my $sniffer = Sniffer::HTTP->new( callbacks => { request => sub { my ($req,$conn) = @_; #### print $req->uri; #### $self = bless( { callbacks => { closed => 'V: $self_eclipse_1->{closed}', log => 'V: $self_eclipse_1->{log}', request => 'V: $self_eclipse_1->{request}', response => 'V: $self_eclipse_1->{response}', tcp_log => sub { use warnings; use strict 'refs'; print $_[0] if $VERBOSE > 1; } }, connections => { "53302:80" => 'V: $self_eclipse_1' }, pcap_device => bless( \do { my $v = 140795392 }, 'pcap_tPtr' ), stale_connection => sub { use warnings; use strict 'refs'; my($s, $conn, $key); if ($key) { print "Connection stalled .... $key ....\n" if $debug; $s->log->("Connection $key is stale."); $s->remove_connection($key); } }, timeout => 300 }, 'Sniffer::HTTP' ); $self_eclipse_1 = bless( { _request => bless( { _content => '', _headers => bless( { accept => 'text/html,application/xhtml+xml,application/xml;q=0.9, */*;q=0.8', "accept-charset" => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', "accept-encoding" => 'gzip,deflate', "accept-language" => 'en-us,en;q=0.5', connection => 'keep-alive', host => 'www.example.com', "keep-alive" => 300, "user-agent" => 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Ge cko/2008072820 Firefox/3.0.1' }, 'HTTP::Headers' ), _method => 'GET', _protocol => 'HTTP/1.1', _uri => \do { my $v = 'http://www.example.com/?id=' } }, 'HTTP::Request' ), closed => sub { package Sniffer::HTTP; use strict 'refs'; my $key = $_[0]->flow; if (not exists $args{'connections'}{$key}) { warn 'Error: flow() ne connection-key!'; $key = join(':', reverse(split(/:/, $key, 0))); } $_[0]{'log'}("Removing $key"); $self->remove_connection($key); goto \&$user_closed if $user_closed; }, log => sub { use warnings; use strict 'refs'; print $_[0] if $VERBOSE; }, recv_buffer => \do { my $v = undef }, request => sub { use warnings; use strict 'refs'; my($req, $conn) = @_; Dump($conn); &analyze($req->method, $req->uri, $req->header('host'), $req->header('accept'), $req->heade r('connection'), $req->header('cookie'), $req->header('referer'), $req->header('user-agent'), $req->content($post_bytes_to_rec eive), $req->protocol); }, response => sub { use warnings; use strict 'refs'; my($res, $req, $conn) = @_; }, sent_buffer => \do { my $v = '' }, tcp_connection => bless( { ack_start => 2620583270, closed => sub { package Sniffer::Connection::HTTP; use strict 'refs'; }, dest_port => 80, last_activity => 1234622727, log => $self->{callbacks}{tcp_log}, received_data => sub { package Sniffer::Connection::HTTP; use strict 'refs'; $self_eclipse_1->received_data(@_); }, sent_data => sub { package Sniffer::Connection::HTTP; use strict 'refs'; $self_eclipse_1->sent_data(@_); }, sequence_start => 4131145978, src_port => 53302, status => 'SYN_ACK', teardown => sub { package Sniffer::Connection::HTTP; use strict 'refs'; $self_eclipse_1->closed->($self_eclipse_1); }, window => { dest => { 2620583270 => bless( { _frame => "\0P\3206\2342\355f\366 undef, acknum => 4131146361, cksum => 33516, data => '', dest_port => 53302, flags => 16, hlen => 8, options => "\1\1\b\n+\365J\236\t\270\200L", reserved => 0, seqnum => 2620583270, src_port => 80, urg => 0, winsize => 54 }, 'NetPacket::TCP' ) }, src => {} } }, 'Sniffer::Connection' ) }, 'Sniffer::Connection::HTTP' ); $self->{callbacks}{closed} = $self_eclipse_1->{closed}; $self->{callbacks}{log} = $self_eclipse_1->{log}; $self->{callbacks}{request} = $self_eclipse_1->{request}; $self->{callbacks}{response} = $self_eclipse_1->{response}; $self->{connections}{"53302:80"} = $self_eclipse_1; $user_closed = undef; %args = ( callbacks => $self->{callbacks}, connections => $self->{connections}, stale_connection => $self->{stale_connection}, timeout => 300 );