How do I add a wireshark column that will display the value of an HTTP Request Query Parameter?

StackOverflow https://stackoverflow.com/questions/22204321

  •  09-06-2023
  •  | 
  •  

Frage

For example : If I had http://somepage.com/somefolder/someresouce?p1=value&p2=value&p3=value

I would like to see a column that would display the value of p2 if it existed in the request.

I googled, asked people around but can't find a good answer.

If think creating a dissector might help, but I don't want to write a new dissector for http.. that's an overkill.

And there is no http.request.queryParams["p2"] syntax for use of Custom Column type.

Thanks in advance!

War es hilfreich?

Lösung

Edit : I solved my own Question, adding the best implementation so far in my own answer below.

Well, the solution was indeed in dissectors.

Wireshark help is not very good, the examples are ok though.

The main problem was that wireshark help defines that you can write your lua script, and place it in the plugins directory, which is searched recursively for lua files. I did place my lua there and nothing worked, After almost 2 hours of fiddling, I found out instead of putting it in the plugins directory, it had to be in plugins//myScript.lua in order to work...

Now just to share my work :

To answer my own question :

http://pastebin.com/eANEut92

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top