Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: extraction of files from SSL and TCP streams automatically

From: Peter Wu <peter () lekensteyn nl>
Date: Mon, 7 May 2018 13:40:11 +0200
Hi Miroslav,

On Sat, May 05, 2018 at 06:17:42PM +0000, Miroslav Rovis wrote:

Hi!

How do users climbing the steep path of deep packet inspection extract files,
in HTTP/HTTPS protocols, i.e. the streams in SSL (and plain TCP) conversations?

Is there a program that can extract files from SSL- or plain- TCP streams
automatically?

[..]

And I've managed to put together a script that uses a few modified
subroutines from Chaosreader on already decrypted SSL TCP streams and extracts
files from them.


I think the feature you are looking for is "Export HTTP Objects". In the
GUI this is accessible via File -> Export Objects -> HTTP.

Since Wireshark 2.4, this feature is also available in tshark. For
example, to save all files from HTTP bodies in directory "outputdir":

    tshak -r some.pcap --export-object http,outputdir

See also https://www.wireshark.org/docs/man-pages/tshark.html

Hope it helps.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: