This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Help extracting data from http post

0

I'm trying to view the communications between a game and it's server. I believe it is using some form of UTF8 encoded xml but wireshark is only showing application/octet-stream and I'm not able to get the text from these files. The server name has xrpc in it, so I'm assuming it's using xrpc or xml-rpc.

Could someone provide guidance on how to extract the payload in clear text instead of having to view it in hex?

https://www.dropbox.com/s/xanrozfnklt30ng/boot.pcap?dl=0 https://www.dropbox.com/s/czvzmj59lnfz9ux/boot.pcapng?dl=0

asked 23 Nov '16, 11:04

octrevolution's gravatar image

octrevolution
6113
accept rate: 0%

edited 23 Nov '16, 11:54


One Answer:

0

It looks like the name XRPC is used both for an XML based RPC protocol as a gaming protocol. I'm sure the latter has been used. A little googling on games and xrpc lays a link with jrpc. From there on I think if you want to extract meaningful data from the communication, all you can do is start reverse engineering the network protocol. This is beyond the scope of this Q&A site.

If you do have reverse engineered the protocol, you might be able to write dissector-code so that Wireshark can present you with the protocol fields in a meaningful way.

answered 24 Nov '16, 03:43

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%