Hy everyone, I have a lot of '.pcap' files, I want to scan a packets and get a target URL, that mean for example if I run in background Wireshark and i go to www.cnn.com(i get 3000 packets approximately - only for load the home-page), after i click for get one of the article of CNN i get 1500 packets (approximately). I want to be capable to find exactly the URL that the user types(www.cnn.com) and the internal URL user go into (click to article into CNN site). I try to filter all packets to get all http.request(GET ....), but the problem is when user entering site like CNN we received a lots of internal sessions that create a HTTP Request(for picture, publicity, image, referring to other sites ect...). I search a unique raw or word into request or other things int the packet to be sure that user really get to this page(and its not a internal session to publicity, image, referring to other site etc...). if its important i passing over packets with python, scapy library. Thanks a lot for any Response Jo. asked 05 Jan '14, 22:31  Jo Smith |
One Answer:
This looks like a network forensics task. Problem here is that Wireshark has no logic that classifies things like URLs for any given relevance. It's all manual work. If you need something with more logic you need to look for other solutions or code your own. answered 07 Jan '14, 00:30  Jasper ♦♦ |
