pcap_http_objects
Extract HTTP objects like files from PCAP network captures to analyze web traffic and exported content for security testing and network forensics.
Instructions
Export HTTP objects (files) from a PCAP to a directory. Returns exported_count, output_dir, files list, and tshark_output. Creates files in the output directory.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| pcap_path | Yes | Path to the PCAP file | |
| output_dir | Yes | Directory to export HTTP objects to |
Implementation Reference
- src/tools/pcap.ts:153-180 (handler)The MCP tool "pcap_http_objects" is registered and implemented directly in src/tools/pcap.ts. It uses tshark to export HTTP objects from a PCAP file to a specified directory.
server.tool( "pcap_http_objects", "Export HTTP objects (files) from a PCAP to a directory. Returns exported_count, output_dir, files list, and tshark_output. Creates files in the output directory.", { pcap_path: z.string().describe("Path to the PCAP file"), output_dir: z.string().describe("Directory to export HTTP objects to"), }, async ({ pcap_path, output_dir }) => { requireTool("tshark"); const pcap = validatePcap(pcap_path); fs.mkdirSync(output_dir, { recursive: true }); const res = await runCmd("tshark", [ "-r", pcap, "--export-objects", `http,${output_dir}`, ]); let files: string[] = []; if (fs.existsSync(output_dir) && fs.statSync(output_dir).isDirectory()) { files = fs.readdirSync(output_dir); } const result = { exported_count: files.length, output_dir, files: files.slice(0, 100), tshark_output: res.stderr ? res.stderr.slice(0, 500) : "", };