.setMinBytes(0);

c.on('packet', function (nbytes, trunc) {

	if (linkType === 'ETHERNET') {
		var ret = decoders.Ethernet(buffer);

		if (ret.info.type === PROTOCOL.ETHERNET.IPV4) {

			ret = decoders.IPV4(buffer, ret.offset);

			if (TARGET === ret.info.dstaddr || TARGET === ret.info.srcaddr) {
				// if ( ret.info.dstaddr === ret.info.srcaddr) {
				console.log('from: ' + ret.info.srcaddr + ' to ' + ret.info.dstaddr);

				if (ret.info.protocol === PROTOCOL.IP.TCP) {
					var datalen = ret.info.totallen - ret.hdrlen;

					console.log('Decoding TCP ...');

					ret = decoders.TCP(buffer, ret.offset);
					console.log(' from port: ' + ret.info.srcport + ' to port: ' + ret.info.dstport);
					datalen -= ret.hdrlen;
					console.log(buffer.toString('binary', ret.offset, ret.offset + datalen));
				}
			}
		} else
			console.log('Unsupported Ethertype: ' + PROTOCOL.ETHERNET[ret.info.type]);
	}
});

Then send get to http://81.2.240.145, for example from postman.

JaLe29 avatar Feb 27 '18 20:02 JaLe29