The Apache webserver has a very modular logging system. It is possible to customize what to log and how. But it lacks in logging data submitted to the server via POST HTTP requests. Recently, I had to investigate suspicious HTTP traffic and one of the requirements was to analyze POST data. If you already have a solution which performs full packet capture, youre lucky but it could quickly become a pain to search for information across gigabytes of PCAP files. In the past, ngrep (network grep">#ngrep-d eth1-q -s 0 -O /tmp/wordpress.pcap POST /wp-login.php port 80
↧