Phillip
Reputation: 5666
How can I extract HTTP data going over SOCKS with Wireshark?
I took a pcap trace when accessing a website using Opera Mini on my mobile, and as Opera Mini uses a socks proxy to tunnel http traffic, the wireshark trace shows most of the packets as socks packets. Is there a way to extract the http payload from this?
Upvotes: 4
Views: 9652
Answers (1)
Remy Lebeau
Reputation: 596833
Once a SOCKS connection has been established and authenticated, all exchanged data afterwards on that same connection is the HTTP data. Locate the first data packet after the SOCKS handshake is complete and tell Wireshark to decode it and all subsequent packets as HTTP instead of SOCKS.
Upvotes: 7
Related Questions
- How to parse a proxy socks packet in java?
- Transfer a wireshark captured http request to a curl request
- How to parse a raw HTTP response as HttpListenerResponse?
- How convert Socks to HTTP in Mac OSX?
- http request statistics in wireshark
- How do I sniff website url in a https packet request in wireshark?
- Why I can not read http request with wireshark?
- how to capture HTTP packets in wireshark
- Wireshark HTTP Trace
- Wireshark HTTP requests