View unanswered posts | View active topics It is currently Sun Oct 21, 2018 5:25 pm



Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
 http mail 
Author Message

Joined: Tue Oct 06, 2009 7:58 am
Posts: 71
Reply with quote
Post http mail
hiii
It is not showing the http mail(gmail,yahoo,etc) in web
Can it how that or not

Thanks


Mon Oct 26, 2009 11:08 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: http mail
Gmail, and other services use HTTPS, and HTTPS is a encrypted protocol. Then without a public key (or symmetric key) you can not decode it.


Mon Oct 26, 2009 11:26 am
Profile WWW

Joined: Tue Oct 06, 2009 7:58 am
Posts: 71
Reply with quote
Post Re: http mail
Hii

Not https only http because it show http mail in pcap file but i not show in xplico web interface

check in this file

Thanks


Attachments:
gmail.rar [47.82 KiB]
Downloaded 266 times
Mon Oct 26, 2009 11:46 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: http mail
Thanks.
Give me time to prove it. Then I reply to your post.

Ciao.
Gianluca


Mon Oct 26, 2009 12:30 pm
Profile WWW

Joined: Tue Oct 06, 2009 7:58 am
Posts: 71
Reply with quote
Post Re: http mail
thanks


Tue Oct 27, 2009 6:08 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: http mail
In your pcap there are many http flow but only one with TCP connection form SYN (this is the flow/strteam: tcp.port == 1784). Xplico is able to decode TCP flow only if the capture is correct, so if you have not lost data.

This does not depend on the TCP dissector, but by the single application dissector (ie dissectors above the TCP).
Currently, the HTTP dissector can only handle the errors (lost packets) in the body response/request (not chunked).
To remedy at the problem of capture there are two ways:
- specific hardware
- solutions as PF_RING and TNAPI ( nprobe )
Or course even a combination of both.

It can also improve the HTTP dissector but not an easy thing to do, because It depends on the type of error (data loss) that you want to manage.


Tue Oct 27, 2009 8:10 pm
Profile WWW
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: http mail
We improved the http dissector to handle one simplest error (the lack of the packet with the SYN).
After the release of 0.5.3 I will put here the source code of http dissector so that you will test it (and you give us a feedback :) ).

Ciao.
Gianluca


Tue Nov 03, 2009 11:17 am
Profile WWW

Joined: Tue Oct 06, 2009 7:58 am
Posts: 71
Reply with quote
Post Re: http mail
Hii

Thanks a lot
I will wait for code

Thanks


Sat Nov 07, 2009 5:38 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: http mail
This is the http dissector that find and decode HTTP flow with tcp without syn packet.
Attachment:
File comment: Http with tcp without syn packet
http_without_syn.tgz [13.64 KiB]
Downloaded 260 times

To install it:
Code:
cd xplico-0.5.3
tar xzvf http_without_syn.tgz
make clean all


Any feedback is welcome.


Sat Nov 21, 2009 8:15 am
Profile WWW

Joined: Tue Oct 06, 2009 7:58 am
Posts: 71
Reply with quote
Post Re: http mail
Hii

This is some problem to view Yahoo web mail

plz see the attachment

Raj


Attachments:
Untitled.jpg
Untitled.jpg [ 108.83 KiB | Viewed 5473 times ]
Fri Feb 19, 2010 11:54 am
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.