This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I used wireshark to capture some traffic between a closed-program and a server.

The program request some URL with this format:

GET /m_back/page.php?a5bXBpYyBHYW1lcy0mYXBwdmVyc2lvxNzImcm5kdmFsPTEzNDQ4NTM2ODE= HTTP/1.1

Host: xxx.xxx.xxx.xxx

Connection: Keep-Alive

User-Agent: My User Agent

Accept-Encoding: gzip

Looks like the parameter is gzipped, but wireshark can not decoded it.

The answer from the server is coded with GZIP and wireshark can decoded it easily, I can see it under tab "uncompress entity body"

How can I unzip the passing parameter? It should be a XML-file o JSON-parameter . I have tried coping it to a plain .gz file and using gzip command, but it didn't work.

Any idea?

(with a little help from google Translate, sorry for my english)

asked 14 Aug '12, 11:03

vwpolo's gravatar image

vwpolo
1113
accept rate: 0%

edited 14 Aug '12, 11:15


Looks like it's base64 encoded. Likely to be a binary blob.

permanent link

answered 14 Aug '12, 11:45

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks for your ideas.

Now I have processed the data as base64 and it works!

At this web: www.base64decode.org I can decode the parameter.

Thanks!!!

(14 Aug '12, 12:21) vwpolo

Can you accept the answer for the benefit of others by clicking the check mark icon next to the answer.

(14 Aug '12, 13:13) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×29
×11

question asked: 14 Aug '12, 11:03

question was seen: 10,093 times

last updated: 14 Aug '12, 13:13

p​o​w​e​r​e​d by O​S​Q​A