How would I extract a GZIP encoded binary file from a raw wireshark stream?

0
votes

I have a raw HTTPS stream captured via Wireshark. The request and response both contained g-zip encoded binary files. They are in the form octet-stream, and specify accept-encoding gzip.

I would like to mock this request and response object on my own with a node.js, but for this I need to extract the original binary files so I can send them back and forth. Is there any way to extract the original raw BIN from the Wireshark capture?

Thank you!

1
httpgzipwireshark
Do you have access to client and/or server to decrypt TLS? That's step#1 - Ross Jacobs
@RossJacobs Sorry, I am super new to networking-- I have parts of the TLS key from the raw HTTP stream ((the part that says --BEGIN KEY-- )), do I have to get another part of it from my client or server? - Naomi Sushii
That sounds like the public key. The kind of thing you not be sent in plaintext over the network (i.e. it requires access and setup). - Ross Jacobs

1 Answers

0
votes

To extract gzip compressed data, you can simply use a gzip library in the language of your choice or the Unix executable zcat. To compress data, use the Unix executable gzip. It's really that dead simple:

echo "hello world" | gzip > hello.gz
cat hello.gz | zcat   # or just:  zcat hello.gz

This will print hello world.