Simulate an HTTP/2 stream with pcap4j
I'm trying to capture the unencrypted bytes of a TLS connection and record them into a cap file for analysis of the HTTP/2 traffic. There are a lot of assumptions I am making that this is even possible. But I'm willing to fudge almost everything below the HTTP/2 layer if I can see that traffic in a useful tool like Wireshark.
My approach eventually boils down to
return object : DelegatingSSLSocket(socket) {
override fun getInputStream(): InputStream {
return object : FilterInputStream(socket.inputStream) {
override fun read(b: ByteArray, off: Int, len: Int): Int {
return super.read(b, off, len).also { readLen ->
dumper.dump(
ipv4ReadPacketBuilder.payloadBuilder(
tcpReadPacketBuilder
.payloadBuilder(
UnknownPacket.Builder().rawData(
b.sliceArray(off.rangeTo(off + readLen))
)
)
)
.build()
)
}
}
}
}
override fun getOutputStream(): OutputStream {
return object : FilterOutputStream(socket.outputStream) {
override fun write(b: ByteArray, off: Int, len: Int) {
super.write(b, off, len)
dumper.dump(
ipv4WritePacketBuilder.payloadBuilder(
tcpWritePacketBuilder
.payloadBuilder(
UnknownPacket.Builder().rawData(b.sliceArray(off.rangeTo(off + len)))
)
)
.build()
)
}
}
}
}
Does anyone have any advice on pcap4j or pcap files generally to see what I'm doing wrong?
The packets I'm writing are IPv4>TCP>Data
But Wireshark shows
For IPv4, Version is always equal to 4. Your image states that you are trying to write IPv4 Header but hex codes shows that it is not the IPv4 header.
First highlighted number is 56. Instead of 5 it should be 4. Hence Wireshark is unable to detect it as a IPv4 packet.
Refer my below link, it will help you to understand the sample format.
How to obtain the source IP from a Wireshark dump of an HTTP GET request
For TCP, it should be 06 instead of bb.
Also your source IP is 0.0.0.0. It will not generate any error but you can change it as per your requirement.
- Lua conditional evaluation of new language operators
- Error "cannot open display" when starting wireshark on Ubuntu command line
- Replay IHeartRadio station URL in Python
- Scapy fails to send ipv6 packets
- Capturing Network Router Traffic with Wireshark
- text2pcap is not detecting the below format
- Wireshark HTTP2 Prior Knowledge HTTP Request not showing
- wireshark - pcap timestamp date format
- Writing a protocol dissector with Lua does not autocomplete the Proto class
- How to access a previously extracted field in a chained Lua dissector?
- How to force Wireshark's all_field_infos() function gather all the fields?
- How to test which version of TLS my .NET client is using?
- How can i export file from wireshark to display not in hex format
- Strange base64 python decoding
- Merging/appending multiple pcap files to an existing one without overwriting
- Converting pcap format from LINKTYPE_LINUX_SSL to LINKTYPE_ETHERNET
- Jitter values for TCP Streams in Wireshark?
- Facing Issue while writing data to a pcap file using C language
- Azure functions read, process and save file on arrival in blob
- swinging of RTSP streams bandwidth?
- mitmproxy: SSL keys not decrypting in Wireshark
- Extracting TCP data with Scapy
- Using Wireshark Field Occurrence in Display Filter
- Raw socket not capturing DHCP packets on correct interface but Wireshark is
- Wireshark, monitor certain process/task or prevent ordinary packets be monitored
- Sniffing an Android app to find API URL
- dumpcap cannot save a data to a file
- WireShark doesn't decode gzip'ed http traffic on Windows
- How to Decrypt STUN Traffic Using Wireshark for Load Testing?
- Write to the console in .net MAUI