Can eCapture save decrypted HTTP to pcapng instead of saving the master key to DSB?

[bugfixer-coder]

能否将解密后的HTTP保存到pcapng，而不是将master key保存到DSB呢？

[cfc4n]

不能。

1. 原始报文用于wireshark的网络分析场景，不适合剥离HTTP。
2. 剥离HTTP的成本较大，需要拆解skb的内容，解密HTTPS，再读取HTTP，再还原到skb里。

建议你自行使用wireshark来实现，未来或许可以在文本模式中规划这部分能力。

---

1. The original packet is used for Wireshark's network analysis scenario and is not suitable for stripping HTTP.
2. Stripping HTTP entails high costs, requiring the disassembly of skb content, decryption of HTTPS, reading HTTP, and then restoring it to skb.

I suggest using Wireshark on your own to implement this. Perhaps in the future, this capability can be planned in text mode.

[bugfixer-coder]

谢谢解答，我自己考虑下如何实现这个功能。

[cfc4n]

enjoy.