Sniffing Images Over HTTP Traffic
Yesterday there was a bit of a discussion over at Slashdot about network sniffers. Someone mentioned a program called etherpeg, for Mac (of about 5 years ago) that sniffed wireless network traffic and displayed collected images. The idea sounded pretty fun, but I couldn’t find anything similar for Windows. What I decided to do was write up my own quick little script to do something similar — it’s probably not as interactive and instantaneous, but it works.
I downloaded Wireshark and sniffed some traffic over my own network. I filtered it for HTTP traffic only, displayed details for all GET requests, then I exported it as a text file and wrote a little Python script. All the script does is go through the text file and look for GET requests on images (with jpeg, gif, or png extensions) and prints them off as HTML img tags that you can dump to an HTML file and view in a browser. It works pretty well and it’s pretty interesting:
try:
f=open('packets.txt')
get = host = ""
# read through all of the lines
for line in f:
# look for line indicating GET request
if line.strip().startswith("GET"):
get = line.strip().split(" ")[1]
# ignore requests for things thing aren't images
if not get.endswith(('jpg', 'gif', 'png')):
get = ""
elif get != "" and line.strip().startswith("Host"):
host = line.split(":")[1].replace("\r\n", "").strip()
if get is not "":
print "<img src="http://" + (host + get) + "" /><br /><br />n"
f.close()
except IOError:
print "Could not open the file."
I’m sure there’s a better way with regular expressions, but I didn’t feel like sitting around and figuring one out. After saving the file as something like http_packet_images.py, you could dump it from a command line like so:
C:\>python http_packet_images.py > output.html
Enjoy.