Hi there. I'm currently analysing a flash application. For that reason, I need to know what HTTP requests (such as POST and GET) are send by the application. For some reason only a very few HTTP requests are captured, even though I know for certain that there are many more requests. I have Wireshark set to the default settings. Which settings should I change to view this traffic? Thanks in advance! Erwin asked 27 Jan '12, 04:08  Erwin |
3 Answers:
Ok... try this - use a display filter frame contains ".swf" - that should show you the request for the flash file. If the flash app traffic is available to Wireshark, it should capture it. Sometimes it is just a matter of finding it on the trace file. Alternately, select File > Export > Objects > HTTP and see if the flash download is in there - look at the file size. You can select the .swf-related line and choose save as to reassemble the flash file. answered 30 Jan '12, 00:49  lchappell ♦ |
Flash may also be using HTTP pipelining. Check your "very few" HTTP connections and see if multiple requests are being submitted over a single connection. answered 03 Feb '12, 21:03  wesmorgan1 |
If any of the traffic from the flash application is HTTPS, you will not even see the HTTP packet type in Wireshark, since the HTTP packets are traveling as encrypted data over an SSL/TLS connection. answered 20 Apr '12, 01:30  inetdog |
