Tuesday, 14 February 2017

Write a C++ program to read the HTTP header and analyze the parameters.

Q: Write a C++ program to read the HTTP header and analyze the parameters.


Test Environment


Dependencies: Libcrafter
OS: Fedora 20
Testing Environment : Switched Lan with Promiscuous Mode On for NIC


Code


#include < iostream > 
#include < string > 
#include < cstring > 
#include < crafter.h > 
#include < stdio.h > 
#include < regex >

//This depends on proxy settings
//In case you are not using any html proxy
//Leave this value at 80
#define HtmlProxy 3128
//3128 is for the squid proxy 
//where this code was being tested

using namespace std;
using namespace Crafter;
//below searchstrings and integers to maintain count 
string htmltest = "HTTP/1.1";
int getcount;
string get = "GET";
int headcount;
string head = "HEAD";
int postcount;
string post = "POST";
int putcount;
string put = "PUT";
int deletecount;
string d = "DELETE";
int connectcount;
string c = "CONNECT";
int opcount;
string op = "OPTIONS";
int tracecount;
string trace = "TRACE";
//count of reponse and request
int htmlresp, htmlreq;
//maintains the count of each response code
int codearray[700];

void PacketHandler(Packet * sniff_packet, void * user) {
  //sniff_packet is pointer to captured packet
  //User is used to supply data if any
  RawLayer * raw_payload = sniff_packet - > GetLayer < RawLayer > ();
  //If you get a packet
  if (raw_payload) {
    //Create a Tcp pointer to use further
    TCP * tcp_layer = sniff_packet - > GetLayer < TCP > ();

    //Get all html code as a string for processing
    string payload = raw_payload - > GetStringPayload();
    //If the captured payload was of http
    if (strstr(payload.c_str(), htmltest.c_str())) {

      //Print the source port
      cout << "[#] TCP packet from source port: " << tcp_layer - > GetSrcPort() << endl;
      if (tcp_layer - > GetSrcPort() == HtmlProxy) {
        //If the source port was your html port 
        //The html proxy sends information from this port
        //As a result we use the html proxy port
        //This was a response message
        htmlresp++;
        //get the response code,9=firstcharacter,3=noscharacter   
        std::string thesub = payload.substr(9, 3);
        int code = atoi(thesub.c_str());
        //ascii to integer
        codearray[code]++;
      } else {
        //The html request are send using random ports
        //This is for security purposes
        htmlreq++;
      }
      cout << "[#] With Payload: " << endl;
      cout << payload.c_str() << endl;
      //Use substring to use only first line to identify the packet
      //This will prevent data content being interpreted as 
      //header content.
      if (strstr(payload.substr(0, 10).c_str(), get.c_str())) getcount++;
      else if (strstr(payload.substr(0, 10).c_str(), post.c_str())) postcount++;
      else if (strstr(payload.substr(0, 10).c_str(), head.c_str())) headcount++;
      else if (strstr(payload.substr(0, 10).c_str(), put.c_str())) putcount++;
      else if (strstr(payload.substr(0, 10).c_str(), d.c_str())) deletecount++;
      else if (strstr(payload.substr(0, 10).c_str(), c.c_str())) connectcount++;
      else if (strstr(payload.substr(0, 10).c_str(), trace.c_str())) tracecount++;
      else if (strstr(payload.substr(0, 10).c_str(), op.c_str())) opcount++;

    }

  }

}

int main() {
  string iface = "p4p1";
  Sniffer sniff("tcp", iface, PacketHandler);
  sniff.Capture(2000); //number of packets to be captured
  //Display of information below

  cout << "Number of requests:" << htmlreq << endl;
  cout << "Breakup of Requests" << endl;
  cout << "GET:" << getcount << endl;
  cout << "HEAD:" << headcount << endl;
  cout << "POST:" << postcount << endl;
  cout << "PUT:" << putcount << endl;
  cout << "DELETE:" << deletecount << endl;
  cout << "CONNECT:" << connectcount << endl;
  cout << "OPTIONS:" << opcount << endl;
  cout << "TRACE:" << tracecount << endl;

  cout << "Number of response:" << htmlresp << endl;
  cout << "Breakup of Response" << endl;
  for (int i = 100; i <= 699; i++) {
    if (i == 100) cout << "1xx Informational\n" << endl;
    else if (i == 200) cout << "2xx Success\n" << endl;
    else if (i == 300) cout << "3xx Redirection\n" << endl;
    else if (i == 400) cout << "4xx Client Error\n" << endl;
    else if (i == 500) cout << "5xx Server Error\n" << endl;
    if (codearray[i] != 0) //print only if code was recievedi
      cout << i << "\t" << codearray[i] << endl;
  }

  return 0;
}

Traffic Generation


Traffic needs to be generated on the machine. It was generated by visiting webpages using a Browser.
The following websites where used to generate traffic.







Output


Largely Reduced Output. A large amount of Packet data was removed. As it would unnecessarily waste space on the blog.

[root@localhost crafter-0.2]# ./a.out
[#] TCP packet from source port: 37204
[#] With Payload:
GET http://pict.ethdigitalcampus.com/DCWeb/authenticate.do HTTP/1.1
Host: pict.ethdigitalcampus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1387
Date: Fri, 30 Dec 2016 03:18:12 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37204
[#] With Payload:
POST http://pict.ethdigitalcampus.com/DCWeb/authenticate.do HTTP/1.1
Host: pict.ethdigitalcampus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pict.ethdigitalcampus.com/PICT/
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 210

dbConnVar=PICT&hiddenfield=310a7b2cd0e52dd19c9bbe4c78f1eb6778af88a67a5990969273711054584e037c3bee2f22ea5ebfe7cb6b3d151f54b87c0b232f5424fb54ebdf64f590e9e913&service_id=&loginid=123456&password=vAK423nSZViWsys%3D
[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1387
Date: Fri, 30 Dec 2016 03:18:20 GMT
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37204
[#] With Payload:
GET http://pict.edu/wp-content/themes/invent/css/skins/skin.php?skin=%232a9dd6&ver=4.4.2 HTTP/1.1
Host: pict.edu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pict.edu/
Cookie: __cfduid=d5ae7c8cf274f8a0968f0f59a3170762c1482466573; _ga=GA1.2.1172140964.1482466700
Connection: keep-alive


[#] TCP packet from source port: 37205
[#] With Payload:
CONNECT www.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google.com


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 37206
[#] With Payload:
GET http://winterbash2016.stackexchange.com/api/current-hats?callback=winterBashCurrentHats8114954&userids=1417917%3B3528681%3B3168356&host=stackoverflow.com&_=1483067308933 HTTP/1.1
Host: winterbash2016.stackexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: prov=fd7b5e1b-9105-7ac3-092c-52ea5a3cc396
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2016 03:18:27 GMT
Content-Type: text/css; charset: UTF-8
X-Powered-By: PHP/5.5.22
Server: cloudflare-nginx
CF-RAY: 3192583212f531e6-SIN
Content-Encoding: gzip
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Transfer-Encoding: chunked
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/json; charset=utf-8
Expires: Fri, 30 Dec 2016 03:23:27 GMT
X-AspNetMvc-Version: 5.2
X-Powered-By: ASP.NET
Date: Fri, 30 Dec 2016 03:18:26 GMT
Content-Length: 175
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37204
[#] With Payload:
GET http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos HTTP/1.1
Host: stackoverflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: prov=0dd7e783-a916-b9cd-20f6-4e454ab94f2c; __qca=P0-1572849429-1482138038831; _ga=GA1.2.1722065592.1482138040
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
X-Request-Guid: 73df6ddb-6662-4ef2-8844-eea5f880becd
Content-Length: 18466
Accept-Ranges: bytes
Date: Fri, 30 Dec 2016 03:18:28 GMT
Age: 0
X-Served-By: cache-lhr6336-LHR
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1483067908.245486,VS0,VE153
Vary: Accept-Encoding
X-DNS-Prefetch-Control: off
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 varnish, 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37217
[#] With Payload:
CONNECT ssum-sec.casalemedia.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: ssum-sec.casalemedia.com


[#] TCP packet from source port: 37218
[#] With Payload:
CONNECT www.gravatar.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.gravatar.com


[#] TCP packet from source port: 37219
[#] With Payload:
CONNECT www.gravatar.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.gravatar.com


[#] TCP packet from source port: 37206
[#] With Payload:
GET http://clc.stackoverflow.com/markup.js?omni=AlqaR4ZiMNQIAAAAAOuUXwECAAAAAgAAAAAUAAAAfGMrK3xjZW50b3N8bGlicGNhcHwANURX2w6P3V70tQ&lw=0&zc=7&pf=0 HTTP/1.1
Host: clc.stackoverflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: prov=0dd7e783-a916-b9cd-20f6-4e454ab94f2c; __qca=P0-1572849429-1482138038831; _ga=GA1.2.1722065592.1482138040
Connection: keep-alive


[#] TCP packet from source port: 37220
[#] With Payload:
CONNECT www.google-analytics.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google-analytics.com


[#] TCP packet from source port: 37221
[#] With Payload:
CONNECT www.google-analytics.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google-analytics.com


[#] TCP packet from source port: 37204
[#] With Payload:
GET http://pixel.quantserve.com/pixel;r=1215770457;a=p-c1rF4kxgLUzNc;fpan=0;fpa=P0-1572849429-1482138038831;ns=0;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=0;et=1483068031221;tzo=-330;ref=;url=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F23041259%2Fc-shared-library-error-after-code-migration-to-centos;ogl=type.website%2Cimage.https%3A%2F%2Fcdn%252Esstatic%252Enet%2FSites%2Fstackoverflow%2Fimg%2Fapple-touch-icon%402%252Epng%3Fv%3D73d79a8%2Ctitle.c%2B%2B%20Shared%20library%20error%20after%20code%20migration%20to%20CentOS%2Cdescription.I%20was%20previously%20working%20on%20ubuntu%20%252EMy%20c%2B%2B%20code%20was%20executing%20well%20over%20there%20th%2Curl.http%3A%2F%2Fstackoverflow%252Ecom%2Fquestions%2F23041259%2Fc-shared-library-error-after-code-mi HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: mc=5857a13f-800ef-d34e7-d85d9
Connection: keep-alive


[#] TCP packet from source port: 37207
[#] With Payload:
GET http://b.scorecardresearch.com/b?c1=2&c2=17440561&ns__t=1483068031222&ns_c=UTF-8&cv=3.1&c8=c%2B%2B%20Shared%20library%20error%20after%20code%20migration%20to%20CentOS%20-%20Stack%20Overflow&c7=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F23041259%2Fc-shared-library-error-after-code-migration-to-centos&c9= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: UID=10712412420117313332bdc1482137919; UIDR=1482137919
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 37208
[#] With Payload:
GET http://stackoverflow.com/posts/23041259/ivc/7f4a?_=1483068030993 HTTP/1.1
Host: stackoverflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: prov=0dd7e783-a916-b9cd-20f6-4e454ab94f2c; __qca=P0-1572849429-1482138038831; _ga=GA1.2.1722065592.1482138040; _gat=1; _gat_pageData=1
Connection: keep-alive


[#] TCP packet from source port: 37209
[#] With Payload:
GET http://cdn-prom.sstatic.net/WinterBash/css/wb-include.css?22 HTTP/1.1
Host: cdn-prom.sstatic.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Connection: keep-alive
If-Modified-Since: Thu, 29 Dec 2016 19:10:33 GMT
If-None-Match: "805a533a762d21:0"


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 37225
[#] With Payload:
CONNECT www.google-analytics.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google-analytics.com


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/plain
X-Frame-Options: SAMEORIGIN
X-Request-Guid: 623b0e45-39c1-4b43-b014-3321f6421750
Accept-Ranges: bytes
Date: Fri, 30 Dec 2016 03:18:29 GMT
X-Served-By: cache-lhr6336-LHR
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1483067908.991511,VS0,VE71
X-DNS-Prefetch-Control: off
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 varnish, 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
X-Request-Guid: dd160a48-6026-405f-a12e-2fae63110894
Content-Length: 1487
Accept-Ranges: bytes
Date: Fri, 30 Dec 2016 03:18:29 GMT
Age: 0
X-Served-By: cache-lcy1130-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1483067908.959158,VS0,VE150
X-DNS-Prefetch-Control: off
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 varnish, 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37204
[#] With Payload:
GET http://pixel.quantserve.com/pixel;r=1215770457;a=p-c1rF4kxgLUzNc;fpan=0;fpa=P0-1572849429-1482138038831;ns=0;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=0;et=1483068031221;tzo=-330;ref=;url=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F23041259%2Fc-shared-library-error-after-code-migration-to-centos;ogl=type.website%2Cimage.https%3A%2F%2Fcdn%252Esstatic%252Enet%2FSites%2Fstackoverflow%2Fimg%2Fapple-touch-icon%402%252Epng%3Fv%3D73d79a8%2Ctitle.c%2B%2B%20Shared%20library%20error%20after%20code%20migration%20to%20CentOS%2Cdescription.I%20was%20previously%20working%20on%20ubuntu%20%252EMy%20c%2B%2B%20code%20was%20executing%20well%20over%20there%20th%2Curl.http%3A%2F%2Fstackoverflow%252Ecom%2Fquestions%2F23041259%2Fc-shared-library-error-after-code-mi HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: mc=5857a13f-800ef-d34e7-d85d9
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 37221
[#] With Payload:
CONNECT www.google-analytics.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google-analytics.com


[#] TCP packet from source port: 37207
[#] With Payload:
GET http://b.scorecardresearch.com/b?c1=2&c2=17440561&ns__t=1483068031222&ns_c=UTF-8&cv=3.1&c8=c%2B%2B%20Shared%20library%20error%20after%20code%20migration%20to%20CentOS%20-%20Stack%20Overflow&c7=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F23041259%2Fc-shared-library-error-after-code-migration-to-centos&c9= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: UID=10712412420117313332bdc1482137919; UIDR=1482137919
Connection: keep-alive


[#] TCP packet from source port: 37227
[#] With Payload:
CONNECT www.google.co.in:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google.co.in


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 204 No Content
Content-Length: 0
Date: Fri, 30 Dec 2016 03:18:29 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37228
[#] With Payload:
CONNECT engine.adzerk.net:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: engine.adzerk.net


[#] TCP packet from source port: 37230
[#] With Payload:
CONNECT stats.g.doubleclick.net:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: stats.g.doubleclick.net


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 304 Not Modified
Accept-Ranges: bytes
ETag: "805a533a762d21:0"
X-Powered-By: ASP.NET
Date: Fri, 30 Dec 2016 03:18:28 GMT
Age: 1
X-Cache: HIT from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: HIT from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37206
[#] With Payload:
GET http://engine.adzerk.net/ados?t=1483068031637&request={%22Placements%22:[{%22A%22:22,%22S%22:8277,%22D%22:%22clc-tlb%22,%22AT%22:4,%22Z%22:[43]},{%22A%22:22,%22S%22:8277,%22D%22:%22clc-mlb%22,%22AT%22:4,%22Z%22:[44]}],%22Keywords%22:%22c%2B%2B%2Ccentos%2Clibpcap%22,%22Referrer%22:%22%22,%22IsAsync%22:true} HTTP/1.1
Host: engine.adzerk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: azk=ue1-7d2878d5604e4de399eca1515caf9e62; azk-sync=22.1.ue1-7d2878d5604e4de399eca1515caf9e62%3A1482902727; __cfduid=d705aa578face23e3180e81f102a37c991482304445
Connection: keep-alive


[#] TCP packet from source port: 37211
[#] With Payload:
GET http://clc.stackoverflow.com/impression.gif?an=45ST3dqWZHDFg9WDy8-TiYmBgYGFAQReT4lnzI7WYGA4DsQMzAwMDSBRRkaQAunbJgwMBaZALjMD44HuHdMs95q3mc6WZmFiuFzMzMDGzJDSUNDcbrlRa54dI3OytrY0iwgDQ7II2KCUhmzlAEuB1ZK2s-8Djag0AwoyM8hM1nneZSl7ZwJEA8O-54__Vln5XD7VBgA&md=521 HTTP/1.1
Host: clc.stackoverflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stackoverflow.com/questions/23041259/c-shared-library-error-after-code-migration-to-centos
Cookie: prov=0dd7e783-a916-b9cd-20f6-4e454ab94f2c; __qca=P0-1572849429-1482138038831; _ga=GA1.2.1722065592.1482138040; _gat=1; _gat_pageData=1
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Fri, 30 Dec 2016 03:18:29 GMT
Server: QS
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Content-Encoding: gzip
X-Request-Guid: 323a443a-5727-495d-972e-be453ce729cd
Content-Length: 57
Accept-Ranges: bytes
Date: Fri, 30 Dec 2016 03:18:29 GMT
Age: 0
X-Served-By: cache-lcy1130-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1483067909.790956,VS0,VE70
X-DNS-Prefetch-Control: off
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 varnish, 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 OK
Access-Control-Allow-Headers: accept, origin, content-type, content-length
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: application/javascript; charset=utf-8
Date: Fri, 30 Dec 2016 03:18:30 GMT
ETag: W/"1-aLMp2piT40CZx9itXLnJQA"
Expires: 0
Pragma: no-cache
Server: nginx/1.1.19
Set-Cookie: azk=ue1-7d2878d5604e4de399eca1515caf9e62; Path=/; Expires=Sat, 30 Dec 2017 03:18:30 GMT
x-powered-by: adzerk bifrost/
x-served-by: engine-i-0ed72b9efc410c29d
Content-Length: 1
X-Cache: MISS from (external)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (external)mastizen.zentyal-domain.lan:3130
X-Cache: MISS from (frontal)mastizen.zentyal-domain.lan
X-Cache-Lookup: MISS from (frontal)mastizen.zentyal-domain.lan:3128
Via: 1.1 (external)mastizen.zentyal-domain.lan (squid/3.3.8), 1.1 (frontal)mastizen.zentyal-domain.lan (squid/3.3.8)
Connection: keep-alive


[#] TCP packet from source port: 37229
[#] With Payload:
CONNECT www.google.co.in:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: www.google.co.in


[#] TCP packet from source port: 3128
[#] With Payload:
HTTP/1.1 200 Connection established


Number of requests:26
Breakup of Requests
GET:13
HEAD:0
POST:1
PUT:0
DELETE:0
CONNECT:12
OPTIONS:0
TRACE:0
Number of response:24
Breakup of Response
1xx Informational

2xx Success

200 19
204 2
3xx Redirection

304 1
4xx Client Error

5xx Server Error

500 2

Further Scope

Modify the program to just filter the Post & Put methods to get a nice little password sniffer. Don't get to excited though. These days all websites use https. So this will do no good.

1 comment: