After turning on the "Decode Gzip" option, represented by the check box in the grey options bar at top, the gzipped data is instantly decompressed for us and displayed.
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Friday, December 27, 2013
Moloch Gzip Decode
As previously mentioned, the open source packet capture tool Moloch does a number of on-the-fly decoding functions, including decompressing gzip'd data from the Web server. In the screen shot below we see a response from the server to a GET request. Because there's a large amount of code in the response it's gzipped, so we need to decompress it to analyze what's in the response.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment