Extracting decrypted QUIC packets in raw format, with decrypted payload.
Hi,
I'm working on some research for my master's thesis that requires me to capture some raw QUIC packets and save their raw representation to a file, so I can fuzz a protocol implementation. I've been able to capture traffic, load the sslkeylog file into wireshark, and then see the decrypted packets with their content. What I would ultimately like to do now, is save all decrypted packets in a raw (hex/binary), including the decrypted payload, in a raw/binary format to a file. I see that I can use the option "Export packet dissections", but that gives me the packets in the format that Wireshark shows them in the UI.
Normally for unencrypted protocols I'd: right click packet -> Follow <protocol> stream -> Show data as "raw" -> Copy the content to a file.
These steps allow me to save the raw packets (both header and payload) to a file. This gives me full control over the packets and allows me to modify the exact contents before sending them over the net. In this case I'd like to directly modify the headers and payload (fuzzing, basically) to then afterwards encrypt the packet and send it to the server.
Is there an easy or straight-forward way to export the QUIC packets (with decrypted content) in a raw/binary format, to a file?
There is a pcap and key log attached to Issue 17453
Using them as an example, which parts do you want to export?
@Chuckc Well, this might sound vague but it's the easiest way to explain it for me:
Every packet in the captured traffic consists of a header and a payload, correct? Ideally I want to extract all packets in their complete form, meaning: header + payload. Basically the packet after decryption, but before Wireshark's deconstruction. I know that I can export the header first, and then subsequently export the payload separately. I could then probably just append those, resulting in a valid packet. However I am not sure if that's correct.
To summarise: I want to export the decrypted packets. Header + payload. I want the packet in the same way that it would be sent to a server in encrypted form, but decrypted.