Module: HTTPcap

Defined in:

lib/httpcap.rb,
lib/httpcap/headers.rb,
lib/httpcap/message.rb,
lib/httpcap/request.rb,
lib/httpcap/version.rb,
lib/httpcap/response.rb,
lib/httpcap/http_flow.rb

Overview

HTTPcap - parse pcap, then return http request and response

Defined Under Namespace

Classes: Error, HTTPFlow, Headers, Message, Request, Response

Constant Summary

VERSION =

'0.1.0'

Class Method Summary

• .http_flows(filepath) ⇒ Array<HTTPcap::HTTPConnection>

  get HTTP request and response from pcap file.

• .send_recv_combined_tcp_data(filepath) ⇒ Object

Class Method Details

.http_flows(filepath) ⇒ Array<HTTPcap::HTTPConnection>

get HTTP request and response from pcap file

Parameters:

• filepath (String) —

  pcapfile path

Returns:

• (Array<HTTPcap::HTTPConnection>) —

  http connections

# File 'lib/httpcap.rb', line 27

def self.http_flows(filepath)
  Enumerator.new do |y|
    send_recv_combined_tcp_data(filepath) do |tcp_send, tcp_recv|
      recv, send = [tcp_send, tcp_recv].sort_by { |tcp| tcp[1] }
      next unless send[1] == :send && recv[1] == :recv

      request = Request.new(send[2])
      response = Response.new(recv[2])

      y << HTTPFlow.new(request, response)
    end
  end
end

.send_recv_combined_tcp_data(filepath) ⇒ Object

# File 'lib/httpcap.rb', line 14

def self.send_recv_combined_tcp_data(filepath)
  Enumerator.new do |y|
    ReassembleTcp.tcp_connections(filepath).map do |stream|
      stream.tcpdata.each_slice(2) do |tcp_send, tcp_recv|
        y << [tcp_send, tcp_recv]
      end
    end
  end
end