[CryptoParty] visualizing http traffic

Yuval Adam yuv.adm at gmail.com
Fri May 17 22:03:52 GMT 2013


I think tcpdump should have some way of uncompressing gzip'd content, either with -z flag or piping through gzip to a file, but both methods are flaky.

Wireshark handles this stuff transparently, and would be definitely be the easier way to do this demo.
You also get nice packet visualization for free.

- Yuval


On Friday, May 17, 2013 at 11:24 PM, ml at enteig.net wrote:

> Hi,
> 
> I know that Julian and Danja did some traffic sniffing at past 
> cryptoparties to show the difference between plain-text and encrypted 
> traffic.
> 
> Now I want to recreate something like that, but my problem is that most 
> of HTTP traffic is indeed not encrypted, but compressed. So when I run 
> something like
> 
> # tcpdump -i wlan0 -s 0 -A -nn 'host localhost and (tcp port 80) or 
> (tcp port 443)'
> 
> I can see the HTTP requests, but the pages contents are as illegible as 
> anything else.
> 
> So is there an easy way to change that (and maybe even add a little 
> color to the output)?
> 
> 
> Sincerely,
> 
> Malte
> _______________________________________________
> CryptoParty mailing list
> CryptoParty at kuix.de (mailto:CryptoParty at kuix.de)
> https://kuix.de/mailman/listinfo/cryptoparty
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cryptoparty.is/pipermail/global/attachments/20130518/3f6b3765/attachment.html>


More information about the global mailing list