#!usr/bin/perl
#DH Sniffer 0.3
#(C) Doddy Hackman 2014
#Credits :
#Based on :
#http://stackoverflow.com/questions/4777042/can-i-use-tcpdump-to-get-http-requests-response-header-and-response-body
#http://www.perlmonks.org/?node_id=656590
#http://stein.cshl.org/~lstein/talks/WWW6/sniffer/
#http://perlenespanol.com/foro/post36051.html
#Thanks to : Lincoln D. Stein , paulz and Explorer

use CGI;
use threads;
use URI::Escape;

$| = 1;

my $control = shift;

head();

if ( $control eq "" ) {
print "\n[+] Sintax : $0 <option>\n";
print "\n[++] Options :\n";
print "\n[+] -g : Capture method GET\n";
print "[+] -p : Capture method POST\n";
print "\n[+] Example : sudo perl $0 -pg\n";
copyright();
}

print "\n";

my $hilo_get = threads->new( \&sniffer_get );
my $hilo_post = threads->new( \&sniffer_post );

$hilo_get->join;
$hilo_post->join;

sub sniffer_get {

if ( $control =~ /g/ ) {

open( GET, "/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |" );

while (<GET>) {

if (/^\S/) {

while ( $contenido =~
/(GET|POST|WWW-Authenticate|Authorization).+/g )
{
print "\n[+] $ip = $name " . uri_unescape($&);
savefile( "logs", "\n[+] $ip = $name " . uri_unescape($&) );
}

undef $ip;
undef $name;
undef $contenido;

( $ip, $name ) =
/IP (\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/;

}

s/\s+//g;
s/0x[abcdef\d]+://i;
s/([0-9a-f]{2})/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;

$contenido .= $_;

}
}
}

sub sniffer_post {

if ( $control =~ /p/ ) {

open( POST,
"tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' |"
);
while (<POST>) {

if (/^\S/) {

my $code = $_;

$buscando = CGI->new($code);

my @params = $buscando->param;

foreach $par (@params) {

if ( $par =~ /\./ ) {
next;
}
else {
my $dataf = $buscando->param($par);
print "\n[+] $par " . " : " . $dataf;
savefile( "logs", "\n[+] $par " . " : " . $dataf );
}
}
}
}
}
}

sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1];
close SAVE;
}

sub head {
print "\n-- == DH Sniffer 0.3 == --\n";
}

sub copyright {
print "\n-- == (C) Doddy Hackman 2014 == --\n\n";
exit(1);
}

# The End ?