forked from shmilylty/WireShark_URI_Decode_LUA_Plugin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuridecode.lua
47 lines (40 loc) · 1.65 KB
/
uridecode.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
local my_info = {
name = "uridecode",
version = "1.0.0",
description = "a URI decode lua plugin of WireShark",
author = "Jing Ling",
repository = "https://github.com/sunnyelf/WireShark_URI_Decode_LUA_Plugin"
}
local uri_decode = Proto("uri_decode", "Decoded Full HTTP Request URI of ")
local get_full_uri = Field.new("http.request.full_uri")
local get_uri = Field.new("http.request.uri")
local get_method = Field.new("http.request.method")
local get_segments = Field.new("tcp.segments")
set_plugin_info(my_info)
function decode_char(hex)
return string.char(tonumber(hex,16))
end
function decode_string(str)
local output, t = string.gsub(str,"%%(%x%x)",decode_char)
return output
end
function decode_tw()
if not gui_enabled() then return end
tw = TextWindow.new("Decoded Full HTTP Request URI")
tw:set_editable(true)
tw:add_button("Decode",function() tw:set(decode_string(tw:get_text())) end)
tw:add_button("Copy",function() copy_to_clipboard(tw:get_text()) end)
end
function uri_decode.dissector(tvb, pinfo, tree)
local encoded_full_uri = get_full_uri()
local encoded_uri = get_uri()
local method = get_method()
local segments = get_segments()
if encoded_full_uri and encoded_uri and method and (not segments) then
local decoded_full_uri = decode_string(encoded_full_uri.value)
local subtree = tree:add(uri_decode,tvb(14+20+20,method.len+1+encoded_uri.len))
subtree:append_text(method.display..": "..decoded_full_uri)
end
end
register_postdissector(uri_decode)
register_menu("Decode URI",function() decode_tw() end,MENU_TOOLS_UNSORTED)