Using tcpdump to capture user data entered into a jsp form
I need to capture the data that a user is entering into a websites jsp form. When I try to capture using tcpdump, I only am able to get the post packet but not what was entered into the form.
Any help would be appreciated.
Thanks!
Any help would be appreciated.
Thanks!
ASKER
Here is the tcpdump line I am using to capture the users packets.
tcpdump -A -w testfile -vv -i eth1 dst host 66.174.3.10
tcpdump -A -w testfile -vv -i eth1 dst host 66.174.3.10
Can you post what you are seeing in the POST packet?
ASKER
0000 00 09 43 a4 de 52 00 02 4b 40 99 b1 08 00 45 00 ..C..R..K@....E.
0010 02 62 5d 84 40 00 7e 06 5c ca 0a 32 f0 5d 42 ae .b].@.~.\..2.]B.
0020 03 0a 0a a3 00 50 b8 bb c1 89 02 6b 76 f0 50 18 .....P.....kv.P.
0030 fa 17 6b 21 00 00 50 4f 53 54 20 2f 63 75 73 74 ..k!..POST /cust
0040 6f 6d 65 72 5f 73 69 74 65 2f 6a 73 70 2f 6d 65 omer_site/jsp/me
0050 73 73 61 67 69 6e 67 5f 6c 6f 2e 6a 73 70 20 48 ssaging_lo.jsp H
0060
This is the continuation frame
0000 00 09 43 a4 de 52 00 02 4b 40 99 b1 08 00 45 00 ..C..R..K@....E.
0010 01 2d 5d 85 40 00 7e 06 5d fe 0a 32 f0 5d 42 ae .-].@.~.]..2.]B.
0020 03 0a 0a a3 00 50 b8 bb c3 c3 02 6b 76 f0 50 18 .....P.....kv.P.
0030 fa 17 e5 cc 00 00 43 6f 6e 74 65 6e 74 2d 54 79 ......Content-Ty
0040 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f pe: application/
0050 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e x-www-form-urlen
0060
As taken from ethereal.
0010 02 62 5d 84 40 00 7e 06 5c ca 0a 32 f0 5d 42 ae .b].@.~.\..2.]B.
0020 03 0a 0a a3 00 50 b8 bb c1 89 02 6b 76 f0 50 18 .....P.....kv.P.
0030 fa 17 6b 21 00 00 50 4f 53 54 20 2f 63 75 73 74 ..k!..POST /cust
0040 6f 6d 65 72 5f 73 69 74 65 2f 6a 73 70 2f 6d 65 omer_site/jsp/me
0050 73 73 61 67 69 6e 67 5f 6c 6f 2e 6a 73 70 20 48 ssaging_lo.jsp H
0060
This is the continuation frame
0000 00 09 43 a4 de 52 00 02 4b 40 99 b1 08 00 45 00 ..C..R..K@....E.
0010 01 2d 5d 85 40 00 7e 06 5d fe 0a 32 f0 5d 42 ae .-].@.~.]..2.]B.
0020 03 0a 0a a3 00 50 b8 bb c3 c3 02 6b 76 f0 50 18 .....P.....kv.P.
0030 fa 17 e5 cc 00 00 43 6f 6e 74 65 6e 74 2d 54 79 ......Content-Ty
0040 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f pe: application/
0050 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e x-www-form-urlen
0060
As taken from ethereal.
For that site when you are in Ethereal expand the packet for the POST then look at the "Line-based text data". That shows all the form information.
ASKER
Where do I find that. I have used follow tcp stream but no luck
I actually performed the capture using ethereal. When I click on the packet for the post there is a section for Line-based text data.
This is what I see.
trackResponses=No&Send.x=Y
This is what I see.
trackResponses=No&Send.x=Y
ASKER
do I need to do something different in my tcpdump line?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.server.com/form.jsp?phone_num=5551234
Multiple input fields will be delimited by an &