I am writing an application that will analyse data users enter on forms. Ive looked at using the FiddlerCore.dll but I think there are some issues with that that could mess up user's web browsers (it messed mine up twice on two different pcs) which would
be unacceptble for a program I would like to sell commercially at some point. So I have started looking at pcap.net.
I need to capture the body of http requests to retrieve the data they have entered. I have stepped through the example programs and one of the things I did was (in the function PacketHandler(Packet packet) in InterpretingThePrograms) -
I output the packet.Buffer array to txt files. I tried this with a few encodings. For example when I visited google.com and google/news and output the data with - System.Text.Encoding.ASCII.GetString(packet.Buffer) I got the following text -
http://tinypic.com/r/dob4p5/7 (firefox wouldnt let me paste it in here, because of the binary data I think)
When I used System.Text.Encoding.ASCII.GetString(packet.Buffer) I got this text -
I have a few questions on my results -
1. What exactly is the packet.Buffer - Is it an IP packet header like this http://www.freesoft.org/CIE/Course/Section3/7.htm? Or is it an entire IP packet, both header and body?
2. Are the packets coming through the PacketHandler fucntion both requested and received packets?
3. I tried submitting a few forms on some pages and checking out the captured ascii and utf8 text and although it's nearly all binary I couldn't find any instances of the data I sent and the packets themselves seemed to small to contain all the data so it
leads me to believe the packet.Buffer variable doesn't actually contain the posted data? Is this correct?
4. Any tips on how to retrieve http requests, not just the headers, the bodies too?
I appreciate any help anybody is able to offer me on this. Cheers.