How to parse all post params

shell.b2t · October 29, 2016, 10:01am

I use packetbeat to capure http packet, but found some POST parameters can not be captured

packetbeat info :

**[root@localhost packetbeat]# /usr/share/packetbeat/bin/packetbeat --version**
**packetbeat version 5.0.0 (amd64), libbeat 5.0.0**

packetbeat.yml conent as following:

packetbeat.protocols.http:
  # Configure the ports where to listen for HTTP traffic. You can disable
  # the HTTP protocol by commenting out the list of ports.
  ports:   [ 80,8080,7001]

  send_all_headers: true
  #send_request: true
  send_response: true
  max_message_size: 10485760

raw request 1 as following:

POST /******/servlet/dispatcherServlet HTTP/1.1
Connection: close
User-Agent: Jakarta Commons-HttpClient/3.1
Host: 10.10.56.29:7001
Content-Length: 141

There is no content-type

raw request 2 as following:

POST /servicebus/services/ForwardService HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: "urn:anonOutInOp"
User-Agent: Axis2
Host: 10.10.0.60
Transfer-Encoding: chunked

request 1 and 2 are not parse the post params

Thanks!

shell.b2t · October 31, 2016, 3:39pm

nobody help me?

andrewkroh · October 31, 2016, 4:13pm

You should be able to capture request 2 if you set include_body_for in your configuration file.

protocols:
  http:
    ports: [80, 8080, 7001]
    send_request: true
    send_response: true # If you also want text/xml responses.
    include_body_for: ['text/xml']

Without a Content-Type, AFAICT it is not currently possible to capture the body.

shell.b2t · November 6, 2016, 1:38am

if there is no content-type,that how to capture the request,just like request1