question about HttpResponseLayer/HttpRequest

[ccworkhard]

In this library, HttpResponseLayer/HttpRequest Layer will analyze the request body. I noticed that it checks each package. I have a question. If a complete http request is divided into two packages and arrives at the server, will the second packet be detected and mark it HTTP?

[seladb]

I'm sorry for the delayed response @ccworkhard . HttpRequestLayer and HttpResponseLayer only parse the request header, not the request body. If the header is divided into multiple packets, only the first one will be analyzed. You can know if the header is complete or not by using the method isHeaderComplete()

[ccworkhard]

I'm sorry for the delayed response @ccworkhard . HttpRequestLayer and HttpResponseLayer only parse the request header, not the request body. If the header is divided into multiple packets, only the first one will be analyzed. You can know if the header is complete or not by using the method isHeaderComplete()

thank you very much. I'm wonder Is there a way for me to implement deserialization under Http requests based on TcpReassembly and HttpLayer. Regardless of whether the http request package is divided into several packages, I want to deserialize a complete httpLayer object

[seladb]

well, I thought about it, but didn't actually implement it yet. Currently PcapPlusPlus only supports parsing of individual packets. As a workaround you can use TCP reassembly, save the output as a packet and then parse it. But this will require some additional code

[ccworkhard]

well, I thought about it, but didn't actually implement it yet. Currently PcapPlusPlus only supports parsing of individual packets. As a workaround you can use TCP reassembly, save the output as a packet and then parse it. But this will require some additional code

i'm trying to complete it. wow, Can i be a contributor?

[seladb]

Yes of course! You're more than welcome to contribute to this project.

However please take into account that implementing such a feature (not the workaround I suggested) is going to be somewhat tricky...

[ccworkhard]

Yes of course! You're more than welcome to contribute to this project.

However please take into account that implementing such a feature (not the workaround I suggested) is going to be somewhat tricky...

yeah, I noticed that it may need a thread pool, a buffer, file IO... But I'll give it a try, see you next time in the PR.

[Byxs20]

Hopefully this feature will be available in the future, looking forward to it!

[Byxs20]

By the way, do you have any knowledge of projects that implement this complete HTTP request and HTTP return?

[tigercosmos]

seems https://github.com/seladb/PcapPlusPlus/pull/1212 is working on it.

[Byxs20]

seems #1212 is working on it.

Do you know a good library for parsing http like this one, not too slow?

I just need to implement this parsing of HTTP request and response packets.

The pair corresponds to 2 elements, the http request and the response.

[tigercosmos]

seems #1212 is working on it.

Do you know a good library for parsing http like this one, not too slow?

I just need to implement this parsing of HTTP request and response packets.

The pair corresponds to 2 elements, the http request and the response.

PcapPlusPlus already helps you distinguish between request and response. If the response involves more than 1 packet, the easiest way is to concat the packets' payload by yourself. Of course, if the packets are out of order, it may be more difficult.

[seladb]

By the way, do you have any knowledge of projects that implement this complete HTTP request and HTTP return?

do you need a library that parses HTTP traffic from network packets?

[Byxs20]

By the way, do you have any knowledge of projects that implement this complete HTTP request and HTTP return?

do you need a library that parses HTTP traffic from network packets?

I'm very targeted, it's enough to be able to handle HTTP, I don't care too much about the rest of the traffic, I've tried your project and I think I can only get the TCP data once.

[seladb]

if you just need to handle HTTP traffic, you can use any web server, including those included in Python or Javascript/Typescript?

[Byxs20]

if you just need to handle HTTP traffic, you can use any web server, including those included in Python or Javascript/Typescript?

I mainly just need to implement parsing out a set of HTTP traffic from the traffic, containing the requested and returned data.

[Byxs20]

if you just need to handle HTTP traffic, you can use any web server, including those included in Python or Javascript/Typescript?

It's actually what I pictured above, and I want it returned to me in order, with the order of return determined by the precedence of the request packet.

[seladb]

maybe you can use this library? https://github.com/hsiafan/httpdump

[Byxs20]

Owner

Thanks you!