Is there a way to capture url using wireshark or tcpdump?

hi guys,

i am trying to list all possible ipset for dnsmasq

Yes, you can execute tcpdump on the router, filter the relevant traffic by source, and pipe it through Wireshark on the desktop, then instruct it to display only HTTP headers.

1 Like

Will work for http only. NOT for https, of course.

2 Likes

Most web services use TLS nowadays, so intercepting URL is generally not possible.
You can make it possible if you set up a proxy server and explicitly configure it on the client, or implement certificate spoofing with MITM.

On the other hand, you probably do not need the whole URL, but just the domain name.
You can intercept plain DNS queries to resolve with Dnsmasq that supports IP sets.

2 Likes

2 in 1 if you run linux or something that can pipe output of command to another.
ssh root@openwrt.lan tcpdump -i eth1 -U -s0 -w - 'not port 22' | sudo wireshark -k -i -

2 Likes