Hey folks, Any response? I've seen other people asking similar or directly the same question, but I've never seen an actual answer.
If I wasn't clear, I want to grab the only the text on the right:
0000 50 4f 53 54 20 2f 6d 61 69 6c 2f 3f 75 69 3d 32 POST /ma il/?ui=2
0010 26 69 6b 3d 63 61 39 30 63 62 63 35 30 61 26 61 &ik=ca90 cbc50a&a
0020 74 3d 78 6e 33 6a 32 7a 33 31 6b 32 65 76 30 76 t=xn3j2z 31k2ev0v
0030 31 31 76 62 65 67 72 77 76 78 62 32 66 36 31 70 11vbegrw vxb2f61p
0040 26 76 69 65 77 3d 75 70 26 61 63 74 3d 73 64 26 &view=up &act=sd&
0050 6a 73 69 64 3d 6b 6c 77 6d 77 63 64 61 6e 69 65 jsid=klw mwcdanie
Many thanks!
On Tue, Jan 20, 2009 at 10:17 PM, Patrick McCanna
<captainmccrank@xxxxxxxxx> wrote:
Hi List,
I need to get at the ascii of an http request.
Specifically, I'm trying to grab the data that appears to be stored in
the "Line-based text data" field of an http POST request. I want to
build a regular _expression_ to grab only the relevant content, so it's
important that I drop the hex information that comes with the -x
parameter.
I've tried to use the -T fields -e data-text-lines options, but
this only tells me that the data is application/x-www-form-urlencoded.
it does not tell me the actual data stored in the field.
So, my question to the list is this:
Is there a way I can get only the ascii data, or is there some other
field I should be specifying so that I can access the information that
appears to be stored in the "Line-based text data" information of the
POST request from wireshark?
Many thanks!
