Wireshark mailing list archives
Re: extraction of files from SSL and TCP streams automatically
From: Miroslav Rovis <miro.rovis () croatiafidelis hr>
Date: Wed, 9 May 2018 15:35:36 +0000
On 180509-10:15+0200, Peter Wu wrote:
On Tue, May 08, 2018 at 08:45:55AM +0000, Miroslav Rovis wrote:So when did Wireshark/Tshark get the ability to extract objects from streams?Wireshark has this feature since 2007 as far as I can see. Tshark only recently gained this feature (in 2.4 as I said).
Which makes my wondering around to learn how to extract files from SSL-decrypted TCP-streams, while not knowing about that feature early, much less severe... Wireshark itself is irreplaceable, but when it comes to the way to do some things with it, like extacting objects, where the only way (as far as I understand) to do it in Wireshark is to click around repeatedly in sessions as many times as there are files, very unappealing...
So what would be the commands to issue, then, on the trace that I offered, and which my stream-cont.pl on streams produced from that trace with my tshark-streams.sh, extracted all the files out from, as I show on that explanation page of mine at: https://www.croatiafidelis.hr/foss/cap/cap-180505-schmoog-referendum/Without reading the whole thing, this tshark command sets the TLS key log file, reads the pcap, hides dissection output and saves extracted HTTP objects to the "files" directory. tshark -ossl.keylog_file:dump_180505_0342_gdO_SSLKEYLOGFILE.txt \ -r dump_180505_0342_gdO.pcap -q --export-object http,files/ The result is 53 files.
Sounds so great! You must have been one of the devs that contributed it... I bet you were!
-- Kind regards, Peter Wu https://lekensteyn.nl
Thank you most sincerely and most gladly. Still busy with other obligations, but as soon as I can, I'm make a sequence page and assess how well Tshark does it. I bet it does it great! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- extraction of files from SSL and TCP streams automatically Miroslav Rovis (May 05)
- Re: extraction of files from SSL and TCP streams automatically Peter Wu (May 07)
- Re: extraction of files from SSL and TCP streams automatically Miroslav Rovis (May 08)
- Re: extraction of files from SSL and TCP streams automatically Peter Wu (May 09)
- Re: extraction of files from SSL and TCP streams automatically Miroslav Rovis (May 09)
- Re: extraction of files from SSL and TCP streams automatically Gedropi (May 09)
- Re: extraction of files from SSL and TCP streams automatically Miroslav Rovis (May 12)
- Re: extraction of files from SSL and TCP streams automatically Peter Wu (May 13)
- Re: extraction of files from SSL and TCP streams automatically Miroslav Rovis (May 08)
- Re: extraction of files from SSL and TCP streams automatically Peter Wu (May 07)