Guidance: how to view de-compressed gzipped XML data in HTTP body
We have a server that sends an HTTP Post response to my client, and the body of this POST response is an XML data that has been gzipped.
In Wireshark, we can view the original XML data by following the HTTP stream. However, I was wondering if it's possible to view the decompressed XML fields directly in the Details Panel under the Media Type subtree. (In the screenshot, notice how Media Type only shows Media type: application/gzip (28040)).
To do this, I'm wondering whether to:
Write a subdissector to handle only HTTP bodies. However, it doesn't seem possible to get the original http dissector to call this subdissector
Write a dissector that wraps over the original dissector. However, this requires reassembling HTTP
Is there some hidden feature for Wireshark to automatically decompress and show the xml data?
Thanks!
Creds goes to Christopher Maynard for suggesting this.
The problem happens because the XML subdissector isn't being called by the HTTP dissector. To get the HTTP dissector to call it, change the Content-Type header from application/gzip to text/xml.
- REST API naming conventations for logout
- Private git repository over http
- HttpClient hanging while fetching Url
- HTTPS protocol file integrity
- HTTP GET with request body
- Representing a Kibana query in a REST, curl form
- URLSession works for request but not NWConnection
- What should HTTP 201 response body be when responding to a POST request with large data?
- Authenticate HTTP proxy for request
- PayloadTooLargeError: request entity too large
- Can I track if requests belong to the same keep-alive connection as previous requests, with Go's net/http?
- Bad HTTP request when using Swift
- HTTP POST with URL query parameters -- good idea or not?
- Manually parse raw multipart/form-data data with PHP
- HttpClient doesn't get full website html source
- HTTP headers in Websockets client API
- FastAPI rejecting POST request from JavaScript code, but not from a 3rd party request application (insomnia)
- Sending browser cookies during a 302 redirect
- How to assert an http.client.HTTPSConnection.request
- Do browsers not send a CORS preflight request for certain headers added automatically by the browser?
- Rack::Request - how do I get all headers?
- Getting 400 bad request when trying to access an API using Angular, but it works perfectly fine when using PostMan
- How to do a PUT request with cURL?
- Golang read request body multiple times
- When does an HTTP 1.0 server close the connection?
- HTTP/1.1 header parser received no bytes
- Are HTTP cookies port specific?
- Python Requests GET with Proxy - HTTPS scheme returns expected result but HTTP returns header
- Incoming HTTP requests don't get read from Python socket in time
- Do I need Content-Type: application/octet-stream for file download?