Hi, i am a newbie and are playing with wireshark. I am trying to write a displayfilter that shows the google seach request done during the capture session. as example i did a seach on google for "tablet"and "Ferrari" and now i want to create a filter that show me the seaches on google. I tried this http.host contains google http.request.uri contains google But stil i dont see the words i have seached for. Is there anyone who knows how to do this ? Thanks in advance ! asked 24 May '13, 09:13  Johnny-b |
One Answer:
You could try something like Filtering for all packets containing a google search request might work like this: answered 24 May '13, 09:25  Jasper ♦♦ edited 24 May '13, 09:28 |
This will only work if the Google search is being run on plain old http. If the search is using https, then the traffic will be encrypted and you won't be able to see anything.
Correct, but I assumed that that topic with https is a well known thing :-) But it's probably good to emphasize it again, just to make sure.
Hi Jasper,
thanks this is just i needed, i can see the searches now .
And Graham your correct about the HTTPS , but i just used the old plain HTTP
anaway thanks for the help and info on this.
Johnny-b
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.