#!/usr/bin/perl
#################################################################################################
#             gzippedNOT 
#################################################################################################
# This script reads an http payload file and attempts to deflate/decode the gzipped content
#
# Author: Amar Yousif
# Version : 1.0
# Date : 1/24/2010
#
# Dependencies: xxd, gzip  
#
# Copyright 2010 Amar Yousif (AmarYousif ( a t ) gmail.com)
#
# Please 1) report bugs and give suggestions when you can, and 
#        2) give credit when you use  :) 
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#    See <http://www.gnu.org/licenses/> for more info.
#
# If you are missing any of the perl modules needed for this script, install from CPAN    
# like so, we'll use Pod::Usage as an example: "perl -MCPAN -e 'install Pod::Usage'".

use strict;
use Getopt::Long;
use Pod::Usage;
use FindBin '$Bin';

# other variables
my $file;
my $print_help;
my $show_version;
my $version = "1.0";
my $tag='false';
my @output;


# read options
GetOptions(
    "read:s"    => \$file,
    "version!"  => \$show_version,
    "help|?!"   => \$print_help
) or pod2usage(2);

# check if we are asking for help
pod2usage( -verbose => 1 ) if $print_help;

# print version information
show_version() if $show_version;

# check if input file exists
pod2usage(2) unless -e $file;

`xxd -ps $file > $Bin/tempgzippednot.tmp.1`;#<-- change binary file to hex
open (IN, "<$Bin/tempgzippednot.tmp.1")  || die "Can't open tempgzippednot.tmp.1 for reading: $!\n";
open (OUT, ">$Bin/tempgzippednot.tmp.2") || die "can't open $Bin/tempgzippednot.tmp.2 for writing: $!\n";
while(<IN>)
	{
	if ($tag eq 'true') {print OUT;}
	elsif ($_ =~m /.*0d0a(1f8b.*)/)
		{
		print OUT $1;
		$tag='true';
		}
         }
	close(OUT);
	close(IN);
`xxd -r -ps $Bin/tempgzippednot.tmp.2 > $Bin/tempgzippednot.tmp.3.gz`;#<-- here we're changing back from hex to bin
`gzip -d $Bin/tempgzippednot.tmp.3.gz 2>&-`;
open (IN, "<$Bin/tempgzippednot.tmp.3")  || die "it seems that there is no gzipped content, I know this because I was unable to find or open tempgzippednot.tmp.3 for reading. sorry dude.: $!\n";
@output = <IN>;
print @output;
close (IN);
`rm $Bin/tempgzippednot.tmp*`;

exit;




#---------------------------Yummy SUBS-------------------

sub show_version {
    print "\n\n", $0, ' version ', $version, ' copyright 2010, Amar Yousif',
      "\n\n";
    exit 0;
}


__END__

=pod

=head1 msg 

B<gzippedNOT> takes an http payload file as an input and attempts to deflate/decode the gzipped content.

=head1 NAME

B<gzippedNOT> - a script to read an http payload file as an input and attempts to deflate/decode the gzipped content. 

=head1 SYNOPSIS

B<gzippedNOT> -r|--read PAYLOAD_FILE 

=head1 OPTIONS

=over 8

=item B<-r|-read PAYLOAD_FILE>

The PAYLOAD file that the script should read. This can be prep'd via wireshark tcpstream follow, or perhaps tcpflow.

=item B<-v|-version>

Dump the version number of the script to the screen and quit.

=item B<-h|-help|-?>

Print this help menu.

=back

=head1 DESCRIPTION

B<gzippedNOT> takes an http payload file as an input and attempts to decode/deflate the gzipped content.

=head1 AUTHOR

Amar Yousif <amaryousif AT gmail.com> 2010

=cut