-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HTTP2 support #1210
Comments
The main problem with HTTP/2 (formerly known as SPDY) in the context of analyzing and parsing is that this protocol is encrypted by design, unlike previous versions of HTTP which weren't encrypted and needed an additional encryption layer known as SSL/TLS. We currently don't have a way to decrypt traffic, and even if we had I'm not sure how it'd apply to HTTP/2. Or maybe you think there is value in parsing the encrypted messages, like PcapPlusPlus already does for protocols like SSL/TLS, SSH, IPSec, etc.? 🤔 |
I know that Wireshark is able to decrypt when the MAGIC frames in the stream are present. Even when it cannot decrypt, the HTTP2 frames show some unformatted payload. As for how to do it in PcapPlusPlus, I have no idea and that would be part the investigation during a PR.
Yes! my initial interest in this project is to be able to reconstruct payloads from HTTP2. (e.gr. be able to reconstruct JSON payload easily for 3GPP 5G Network Function interactions)
If you agree, just create these two tasks and assign them to me. This time I'll branch dev... |
I think that Wireshark uses OpenSSL to decrypt data, not sure about HTTP2 though... however, we don't want to add OepnSSL as a dependency because it will make the build process more complex. If you find a way to decrypt without an external dependency then I'm all for it! Regarding full HTTP implementation - the reason only headers are supported is because often full HTTP messages (especially responses) spread over more than one packet but the parsing in PcapPlusPlus is done packet-by-packet. Of course, HTTP headers can also spread over more than one packet (and the parser supports that), but this is a more rare edge case. Anyway - feel free to start working on it! We don't have to open tickets for it, but we can if you prefer 😃 |
seems this need require a lengthy investigation... I may look into that later after I have checked what is required.
Yes, please open the ticket and I'll start pushing stuff soon. |
@jpcofr actually we can use this ticket for HTTP2 😄 |
@seladb I'm currently generating traces using a Python client/server script I wrote. How about you? How do you create your test traces? |
What do you mean by traces? |
Sample captures as in Wireshark webpage. I think I may need to generate samples to test corner cases. I meant that I know how to create simple traces with Python but I may need to generate tweaked samples easily. |
How do you create sample captures with Python? 🤔 Usually for new protocols, I try to find captures online to make sure the data is real |
Ok, I stretched it a bit... I wrote two (server/client) ~50 lines scripts that barely work and just send some frames. I capture these using Wireshark and then I call it "generate a sample". The problem, in the general case, is too wide IMO... |
yeah, usually I just google it and try to find pcap files with the specific protocol. This is usually easier than trying to generate packets myself... |
@seladb I found a traffic generator... it seems it may be useful... but I do not have time to test it... it is even on github Cisco trex |
Yes, I've heard about this traffic generator but never used it... |
remove the assignment due to lack of activity |
@seladb I noticed that PcapPlusPlus does not support HTTP2 and someone requested that through the google group. It seems also that there are not active PRs for this. Do you know if someone is already working on this? If not, I can start working on it...
The text was updated successfully, but these errors were encountered: