0
votes

I have a raw HTTPS stream captured via Wireshark. The request and response both contained g-zip encoded binary files. They are in the form octet-stream, and specify accept-encoding gzip.

I would like to mock this request and response object on my own with a node.js, but for this I need to extract the original binary files so I can send them back and forth. Is there any way to extract the original raw BIN from the Wireshark capture?

Thank you!

1
Do you have access to client and/or server to decrypt TLS? That's step#1Ross Jacobs
@RossJacobs Sorry, I am super new to networking-- I have parts of the TLS key from the raw HTTP stream ((the part that says --BEGIN KEY-- )), do I have to get another part of it from my client or server?Naomi Sushii
That sounds like the public key. The kind of thing you not be sent in plaintext over the network (i.e. it requires access and setup).Ross Jacobs

1 Answers

0
votes

To extract gzip compressed data, you can simply use a gzip library in the language of your choice or the Unix executable zcat. To compress data, use the Unix executable gzip. It's really that dead simple:

echo "hello world" | gzip > hello.gz
cat hello.gz | zcat   # or just:  zcat hello.gz

This will print hello world.