forked from keithfancher/Pcapitate
-
Notifications
You must be signed in to change notification settings - Fork 0
Parses raw pcap files for a friendlier snooping experience
License
hcit/Pcapitate
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
PCAPITATE ========= This tool parses raw packet capture data (from tcpdump, wireshark, etc.) and formats it nicely into a semi-real browser history. This makes snooping on people a much more pleasant experience! It uses dpkt to read the capture data, so any pcap-compatible output should be hunky dory (in theory -- I've only run very limited tests so far). REQUIREMENTS ------------ * python * argparse (standard with Python 2.7+) * dpkt INSTALLATION ------------ You can clone the git repo thusly: $ git clone git://github.com/keithfancher/Pcapitate.git Then just copy the pcapitate.py file somewhere in your path and run it! You can also install with pip: $ pip install https://github.com/keithfancher/Pcapitate/tarball/master Note that since dpkt's PyPI entry is borked, you'll still have to install dpkt manually even if you use pip. On a Debian-based distro, for instance, do this: $ sudo apt-get install python-dpkt USAGE ----- Just pass it a pcap file and it will spit output to stdout for you to have your way with. It has the following command line options: -w, --output-html Output in HTML instead of plaintext. A little prettier, a little easier to navigate. -t, --get-titles Fetch current page titles using urllib2 (this can take some time, so be patient). This just makes the output a little bit more useful. -u, --kill-untitled Don't included untitled pages in the output. This can be a neat way to filter out dumb requests like JS, CSS, stupid ads, etc. Though you always run the risk that someone will view a valid page without a <title>... So a typical use would probably look something like this: $ ./pcapitate.py -wut super_secret_browsing.pcap > nice_output.html Then just open nice_output.html in any browser and enjoy!
About
Parses raw pcap files for a friendlier snooping experience
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published