Hi Jim,
I am doing something very similar to what you are doing in your script. However, I am unable to capture the body when the content-type is:
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
When I use entity_data and end_entity event functions, what I accumulate for body when I receive a multi-part body is just a small string:
YWFhYWFh
However, I know my body is much larger. I’ve copy pasted the wireshark output of the multi-part content to the end of this email.
I see there are mime_xxx functions. Should I be using them to capture multi-part content. If they should be used, any help in how they should be used would be most appreciated. Thanks.
Dk.
[HTTP request 1/1]
File Data: 736 bytes
MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: “---- WebKitFormBoundarygsgnAl2Dz3rduY2p”
[Type: multipart/form-data]
First boundary: ------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“success_url”\r\n\r\n
Boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“error_url”\r\n\r\n
Boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“firstname”\r\n\r\n
Data (1 byte)
0000 61 a
[Length: 1]
Boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“lastname”\r\n\r\n
Data (1 byte)
0000 62 b
[Length: 1]
Boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“email”\r\n\r\n
Data (7 bytes)
0000 62 40 63 2e 63 6f 6d b@c.com
[Length: 7]
Boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“password”\r\n\r\n
Data (6 bytes)
0000 61 61 61 61 61 61 aaaaaa
[Length: 6]
Boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p\r\n
Encapsulated multipart part:
Content-Disposition: form-data; name=“confirmation”\r\n\r\n
Data (6 bytes)
0000 61 61 61 61 61 61 aaaaaa
[Length: 6]
Last boundary: \r\n------WebKitFormBoundarygsgnAl2Dz3rduY2p–\r\n