Can eCapture save decrypted HTTP to pcapng instead of saving the master key to DSB?
Closed this issue · 3 comments
bugfixer-coder commented
能否将解密后的HTTP保存到pcapng,而不是将master key保存到DSB呢?
cfc4n commented
不能。
- 原始报文用于wireshark的网络分析场景,不适合剥离HTTP。
- 剥离HTTP的成本较大,需要拆解skb的内容,解密HTTPS,再读取HTTP,再还原到skb里。
建议你自行使用wireshark来实现,未来或许可以在文本模式
中规划这部分能力。
- The original packet is used for Wireshark's network analysis scenario and is not suitable for stripping HTTP.
- Stripping HTTP entails high costs, requiring the disassembly of skb content, decryption of HTTPS, reading HTTP, and then restoring it to skb.
I suggest using Wireshark on your own to implement this. Perhaps in the future, this capability can be planned in text mode.
bugfixer-coder commented
谢谢解答,我自己考虑下如何实现这个功能。
cfc4n commented
enjoy.