mscdex/cap

How to decode ipv4, tcp, html response?

JaLe29 opened this issue · 2 comments

JaLe29 commented

I am trying sniff web communication over my web, all works good, but I am not able read buffer: console.log(buffer.toString('binary', ret.offset, ret.offset + datalen));

And response in console is:

F�¨còNb)�&¶¸Þô�I�¢��[ï���Øó×Ï7ûP��æ&ã E%-Bémz�^¬v�L»aeKþôëåêÙxÍç�Eí]?=Vù��ÜNIt2y²�Á¤ÛCÕ"�Ð í�£KÊo;ãÛ(ÿò<�|0q���è Ü?��Üø0V�wüGõ�§Î�q'2Ü(�=i,�ãE�#&°EÔQÍ&Ó��%w��­�¤sMÀZÉ�úI²32"bª�õ�Å�-olU^Ç��¶Þ�}C½(Xw� v:ÙǬt�×wIõè��÷¨�×R�åðÏ�¼i#�W��tJ�b'ÛÕ�^ëå

Whats is wrong with response?

mscdex commented

There is an example in the readme that shows how to decode some of the low level protocols. Is this what you're using?

Is it possible that that packet is not the first one? The binary data you're seeing could be part of a binary HTTP response body.

JaLe29 commented

Yes, I am using code from example (readme).

Packet is first, response is html plaintext. Full example:

const TARGET = '81.2.240.145'

var Cap = require('cap').Cap;
var decoders = require('cap').decoders;
var PROTOCOL = decoders.PROTOCOL;

var c = new Cap();

var device = Cap.findDevice('192.168.1.5');
console.dir(device)

var filter = 'tcp';
var bufSize = 10 * 1024 * 1024;
var buffer = Buffer.alloc(2147483647);

var linkType = c.open(device, filter, bufSize, buffer);

c.setMinBytes && c.setMinBytes(0);

c.on('packet', function (nbytes, trunc) {

	if (linkType === 'ETHERNET') {
		var ret = decoders.Ethernet(buffer);

		if (ret.info.type === PROTOCOL.ETHERNET.IPV4) {

			ret = decoders.IPV4(buffer, ret.offset);

			if (TARGET === ret.info.dstaddr || TARGET === ret.info.srcaddr) {
				// if ( ret.info.dstaddr === ret.info.srcaddr) {
				console.log('from: ' + ret.info.srcaddr + ' to ' + ret.info.dstaddr);

				if (ret.info.protocol === PROTOCOL.IP.TCP) {
					var datalen = ret.info.totallen - ret.hdrlen;

					console.log('Decoding TCP ...');

					ret = decoders.TCP(buffer, ret.offset);
					console.log(' from port: ' + ret.info.srcport + ' to port: ' + ret.info.dstport);
					datalen -= ret.hdrlen;
					console.log(buffer.toString('binary', ret.offset, ret.offset + datalen));
				}
			}
		} else
			console.log('Unsupported Ethertype: ' + PROTOCOL.ETHERNET[ret.info.type]);
	}
});

Then send get to http://81.2.240.145, for example from postman.