-
Notifications
You must be signed in to change notification settings - Fork 73
/
Copy pathcookies_from_pdml.py
executable file
·53 lines (40 loc) · 1.61 KB
/
cookies_from_pdml.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/env python
"""
Script to parse http Cookie header field from WireShark PDML XML.
This is a quick hack. Lots of problems.
Copyright 2014 Jason Antman <[email protected]> <http://www.jasonantman.com>
Free for any use provided that patches are submitted back to me.
The latest version of this script can be found at:
<https://github.com/jantman/misc-scripts/blob/master/cookies_from_pdml.py>
"""
from lxml import etree
import binascii
import sys
import optparse
def pdml_header_fields(fname, field_name):
""" return list of all values for HTTP header field_name """
tree = etree.parse(fname)
results = []
for e in tree.xpath('/pdml/packet/proto[@name="http"]/field[@name="http.cookie"]'):
data = binascii.unhexlify(e.get("value"))
results.append(data)
return results
def parse_options(argv):
""" parse command line options """
parser = optparse.OptionParser()
parser.add_option('-f', '--pdml-file', dest='fname', action='store', type='string',
help='PDML file name/path')
parser.add_option('-v', '--verbose', dest='verbose', action='store_true', default=False,
help='verbose output')
options, args = parser.parse_args(argv)
if not options.fname:
sys.stderr.write("ERROR: you must specify PDML file with -f|--pdml-file\n")
sys.exit(1)
return options
if __name__ == "__main__":
opts = parse_options(sys.argv)
cookies = pdml_header_fields(opts.fname, "Cookie")
for cookie in cookies:
print("Length: %d" % len(cookie))
print(cookie)
print("####################")