 |
|
Code examples from 'Internet Forensics'
Chapter 7 (Web Browsers)
| Example 7-1: browser.cgi |
#!/usr/bin/perl -w
# Example 7-1: browser.cgi
# Excerpted from 'Internet Forensics' by Robert Jones
# Published 2005 by O'Reilly Media (ISBN 0-596-10006-X)
# Echo the environment variables that are sent from the browser
use CGI;
my $cgi = new CGI;
print "Content-type: text/html\n\n";
print "<html>\n<head>\n";
print "<title>Browser Information</title>\n";
print "</head>\n<body>\n";
print "Information sent by your browser:<br>\n";
printf "Remote Host: %s<br>\n", $cgi->remote_host();
printf "Refering Page: %s<br>\n", $cgi->referer();
printf "Request Method: %s<br>\n", $cgi->request_method();
foreach my $type (sort { $a cmp $b } $cgi->http()) {
printf "%s: %s<br>\n", $type, $cgi->http($type);
}
print "</body>\n</html>\n";
|
| Example 7-2: parse_apache_log.pl |
#!/usr/bin/perl -w
# Example 7-2: parse_apache_log.pl
# Excerpted from 'Internet Forensics' by Robert Jones
# Published 2005 by O'Reilly Media (ISBN 0-596-10006-X)
die "Usage: $0 <field> <log file>\n" unless @ARGV > 0;
$ARGV[1] = '-' if(@ARGV == 1);
open INPUT, "< $ARGV[1]" or
die "$0: Unable to open log file $ARGV[1]\n";
while(<INPUT>) {
if(/^(\S+).*(\".*?\")\s+(\".*?\")\s*$/) {
my $host = $1;
my $referer = $2;
my $user_agent = $3;
if($ARGV[0] =~ /host/i) {
print "$host\n";
} elsif(($ARGV[0] =~ /refer/i) {
print "$referer\n";
} elsif(($ARGV[0] =~ /user/i)
print "$user_agent\n";
}
}
}
close INPUT;
|
| Example 7-3: parse_google_queries.pl |
#!/usr/bin/perl -w
# Example 7-3: parse_google_queries.pl
# Excerpted from 'Internet Forensics' by Robert Jones
# Published 2005 by O'Reilly Media (ISBN 0-596-10006-X)
die "Usage: $0 <log file>\n" unless @ARGV < 2;
$ARGV[0] = '-' if @ARGV == 0;
open INPUT, "< $ARGV[0]" or
die "$0: Unable to open log file $ARGV[0]\n";
while(<INPUT>) {
if(/[\?\&]q=([^\&]+)/) {
my $query = $1;
$query =~ s/\+/ /g;
$query =~ s/\%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge;
print "$query\n";
}
}
close INPUT;
|