What is the exact string format used by Wireshark in order to 'sniff' the user-inserted values in a HTTP POST-method ( a login-form with username, password for example) ?
To be more specific, I was curious what is the HTTP Header Field that allows that because in the output from the Wireshark that Header Field name is missing (I can see all the others - such as User-Agent, Content-Type, Content-Length and so on).
I was wondering because I am a httpry user and I was curious if there's a possibility of 'cutting the man in the middle' (My .dump files created with httpry can be opened in Wireshark and I can get all the information I need from there - after applying the filters of course).
Don't get me wrong, I know that Wireshark is a much more complex mechanism than httpry but I am just curious how Wireshark can give that desired output using the .dump from httpry and if I can get the result (even in hexazecimal) in httpry.
Thanks for your patience and I hope that I made myself clear.
You're talking about an HTML form. If the form is being submitted with a POST request, then the "form data set" is sent as the message, which means it's in the body of the POST request.
That means that Content-Type and Content-Length are the relevant headers; Content-Type indicates the format used for the data, and Content-Length indicates the number of bytes of data in that format. The form data is not in a header.
So you'll have to parse the request line to determine that it's a POST, and then parse the following lines, looking for Content-Type and Content-Length (and possibly some encoding headers as well), until you see a blank line. The blank line is the end of the header lines; what follows it is the body of the request. That's what you need to process as the form data. If there's a Content-Length field, parse exactly that many bytes of body; otherwise, parse until a TCP FIN (end of data stream). If chunked or compressed encoding is being used, you'l have to handle them.