Hi,
I hope this hasn't been answered somewhere before (I did my best
searching the various sources of information (wiki, mailinglists, user
guide)), but I'm trying to get to the body of a HTTP GET and / or POST
inside a Lua script for wireshark.
As I'm a complete starter with Lua and scripting Wireshark, I'd
appreciate it if someone could provide me with some pointers. In
particular:
- do I need to implement a Tap Listener or a (post)-dissector (in a
Lua script)?
- after I've figured that out, is there any Field I can access that
contains the body data?
- does the fact that the body could be multiple tcp packets long
influence any of this, or should the HTTP dissector take care of
reassembly?
Using a capture filter (on content-type and response code) I managed
to get my tap listener to be called only after a successful match, but
didn't see how to get to the body of the response. I thought about
using a (post)dissector but am at a bit of a loss again as to how to
get to the body.
I found this [1] thread from sept 2008 where Roasio asks the same
question, but it seems to end in "does not work, but should".
Regards,
[1] http://www.wireshark.org/lists/wireshark-dev/200809/msg00018.html