Wireshark-bugs: [Wireshark-bugs] [Bug 11079] New: Reassembled chunked HTTP responses over SSL ar
Bug ID |
11079
|
Summary |
Reassembled chunked HTTP responses over SSL are shown twice in the tree
|
Product |
Wireshark
|
Version |
Git
|
Hardware |
All
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
peter@lekensteyn.nl
|
Created attachment 13523 [details]
SSL capture of a chunked HTTP response (master key in capture file comments)
Build Information:
Tested revisions of wireshark-gtk on Arch Linux x86_64:
v1.99.1rc0-232-g5e4e17c
v1.99.6rc0-9-gce76a64
--
For some reason the dissected HTTP payload is displayed twice in the tree.
Possible factors causing this:
- SSL records spanning multiple TCP segments.
- Chunked encoding.
It is probably a bug in the SSL dissector.
Example packet tree of frame 50 (with some headers stripped):
Transmission Control Protocol, Src Port: 443 (443), Dst Port: 50177 (50177),
Seq: 35575, Ack: 758, Len: 1125
[9 Reassembled TCP Segments (16413 bytes): #30(963), #33(1448), #34(1448),
#37(1448), #38(1448), #41(2896), #44(2896), #47(2896), #50(970)]
Secure Sockets Layer
[3 Reassembled SSL segments (32894 bytes): #30(16384), #50(16384), #50(126)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Type: text/html; charset=UTF-8\r\n
Transfer-Encoding: chunked\r\n
Connection: keep-alive\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.063950760 seconds]
[Request in frame: 13]
HTTP chunked response
Data chunk (8104 octets)
Data chunk (8192 octets)
Data chunk (8192 octets)
Data chunk (4096 octets)
Data chunk (4027 octets)
End of chunked encoding
\r\n
Line-based text data: text/html
Secure Sockets Layer
[3 Reassembled SSL segments (32894 bytes): #30(16384), #50(16384), #50(126)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Type: text/html; charset=UTF-8\r\n
Transfer-Encoding: chunked\r\n
Connection: keep-alive\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.063950760 seconds]
[Request in frame: 13]
HTTP chunked response
Data chunk (8104 octets)
Data chunk (8192 octets)
Data chunk (8192 octets)
Data chunk (4096 octets)
Data chunk (4027 octets)
End of chunked encoding
\r\n
Line-based text data: text/html
The decryption keys (CLIENT_RANDOM + master key) of the attached packet capture
are available in the capture file comments.
You are receiving this mail because:
- You are watching all bug changes.