Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Script for sniffing mysql traffic

  • Loading branch information...
commit 246d1f18c9fa49f4156e2384a2d76ff6b25a14ec 1 parent fff1c0a
@felixge authored
Showing with 48 additions and 0 deletions.
  1. +48 −0 tool/pcap-mysql.js
View
48 tool/pcap-mysql.js
@@ -0,0 +1,48 @@
+#!/usr/bin/env node
+
+var sys = require("sys"),
+ pcap = require("pcap"),
+ mysqlPort = parseInt(process.argv[3]) || 3306,
+ pcap_session = pcap.createSession(process.argv[2] || '', 'tcp port '+mysqlPort);
+
+sys.puts('This tool allows to reverse engineer the mysql procotocol using node-pcap.');
+sys.puts('');
+sys.puts('Available devices (active one is denoted by *):');
+
+// Print all devices, currently listening device prefixed with an asterisk
+pcap_session.findalldevs().forEach(function (dev) {
+ sys.print(' ');
+ if (pcap_session.device_name === dev.name) {
+ sys.print("* ");
+ }
+ sys.print(dev.name + " ");
+ if (dev.addresses.length > 0) {
+ dev.addresses.forEach(function (address) {
+ sys.print(address.addr + "/" + address.netmask);
+ });
+ sys.print("\n");
+ } else {
+ sys.print("no address\n");
+ }
+});
+
+sys.puts('');
+sys.puts('Execute `./pcap-mysql.js <device> <mysql-port>` to listen on another device.');
+sys.puts('');
+
+// Listen for packets, decode them, and feed the simple printer. No tricks.
+pcap_session.on('packet', function (raw_packet) {
+ var packet = pcap.decode.packet(raw_packet);
+ //sys.puts(pcap.print.packet(packet));
+ var tcp = packet.link.ip.tcp;
+ if (!tcp.data) {
+ return;
+ }
+
+ if (tcp.sport == mysqlPort) {
+ sys.puts('<- '+tcp.data.inspect());
+ } else {
+ sys.puts('-> '+tcp.data.inspect());
+ }
+});
+
Please sign in to comment.
Something went wrong with that request. Please try again.