Simulate an HTTP/2 stream with pcap4j
I'm trying to capture the unencrypted bytes of a TLS connection and record them into a cap file for analysis of the HTTP/2 traffic. There are a lot of assumptions I am making that this is even possible. But I'm willing to fudge almost everything below the HTTP/2 layer if I can see that traffic in a useful tool like Wireshark.
My approach eventually boils down to
return object : DelegatingSSLSocket(socket) {
override fun getInputStream(): InputStream {
return object : FilterInputStream(socket.inputStream) {
override fun read(b: ByteArray, off: Int, len: Int): Int {
return super.read(b, off, len).also { readLen ->
dumper.dump(
ipv4ReadPacketBuilder.payloadBuilder(
tcpReadPacketBuilder
.payloadBuilder(
UnknownPacket.Builder().rawData(
b.sliceArray(off.rangeTo(off + readLen))
)
)
)
.build()
)
}
}
}
}
override fun getOutputStream(): OutputStream {
return object : FilterOutputStream(socket.outputStream) {
override fun write(b: ByteArray, off: Int, len: Int) {
super.write(b, off, len)
dumper.dump(
ipv4WritePacketBuilder.payloadBuilder(
tcpWritePacketBuilder
.payloadBuilder(
UnknownPacket.Builder().rawData(b.sliceArray(off.rangeTo(off + len)))
)
)
.build()
)
}
}
}
}
Does anyone have any advice on pcap4j or pcap files generally to see what I'm doing wrong?
The packets I'm writing are IPv4>TCP>Data
But Wireshark shows
For IPv4, Version is always equal to 4. Your image states that you are trying to write IPv4 Header but hex codes shows that it is not the IPv4 header.
First highlighted number is 56. Instead of 5 it should be 4. Hence Wireshark is unable to detect it as a IPv4 packet.
Refer my below link, it will help you to understand the sample format.
How to obtain the source IP from a Wireshark dump of an HTTP GET request
For TCP, it should be 06 instead of bb.
Also your source IP is 0.0.0.0. It will not generate any error but you can change it as per your requirement.
- Compiling Wireshark packet dissector
- How to test which version of TLS my .NET client is using?
- How to filter by IP address in Wireshark?
- Does winpcap and sharppcap support the pcap-ng format
- Wireshark - Unused Setup Header
- Wireshark: Filter by Multicast in GUI
- Capturing mobile phone traffic on Wireshark
- Filter by process/PID in Wireshark
- whatsapp sniffing ssl traffic with wireshark
- Why Wireshark display filter does not show http packets?
- Purebasic Windows TCP filter specific package easiest way?
- Lua conditional evaluation of new language operators
- Comma separated IP addresses in TShark output
- Error "cannot open display" when starting wireshark on Ubuntu command line
- Replay IHeartRadio station URL in Python
- Scapy fails to send ipv6 packets
- Capturing Network Router Traffic with Wireshark
- text2pcap is not detecting the below format
- Wireshark HTTP2 Prior Knowledge HTTP Request not showing
- wireshark - pcap timestamp date format
- Writing a protocol dissector with Lua does not autocomplete the Proto class
- How to access a previously extracted field in a chained Lua dissector?
- How to force Wireshark's all_field_infos() function gather all the fields?
- How can i export file from wireshark to display not in hex format
- Strange base64 python decoding
- Merging/appending multiple pcap files to an existing one without overwriting
- Converting pcap format from LINKTYPE_LINUX_SSL to LINKTYPE_ETHERNET
- Jitter values for TCP Streams in Wireshark?
- Facing Issue while writing data to a pcap file using C language
- Azure functions read, process and save file on arrival in blob