$number." .
> " | $starttime | " .
> "$id_html | | \n";
>
1729,1731c1814
< &Process_Hex_Finish("TCP",$session_id);
< &Save_Hex_HTML("TCP",$session_id,$number,$service_name,
< $id_html);
---
> my ($text, $html) = &Process_Hex("TCP", $session_id);
1733c1816,1818
< $id_text);
---
> $id_text, $text);
> &Save_Hex_HTML("TCP", $session_id, $number, $service_name,
> $id_html, $html);
1756c1841,1844
< $service == 3127 or $service == 1080) {
---
> $service == 3127 or $service == 1080 or
> # JL: 8118 is HTTP(S) via polipo.
> # 9050 is Tor (socks4a, but works good enough for me).
> $service == 8118 or $service == 9050) {
1758c1846
< &Process_HTTP($session_id);
---
> &Process_HTTP($session_id,$number);
1902a1991,1994
> if ($Arg{prefer_dns}) {
> $ip_src = &Get_Name_For_IP($ip_src);
> $ip_dest = &Get_Name_For_IP($ip_dest);
> }
1982,1984c2074
< &Process_Hex_Finish("UDP",$session_id);
< &Save_Hex_HTML("UDP",$session_id,$number,$service_name,
< $id_html);
---
> my ($text, $html) = &Process_Hex("UDP", $session_id);
1986c2076,2078
< $id_text);
---
> $id_text, $text);
> &Save_Hex_HTML("UDP", $session_id, $number, $service_name,
> $id_text, $html);
1996a2089,2092
> if ($service == 53) {
> &Save_DNS_File($session_id,$number);
> }
>
2150,2152c2246,2250
< &Process_Hex_Finish("ICMP",$time);
< &Save_Hex_HTML("ICMP",$time,$number,$service_name,$id_html);
< &Save_Hex_Text("ICMP",$time,$number,$service_name,$id_text);
---
> my ($text, $html) = &Process_Hex("ICMP", $time);
> &Save_Hex_Text("ICMP", $session_id, $number, $service_name,
> $id_text, $text);
> &Save_Hex_HTML("ICMP", $session_id, $number, $service_name,
> $id_html, $html);
2160a2259,2286
> # JL: Process_DNS - DNS processing. Look for DNS replies and store
> # names for IP addresses into %DNS.
> # Also store CNAME aliases so that the "original" name can be retrieved.
> #
> sub Process_DNS {
> my $data = shift;
> my $session_id = shift;
>
> my $dns = Net::DNS::Packet->new(\$data);
>
> unless ($dns) {
> #print "Failed to create Net::DNS::Packet!\n";
> return;
> }
>
> $UDP{id}{$session_id}{DNS} = $dns->string;
> foreach my $rr ($dns->answer) {
> if ($rr->type eq "A") {
> $DNS{$rr->address} = $rr->name;
> }
> if ($rr->type eq "CNAME") {
> $DNS{$rr->cname} = $rr->name;
> }
> }
> }
>
>
>
2162a2289
> # JL: Added host parameter
2165c2292
< my ($junk,$var,$value,$term,$data,$request,$site,$post,$get,$reply);
---
> my ($junk,$var,$value,$term,$data,$request,$host,$site,$post,$get,$reply);
2173a2301,2302
> my $number = shift;
> my $partnum = 0;
2218c2347
<
---
> $partnum++;
2220a2350,2355
> ### JL: Get the host string, referer, and cookies.
> ($host) = $request =~ /\sHost:\s(\S*)\s/is;
> ($referer) = $request =~ /\sReferer:\s(\S*)/is;
> ($cookie) = $request =~ /\sCookie:\s(\S*)/is;
> ($setcookie) = $reply =~ /\sSet-Cookie:\s(\S*)/is;
>
2224a2360,2363
> # JL: Prefer hostname over IP address
> if ($Arg{httplog_html}) {
> $site = "http://${host}$site";
> } else {
2226a2366
> }
2230,2231c2370,2372
< ($type) = $reply =~ /Content-Type:\s(\S*)/s;
< ($size) = $reply =~ /Content-Length:\s(\S*)/s;
---
> # JL: Be careful to use case insensitive matching
> ($type) = $reply =~ /Content-Type:\s(\S*)/is;
> ($size) = $reply =~ /Content-Length:\s(\S*)/is;
2233a2375
>
2238,2241c2380,2386
< sprintf("%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s\n",
< int($time),(($time - int($time))*1000),($duration*1000),
< $src,$result,$status,$size,"GET",$site,"-","NONE","",
< "-",$type);
---
> Print_Log_Line($number,$time,$duration,
> $src,$dest,$result,$status,$size,
> "GET",$site,"-","NONE","","-",$type);
> $HTTPtxtlog{time}{$time} =
> Print_TxtLog_Line($number,$time,
> $referer,$cookie,$setcookie,
> "GET",$site);
2243a2389,2392
> ### JL: External image data.
> if ( defined $ExtImage{HTML}[$number]{parts}[$partnum] ) {
> $ExtImage{HTML}[$number]{links} .= " ";
> }
2250a2400,2404
> ### JL: Get the host string, referer, and cookies.
> ($host) = $request =~ /\sHost:\s(\S*)\s/is;
> ($referer) = $request =~ /\sReferer:\s(\S*)/is;
> ($cookie) = $request =~ /\sCookie:\s(\S*)/is;
> ($setcookie) = $reply =~ /\sSet-Cookie:\s(\S*)/is;
2254,2255c2408,2409
< ($type) = $reply =~ /Content-Type:\s(\S*)/s;
< ($size) = $reply =~ /Content-Length:\s(\S*)/s;
---
> ($type) = $reply =~ /Content-Type:\s(\S*)/is;
> ($size) = $reply =~ /Content-Length:\s(\S*)/is;
2262,2265c2416,2422
< sprintf("%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s\n",
< int($time),(($time - int($time))*1000),($duration*1000),
< $src,$result,$status,$size,"POST",$site,"-","NONE","",
< "-",$type);
---
> Print_Log_Line($number,$time,$duration,
> $src,$dest,$result,$status,$size,
> "POST",$site,"-","NONE","","-",$type);
> $HTTPtxtlog{time}{$time} =
> Print_TxtLog_Line($number,$time,
> $referer,$cookie,$setcookie,
> "POST",$site);
2273c2430,2433
< if ($request =~ /^GET \S*\?\S* HTTP/) {
---
> # JL: chaosreader 0.94 includes only URIs containing a question
> # mark. Why? Go for all instead.
> #if ($request =~ /^GET \S*\?\S* HTTP/) {
> if ($request =~ /^GET \S* HTTP/) {
2277c2437,2439
<
---
> if ($site eq "") {
> ($site) = $request =~ /^GET (\S*)\s/;
> }
2279c2441,2442
< if ($get =~ /=/) {
---
> # JL: Why only those with parameters?
> #if ($get =~ /=/) {
2309c2472
< }
---
> #}
2569c2732
< print "Chaosreader ver 0.94\n\n";
---
> print "Chaosreader ver 0.95i\n\n";
2645a2809,2810
> External Image Report
> $image_empty - Click here for a report embedding external images.
2648,2649c2813,2816
< HTTP Proxy Log
< $httplog_empty - Click here for a generated proxy style HTTP log.
---
> HTTP Proxy Log
> $httplog_empty - Click here for a generated proxy style HTTP log.
> New HTTP Proxy Log
> $httplog_empty - Click here for HTTP log with referers and Cookie indicators.
2660c2827
< IP Count
---
> IP and MAC Count
2661a2829
> |