How to decompress gzipped contents

Question

In HTTP request and response, content-encoding is 'gzip' and content is gzipped. Is there a way to decompress the gzipped content so we can see what the contents are.

Answer 1

I believe Jaap's answer is not quite correct, because the exported object will already be uncompressed. Since there seems to be some confusion, here are some more explicit steps that should hopefully work for you:

Find the gzipped object of interest and right-click on the corresponding packet in the packet list, selecting, "Follow TCP Stream" to isolate the stream.
Within the "Follow TCP Stream" window, note the name of the gzipped object in the previous GET block.
From the main window, choose File -> Export Objects -> HTTP.
Select the object. The packet number should match the packet number you discovered in step 1, and the Filename should match the name seen in step 2. Note that the content type that appears is the uncompressed content type, so e.g., text/html, and not gzip.
Choose Save As, then Save. This will be the uncompressed object.

Note that you don't necessarily need to do "Follow TCP Stream" as long as you know the packet number and object name of the object of interest, or if you simply want to export all objects.

Answer 2

1

You could export the objects through the file menu and gunzip them offline.

answered 27 Sep '11, 13:58

Jaap ♦
11.7k●16●101
accept rate: 14%

Thanks. Could you specify the detailed procedure on how to do it? Ho wdo I export the objects through the file menu?

(03 Oct '11, 11:37) eusjoji

When exporting did you select the HTML object?

Also should the gzip show up in the content type in the HTTP object list?

(17 Jun '12, 15:01) Hig2012

Answer 3

I made a quick script to convert the Follow TCP Stream output to what you'd expect: wireshark-http-gunzip

You can use it with a command like this:

ruby http-gunzip.rb < raw.dump | less