Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2018-12-09 10:26:22 +0000

Jaap gravatar image

Okay, that's a tricky combination. Let's see, we have:

  • A request for a HTTP address
  • A response with a redirect
  • The redirect must point to a HTTPS address

Since the filter has to hit on the response, we have no access to the original request. But we do know it's to an HTTP address, so we may assume the server TCP port used is 80.

The redirect is done with the HTTP response code 302. That is clearly present in the response.

The redirect also must contain a HTTP location header, which according to the stated question, must have "https://" in the address.

Using this combination I would probably arrive at this filter:

(tcp.srcport == 80) && (http.response.code == 302) && (http.location contains "https://")

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2