Revision history [back]

I have troubles reconstructing uploaded file. Original file is a little bit different compared to the captured in whireshark. Seems like problem in encoding.

Here is how follow tcp stream looks like:

POST /cgi-bin/upgrade.cgi HTTP/1.1

Host: 192.168.1.15

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0

Accept: application/json, text/plain, /

Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://192.168.1.15/

Content-Type: multipart/form-data; boundary=---------------------------265001916915724

Content-Length: 23965264

Authorization: Digest username="admin", realm="Router Configuration", nonce="e3995f748f5f0795134db47862c0b750", uri="/cgi-bin/upgrade.cgi", response="3a85f493d1ca12d7a599dc4a44e81f01", qop=auth, nc=0000063e, cnonce="35290bdcaa173dae"

Connection: keep-alive

Cookie: lang=en

-----------------------------265001916915724

Content-Disposition: form-data; name="file"; filename="firmware.tar.gz"

Content-Type: application/gzip

.....(......\u}7....^gw'.H...\ .s...0......D....I..".........7.JXQ..m.. V.<.m..j.>A.b..h.e.....O..!..d.BDc.r..?....g.......s...g.z.d..Pn..+g.:8..;?.z.......>3........ynV...nY.z.....|..kw...O....}..U7.s..9.....:.../.!./g....?.cFM.nY..U7...X......_q...jj..X.dy.

long code here

Here is the difference:

Captured file start:

.....(......\u}7....^gw'.H...\ .s...0......D....I..".........7.JXQ..m.. V.<.m..j.>A.b..h.e.....O..!..d.BDc.r..?....g.......s...g.z.d..Pn..+g.:8..;?.z.......>3........y

Original file start in notepad++:

‹ (\ мЬњ\u}7юЯ™Л^gw'HШ˜\ s™Ь0И™ЩD.єіI
"»›˜‰є–‹7МJXQ‰‰m­­ V«<µmў±jµ>A©bЈ–h’eґҐO­!ПЩdBDcъrэ?пч‹іgжМпњущќsжьѕgтz±dЦФPnщШ+gН:8Џ;?шzЪЊ™У¦Пњ>3џџтУтщёynVЩ“ЕnYµzсК.¬\ѕ|хЇkwјПO­јҐЈ}й”U7•sЗ9язММП:жьЗ/у!—/gЁГю?яcFMЅnYЗФU7ХФ¬Xјъ¦ЖЋ_qлхjj–¬XёdyЗ

Difference:

English symbols are fine, but others are replaced with . in wireshark

I have troubles reconstructing uploaded file. Original file is a little bit different compared to the captured in whireshark. Seems like problem in encoding.encoding. Plase help

Here is how follow tcp stream looks like:

POST /cgi-bin/upgrade.cgi HTTP/1.1

Host: 192.168.1.15

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0

Accept: application/json, text/plain, /

Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://192.168.1.15/

Content-Type: multipart/form-data; boundary=---------------------------265001916915724

Content-Length: 23965264

Authorization: Digest username="admin", realm="Router Configuration", nonce="e3995f748f5f0795134db47862c0b750", uri="/cgi-bin/upgrade.cgi", response="3a85f493d1ca12d7a599dc4a44e81f01", qop=auth, nc=0000063e, cnonce="35290bdcaa173dae"

Connection: keep-alive

Cookie: lang=en

-----------------------------265001916915724

Content-Disposition: form-data; name="file"; filename="firmware.tar.gz"

Content-Type: application/gzip

.....(......\u}7....^gw'.H...\ .s...0......D....I..".........7.JXQ..m.. V.<.m..j.>A.b..h.e.....O..!..d.BDc.r..?....g.......s...g.z.d..Pn..+g.:8..;?.z.......>3........ynV...nY.z.....|..kw...O....}..U7.s..9.....:.../.!./g....?.cFM.nY..U7...X......_q...jj..X.dy.

long code here

Here is the difference:

Captured file start:

.....(......\u}7....^gw'.H...\ .s...0......D....I..".........7.JXQ..m.. V.<.m..j.>A.b..h.e.....O..!..d.BDc.r..?....g.......s...g.z.d..Pn..+g.:8..;?.z.......>3........y

Original file start in notepad++:

‹ (\ мЬњ\u}7юЯ™Л^gw'HШ˜\ s™Ь0И™ЩD.єіI
"»›˜‰є–‹7МJXQ‰‰m­­ V«<µmў±jµ>A©bЈ–h’eґҐO­!ПЩdBDcъrэ?пч‹іgжМпњущќsжьѕgтz±dЦФPnщШ+gН:8Џ;?шzЪЊ™У¦Пњ>3џџтУтщёynVЩ“ЕnYµzсК.¬\ѕ|хЇkwјПO­јҐЈ}й”U7•sЗ9язММП:жьЗ/у!—/gЁГю?яcFMЅnYЗФU7ХФ¬Xјъ¦ЖЋ_qлхjj–¬XёdyЗ

Difference:

English symbols are fine, but others are replaced with . in wireshark