Hi everyone. I would like to analyze application-data compressed over SSL. SSL is using "compression method: DEFLATE(1)". I can decrypt SSL-data since I have private-key. But I can't see application-data because of that data is compressed. I have a question. Can I de-compress data over SSL using wireshark? Many thanks. asked 13 Jul '11, 00:22  four_books |
2 Answers:
Even though the SSL protocol has long supported compression at the SSL layer, it was not used (see also: http://www.belshe.com/2010/11/18/ssl-compression-and-you/). Unfortunately no-one bothered to add decompression to the SSL dissector, so currently Wreshark can't decompress data that has been compressed at the SSL layer. You might want to file an enhancement request at https://bugs.wireshark.org to have decompression added to the SSL dissector. Please attach a tracefile that contains compressed SSL data to your request. answered 13 Jul '11, 23:57  SYN-bit ♦♦ Hi SYNbit. Thank you for your kindly research. I got it. Currenlty Wireshark doesn't have feature that decompressing compressed packet over ssl. What a pity! I have been expected future release. (14 Jul '11, 01:19) four_books In order for "decompression at the SSL level" to be included in a future release, someone needs to find the interest in enahncing the SSL dissector. It helps if you can file the enhancement request mentioned earlier. (15 Jul '11, 06:46) SYN-bit ♦♦ Hi, decompression in the SSL/TLS dissector was implemented about four years ago (svn rev. 21368). As I have not used it for a long time I can not say if it works or if it has been broken meanwhile. (16 Jul '11, 04:44) keksa |
Hi.
Can we use "decompression in the SSL/TLS dissector" in currently release? answered 19 Jul '11, 01:23 four_books |
Additonally, I am working as Network Engineer. I am not a purpose at all for mischievous. Trouble shooting now.