Export binary data for png image
Hello, I have a captured traffic of a requested png image through HTTP, the TLS is decryted via a private key. But the image is returned as 3 reassembled PDU packets. I am trying to export the image from the traffic but I don't know how to, When I follow the TLS stream of the PDU packets, and export the bytes, it is exported with the HTTP headers response too. I only want to export the response body, which is the png binary data. I also tried to export the binary data packet by packet and concatenate everything to a single file, that didn't work either...
Are you using the File -> Export Objects -> HTTP.... option?
@grahamb yes, and the table shows no objects...
The HTTP dissector should reassemble the 3 packets and give a final (200??) response that should have the image in it.
What are your HTTP dissector preferences for the "Reassemble xxx" options?
Try it with Analyze TCP sequence numbers unchecked.
(There was a discussion on LinkedIn with a sample capture that did not show HTTP properly until the TCP Analysis was disabled. Version 3.6.2).
Thank you for the advices @grahamb and @Chuckc :) I was able to extract the raw data from the packet without the HTTP headers, by trimming the headers part with right click on the packet > show packet details > modify the "start" value so that it starts from the magic bytes of the image which is .PNG then I just concatenated the 3 reassembled PDUs and got the full image finally.