forked from osmocom/wireshark
e2ec760d5e
This patch adds support for sequencing HTTP Redirects. This enables tracking of HTTP-based redirects, which may not have a Referer header. As such, this patch also renames 'HTTP Referer statistics' to 'HTTP Request Sequences' to better reflect the more generic functionality. Note that this does not fully support RFC 3986. An external library like uriparser.github.io may be a better option for efficient, full relative HTTP URL resolution. A Sample PCAP to test functionality is available here: https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=http_redirects.pcapng A sample PCAP to demonstrate usefulness is available here: https://www.malware-traffic-analysis.net/2015/08/31/page2.html (examine request to hxxp://lk2gaflsgh.jgy658snfyfnvh.com/service.php) Change-Id: I9edd1a1de86228b0dcb1df9f6f30e24379684321 Reviewed-on: https://code.wireshark.org/review/26679 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
88 lines
2.5 KiB
C
88 lines
2.5 KiB
C
/* packet-http.h
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef __PACKET_HTTP_H__
|
|
#define __PACKET_HTTP_H__
|
|
|
|
#include <epan/packet.h>
|
|
#include "ws_symbol_export.h"
|
|
|
|
extern const value_string vals_http_status_code[];
|
|
|
|
WS_DLL_PUBLIC
|
|
void http_tcp_dissector_add(guint32 port, dissector_handle_t handle);
|
|
WS_DLL_PUBLIC
|
|
void http_tcp_dissector_delete(guint32 port);
|
|
WS_DLL_PUBLIC
|
|
void http_tcp_port_add(guint32 port);
|
|
|
|
/* Used for HTTP statistics */
|
|
typedef struct _http_info_value_t {
|
|
guint32 framenum;
|
|
gchar *request_method;
|
|
guint response_code;
|
|
gchar *http_host;
|
|
const gchar *request_uri;
|
|
const gchar *referer_uri;
|
|
const gchar *full_uri;
|
|
const gchar *location_base_uri;
|
|
const gchar *location_target;
|
|
} http_info_value_t;
|
|
|
|
/** information about a request and response on a HTTP conversation. */
|
|
typedef struct _http_req_res_t {
|
|
/** the running number on the conversation */
|
|
guint32 number;
|
|
/** frame number of the request */
|
|
guint32 req_framenum;
|
|
/** frame number of the corresponding response */
|
|
guint32 res_framenum;
|
|
/** timestamp of the request */
|
|
nstime_t req_ts;
|
|
/** pointer to the next element in the linked list, NULL for the tail node */
|
|
struct _http_req_res_t *next;
|
|
/** pointer to the previous element in the linked list, NULL for the head node */
|
|
struct _http_req_res_t *prev;
|
|
} http_req_res_t;
|
|
|
|
/** Conversation data of a HTTP connection. */
|
|
typedef struct _http_conv_t {
|
|
guint response_code;
|
|
guint32 startframe; /* First frame of proxied connection */
|
|
gchar *http_host;
|
|
gchar *request_method;
|
|
gchar *request_uri;
|
|
gchar *full_uri;
|
|
/** the number of requests on the conversation. */
|
|
guint32 req_res_num;
|
|
guint8 upgrade;
|
|
gchar *websocket_protocol; /* Negotiated WebSocket protocol */
|
|
gchar *websocket_extensions; /* Negotiated WebSocket extensions */
|
|
/* Server address and port, known after first server response */
|
|
guint16 server_port;
|
|
address server_addr;
|
|
/** the tail node of req_res */
|
|
http_req_res_t *req_res_tail;
|
|
} http_conv_t;
|
|
|
|
typedef enum _http_type {
|
|
HTTP_REQUEST,
|
|
HTTP_RESPONSE,
|
|
HTTP_NOTIFICATION,
|
|
HTTP_OTHERS
|
|
} http_type_t;
|
|
|
|
/** Passed to dissectors called by the HTTP dissector. */
|
|
typedef struct _http_message_info_t {
|
|
http_type_t type; /* Message type; may be HTTP_OTHERS if not called by HTTP */
|
|
const char *media_str; /* Content-Type parameters */
|
|
} http_message_info_t;
|
|
|
|
#endif /* __PACKET_HTTP_H__ */
|