[release] Urlsnarf - http log`s to file

[shibby20]

Hi, i compiled urlsnarf from dsniff package. This is install and use tutorial.

How to install:

ipkg update
ipkg install libpcap bash
cd /tmp
wget http://tomato.groov.pl/repo/libnet10_1.0.2a-1_mipsel.ipk
wget http://tomato.groov.pl/repo/libnids_1.18-1_mipsel.ipk
wget http://tomato.groov.pl/repo/dsniff_2.4b1-1_mipsel.ipk
ipkg install libnet10_1.0.2a-1_mipsel.ipk
ipkg install libnids_1.18-1_mipsel.ipk
ipkg install dsniff_2.4b1-1_mipsel.ipk

How to use

urlsnarf -i br0

Script to save log in file

wget http://tomato.groov.pl/Exp/urlsnarf_loger -O /opt/bin/urlsnarf_loger
chmod +x /opt/bin/urlsnarf_loger

Now edit /opt/bin/urlsnarf_loger file and change log dir to storage, eg:

dir=/mmc/urlsnarf

And add to firewall script:

cru a urlsnarf_loger "1 0 * * * /opt/bin/urlsnarf_loger"
/opt/bin/urlsnarf_loger

click save and reload firewall

service firewall restart

Script create new logfile every day (00:01 hour) with new date in name and compress old logs to tar.gz.

Now you can watch the log

Example:

[root@groov /tmp]$ tail -f /mmc/urlsnarf/06-2010/urlsnarf-03_06_2010.log
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/styles.css
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/includes/jscript.js
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/styles.css
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/images/openlinksys2.png
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/images/blank.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/images/bullet.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/images/bulletb.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/images/scapleft.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/images/pollbar.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/images/scapright.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/rss_images/rss_blue.png
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/forum/folder.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/images/smiley/grin.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/themes/x3/forum/foldernew.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/images/smiley/smile.gif
shibby.gw.groov.pl - 3/Jun/2010:19:01:14 - http://openlinksys.info/images/smiley/wink.gif

 

[i1135t]

Thanks, it works great, but it sucks up a lot of memory for usage. I don't suppose there is anything we can do to limit that? Nonetheless, a great contribution.. keep up the good work.

 

[Tamango]

Thanks shibby, installed urlsnarf successfully on my RT-N16, works great