The binary execution is pretty straightforward, you can capture/read of the wire or replay captured pcap files. This example (using -l option for custom log format) will output the Time, Destination IP, Website and URL: justniffer -l "%request.timestamp %dest.ip %request.header.host %request.url" -f file.pcap 11/01/14 17:31:42 208.65.75.22 www.blackberry.com /select/wifiloginsuccess/EN/ It also comes with a script justniffer-grab-http-traffic (a python script) that output the web content (html, javascript, images,etc) captured in the traffic to a directory. This is an example of running the python script against an interface, all the traffic gets saved in /tmp/web_traffic. justniffer-grab-http-traffic -d /tmp/web_traffic -U nobody -i eth1 It can decode other protocols by reading them in "raw" format. For example, just reading an email without any options output the follow summary information: root@sniffer:/tmp/justniffer -f mail_mime.pcap Adding "raw" now to the output with -r and it decode the traffic in its entirety including dumping the raw base64 attachment: root@sniffer:/tmp/justniffer -f mail_mime.pcap -r 220 test.mail.ca ESMTP Sendmail 8.13.8+Sun/8.13.8; Mon, 29 Dec 2008 19:35:08 -0500 (EST) HELO web88101.mail.re2.yahoo.com MAIL FROM: RCPT TO: DATA [...] This is another tool alternative to capture and analyze traffic that can be added to your tool bag. Give it a try. [1] http://justniffer.sourceforge.net ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 490 Posts ISC Handler Nov 3rd 2014 |
Thread locked Subscribe |
Nov 3rd 2014 6 years ago |
I especially like the way that justniffer-grab-http-traffic uncompresses gzip-encoded web content, a feature that for me was quite hard to find in command line sniffing tools.
|
Anonymous |
Quote |
Nov 3rd 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!