I use pcap2har to extract from pcap to a har (HTTP Archive) file. But, when pcap file contains https packets, it ignores all the https packets.
how to avoid it? Or any other way to get har file from pcap file which containing https?
Thank you.
HTTPS is HTTP inside a TLS tunnel. If you look at the pcap all you can see is the encrypted traffic inside the TLS tunnel but you cannot extract the HTTP requests from it to create the HAR because you would need the decrypted traffic for this.
Related
I'm trying to write a custom proxy with HTTPS support.
It means that I need to react to HTTP CONNECT command, then open TCP/IP connection to desired server and lets browser use it.
I can open RAW socket as described here
https://ktor.io/docs/servers-raw-sockets.html#server_send
But I don't want then manually handle HTTP decoding.
I want to detect if it is HTTP or not and then use embedded HTTP parsing.
I currently don't need to do MITM, so I don't need to decode the incoming SSL stream.
But this is also possible in the future.
Something like
https://github.com/ravindraranwala/NettyReverseProxy/blob/master/NettyRPDemo/src/main/java/org/wso2/netty/SecureProxyInitializer.java#L64
or
Problems with building a MITM proxy with Netty that handles both HTTP and HTTPS on the same port
Dears,
Any Idea of an offline replacement to https://converter.blazemeter.com/ to convert a PCAP to JMeter JMX.
As the PCAP contains sensitive data that we can not upload online.
I need an inhouse tool
Thanks
I can think of the following options:
You can use tcprewrite tool to replace the "sensitive" data with the dummy data in your .pcap file and use the aforementioned converter. Once you get the .jmx file you can replace the dummy data back with the sensitive data
If you want fully offline solution you can consider using tcpreplay application which can replay .pcap files via JMeter Proxy Server which will capture HTTP requests and create the relevant HTTP Request samplers.
You can open the .pcap file via Wireshark, copy raw TCP request data and put it to HTTP Raw Request sampler.
I've scenario where ftp client and server are separe with a proxy server.
I want to insert ip source address into ftp client payload so that the ftp server can retrieve it.
The problem is that i don't know how to proceed.
Help me out please.
With regards.
FTP is text-based protocol.
If you can re-implement both the client and the server, just make them understand a new command for your purpose.
E.g. you can have the client send a XIP command just after authentication (or even before, if you need):
XIP 203.0.113.0
The server will just parse the IP and respond something like this (to follow the FTP specification):
200 OK
And then carry on as in a normal FTP session.
I am trying to relay a stream that is being broadcasted over HTTPS, is there a way to be able to do that? The documentation describes how to broadcast with https using listen-socket which I think is not what I want. All the help would be appreciated
I tried relaying normal http streams and it works. But not with https
I tried doing it both with including https and without in the url
`<relay>
<server>https://streamingurl.com</server>
<port>800</port>
<mount>/f</mount>
<local-mount>/f</local-mount>
<on-demand>0</on-demand>
<relay-shoutcast-metadata>0</relay-shoutcast-metadata>
</relay>`
Unfortunately this is currently not possible.
A good workaround for this problem is to set up a reverse proxy using nginx. I did this to access a https stream over http and icecast2 is able to relay it without issues.
What is the origin server you are trying to relay? Another Icecast or something else?
The -kh fork if Icecast supports SSL and has a lot of extensions and may be able to relay a https stream. (Sorry I'm not more help with that) see https://karlheyes.github.io
You're not supposed to include http or https in the context, just the address.
<relay>
<server>sourceip</server>
<port>443</port>
<mount>/sourcemount</mount>
<local-mount>/localmount</local-mount>
<on-demand>0</on-demand>
<relay-shoutcast-metadata>1</relay-shoutcast-metadata>
</relay>
I just tested that with a -kh branch icecast server, and it worked, BUT I wasn't able to confirm it was actually making a SSL connection; but it is making a connection. The kh fork or Icecast will accept http or https over 80 or 443 (or any other port for that matter).
The http traffic I'm interested in recording is gzipped (the client sends zipped data to the server). The result is recorded binary traffic which cannot be easily modified. It's very difficult to modify the client in order to suppress compression. So my question: Is there an option or extension for the proxy to uncompress the client traffic during recording?
My environment:
The client sends compressed requests.
The server sends compressed responses.
My requirements:
I have to modify the requests.
I have to check assertions in the responses.
Your advice:
JMeter can not handle the compressed traffic in the required way.
Disable compression on both sides.
Right?