Locate unencrypted HTTP data with Wireshark

1

Part of an assignment for university is analysing packets from HTTP and HTTPS traffic, however Wireshark doesn't seem to be displaying the HTTP data as I would expecting - just to clarify, I am expecting to see the actual HTML code in one or more packets.

The only packets I see when attempting to load the page are in the image below.

Image 1

Looking into packet 32 shows some data, but not the actual HTML. It almost looks as though the HTML is encrypted, but I'm only using plain HTTP without SSL or TLS - is this the case? If so, why is it not in plain text?

enter image description here

ryansin

Posted 2016-11-26T14:04:47.173

Reputation: 222

Answers

0

Got it - I was looking at the correct packet, but the HTML code was compressed with GZIP.

To resolve this, I simply disabled mod_deflate on the server.

sudo a2dismod deflate

Now the HTML comes through as plain text!

ryansin

Posted 2016-11-26T14:04:47.173

Reputation: 222

Asked: 2016-11-26T14:04:47.173

Viewed: 795 times

Active: 2016-11-26T14:17:14.953