tshark -r output.pcap -T fields -e http.response_for.uri -e http.response.code -e frame.len -Y 'http' >1.txt
tshark -r output.pcap -T fields -e http.response_for.uri -e http.response.code -e frame.len -Y 'http' >1.txt
注意:win下输出的1.txt为utf-16编码。输出的url需要解码。
输出结果:
sql盲注,根据返回帧的长度判断字符。
import urllib.parse,re
with open('1.txt','r',encoding='u16') as f:
log=f.readlines()# print(log)
dict1={}
flag=''
for each in log:
res=re.findall(r'totpSecret,CHAR\((\d+)\)\) FROM Users WHERE id=1 LIMIT 0,1\),(\d+),1\)>CHAR\((\d+)\) AND \'rbHn%\'=\'rbHn \d+ (\d+)',urllib.parse.unquote(each))
if res and int(res[0][3])>80:
dict1[res[0][1]]=chr(int(res[0][2]))
print(''.join(dict1.values()))