On Tue, May 08, 2018 at 08:45:55AM +0000, Miroslav Rovis wrote:
> So when did Wireshark/Tshark get the ability to extract objects from streams?
Wireshark has this feature since 2007 as far as I can see. Tshark only
recently gained this feature (in 2.4 as I said).
> So what would be the commands to issue, then, on the trace that I offered, and
> which my stream-cont.pl on streams produced from that trace with my
> tshark-streams.sh, extracted all the files out from, as I show on that
> explanation page of mine at:
>
> https://www.croatiafidelis.hr/foss/cap/cap-180505-schmoog-referendum/
Without reading the whole thing, this tshark command sets the TLS key
log file, reads the pcap, hides dissection output and saves extracted
HTTP objects to the "files" directory.
tshark -ossl.keylog_file:dump_180505_0342_gdO_SSLKEYLOGFILE.txt \
-r dump_180505_0342_gdO.pcap -q --export-object http,files/
The result is 53 files.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
