1
1
I am capturing HTTP GET traffic with Wireshark and I have plenty of URLs that contain "cryptic" URL-encoded data.
I'd like to
- see the URI split into the individual parameters
- see the parameter values in plain text
Example: Today I see in Wireshark:
GET /index.xml?MODE=%40&MAC=63%3AA8%3A42%3AC0%3AE0%3AFD
And I'd like to see something like
MODE=@
MAC=63:A8:42:C0:E0:FD
How is that possible in Wireshark?
I have tried
- expanding the
GETpart in Wireshark - right-clicking, decode as...
I know how to decode the URL e.g. with MIME-tools in Notepad++ or in online decoders, but I'd not like to do this for dozens of URLs.
Thomas Weller
Posted 2015-11-23T16:01:25.593
Reputation: 4 102
Wireshark cannot do this automatically, as it doesn't actually know that that value is a url fragment, let alone that it's partially hex expressing UFT-8. – Frank Thomas – 2015-11-23T17:11:26.607
@FrankThomas: thanks for the comment. The format of a HTTP GET request is specified. So it would theoretically be possible to implement in Wireshark, but nobody has done so yet. Is that a correct hypothesis? If so, maybe I can add a feature request to Wireshark Bugzilla. – Thomas Weller – 2015-11-24T09:53:17.813
I'm sure its possible, but it would not necessarilly be desirable for all cases, so yeah, submit a feature request, and see if the devs (who know exactly what the constraints are), like it. – Frank Thomas – 2015-11-24T12:37:17.420