Hi Miroslav,
On Sat, May 05, 2018 at 06:17:42PM +0000, Miroslav Rovis wrote:
> Hi!
>
> How do users climbing the steep path of deep packet inspection extract files,
> in HTTP/HTTPS protocols, i.e. the streams in SSL (and plain TCP) conversations?
>
> Is there a program that can extract files from SSL- or plain- TCP streams
> automatically?
[..]
> And I've managed to put together a script that uses a few modified
> subroutines from Chaosreader on already decrypted SSL TCP streams and extracts
> files from them.
I think the feature you are looking for is "Export HTTP Objects". In the
GUI this is accessible via File -> Export Objects -> HTTP.
Since Wireshark 2.4, this feature is also available in tshark. For
example, to save all files from HTTP bodies in directory "outputdir":
tshak -r some.pcap --export-object http,outputdir
See also https://www.wireshark.org/docs/man-pages/tshark.html
Hope it helps.
--
Kind regards,
Peter Wu
https://lekensteyn.nl