#!/usr/bin/python 
import pcapy 
import impacket.ImpactDecoder as Decoders 

reader = pcapy.open_offline("evidence03.pcap") 
(header, payload) = reader.next() 

while payload!='': 
    try: 
        decoder = Decoders.EthDecoder() 
        eth = decoder.decode(payload) 
        ip = eth.child() 
        tcp = ip.child() 
        data = tcp.get_data_as_string() 
        arrline = data.split('\x0d\x0a') 
        for line in arrline: 
            if line.startswith("GET /WebObjects"): 
                line = line.replace('GET /WebObjects/MZStore.woa/wa/', '') 
                line = line.replace('GET /WebObjects/MZSearch.woa/wa/', '') 
                print line 
        (header, payload) = reader.next() 
    except: 
        break