While
researching extracting images with scapy
I found a page
describing
image extraction
with Wireshark, I am not sure why I didn't think to try
this first. Of course Wireshark can do this super useful network task, their
mission is to make the ultimate network diagnostic tool.
The information on that page seems to be a little out of date, on my Wireshark
build the PDU tracing and http follow options were already selected.
Grab a dump of a http session, then feed it into Wireshark:
# tcpdump -w webimage.pcap host adventurist.me and port 80
I visited
this page
which I know has an image on it in FireFox's porn mode.
http.response.code==200
In Wireshark I used a http 200 response code to find all of the assets in the
stream. This left only three items, the page itself, the css style sheet and
the image. Expand out the TCP block in Wireshark, right click on the JPEG block
and choose 'Export Packet Bytes'. I saved this as .bin, moved it to a .jpeg and
was able to open the image.
Reading:
Abaddon's Gate
Packet capture tools are oscilloscopes to network programmers, I couldn't get
anything done without near continual use of
tcpdump
and
wireshark
. In a
pinch
tcpdump can
be used instead of writing server code
.
Wireshark has support for a load of protocols and can really help with
debugging. Recently I added
dtls support
to
NEAT
. DTLS is a protocol
enhancement to TLS to support datagram traffic, when it is working all of the
traffic is basically random noise.
I had trouble gettting server certs to work correctly with DTLS, thankfully
Wireshark can reassemble the datagrams
into a coherent certificate and
export the data out to a file. I can use this to manually check the cert is
being sent correctly.
The process is something like this:
1. Import pcap
2. Find the full reassembled server hello
3. Expand the DTLS body
4. Expand the DTLS Record, Certificate (Reassembled)
5. Right click on 'Handshake Protocol: Certificate(Reassembled)'
6. Select Export Packet Bytes
After than I had a TLS Cert in
DER format
, DER is just he raw cert bytes.
With this I could then verify using
openssl
that the cert chain was valid.
Reading:
Abaddon's Gate
Went to a friends and carved some pumpkins last night, that means I didn't
manage to do anything interesting yesterday. Weekends are when I
make
coffee
, Sunday is filtering day which looks something like this:
I have to run out to meet someone for lunch, tonight I am going to have a play
with Scapy. I think I will try to pull an image out of a http stream, that
seems like a small enough task to be doable.
It
is
Sunday, so that
makes
seven
days
of
writing
.
Reading:
Abaddon's' Gate
This robot is excellent, you should follow it.
Reading:
Abaddon's Gate
Maybe because there is an election on or maybe just because I wanted a use for
my new stream 7 tablet thing, I read through all of
Transmetropolitan
.
Transmet (as I am told the cool kids call it) is a Cyberpunk comic book series
written by Warren Ellis, featuring a Gonzo journalist reporting on an Election
from 'The City'.
I am a huge fan of Gonzo as written by Hunter S. Thompson, but Hunter is long
dead and this has limited his journalistic output severely. So here I have a
problem, I would be very happy to read more high quality pieces in the Gonzo
style, but I have found finding such writing to be an absolute nightmare.
Here is a list of people I know writing great stuff:
I might have to look harder.
Reading:
ELEKTROGRAD
I couldn't finish Little Brother, it became
too
YA and it just annoyed me.
I did read all of it when it came out so I am not that bothered.
