Ok, I figured it out myself. Here's the complete code.
#!/usr/bin/perl
$|=1;
open (STDIN,"sudo /usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
if (/^\S/) {
while ($packet=~/(GET|POST|WWW-Authenticate|Authorizat
+ion|Content-Length: \w+\s*).+/g) {
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=
+localtime(time);
printf "%4d/%02d/%02d %02d:%02d:%02d",$year+1900,$mon+
+1,$mday,$hour,$min,$sec;
print " - $client -> $host\t$&\n";
}
undef $client; undef $host; undef $packet;
($client,$host) = /(\d+\.\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d
++\.\d+\.\d+)/
if /P \d+:\d+\((\d+)\)/ && $1 > 0;
}
next unless $client && $host;
s/^\s+\S+\s+//; # remove initial address ind.
s/\s{2}.*//; # remove trailing dump
s/\s+//;
s/([0-9a-f]{2})\s?/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;
$packet .= $_;
}
Still not suitable, since it creates a line to just contain POST data, when it would be better if it appended the content to the end of a POST line, or something like that.
