Complete reconstruction of TCP Session (HTML pages) from WireShark pcaps, any tools for this?

后端未结

关注

 5  1585

滥情空心 2020-12-08 12:26

I wonder if there is a way in wireshark to reconstruct a complete TCP Session (HTML page(s)) if we have wireshark pcaps, can wireshark do the reconstruction? or is there any

5条回答

遥遥无期 (楼主)

2020-12-08 12:53
Depending on what version of Wireshark you have, you should be able to do something along the lines of:
1. Filter out the session you care about
2. Do File->Export->Objects->Http
3. Select a folder.
Is there something more you need... this appears to do the gzip decompression etc... won't work if you're running SSL (it MIGHT be able to if you can get the appropiate keys to make the SSL decode work, but that gets trickier and I'd suggest trying fiddler in that case)

HTH
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...