Getting started on your cyber security journey? Click the subscribe button, I have a lot of content already here to help you get started and more on the way! If you're looking for full courses, consider checking out my content on Pluralsight - www.pluralsight.com/authors/josh-stroschein
The extraction and the unzip functions, where is the difference? Is the extraction based on extracting application data bytes after separating delimiters, null/padding values etc from raw data? I mean when I run an Hex through extraction which is supposedly a PKZIP, it gives out doc files, so are there overlapping functionalities?
Michael - if the PDF file is downloaded over a non-TLS connection, you'll be able to extract it using File->Export Objects-> - so HTTP would be a common protocol to look into. If it's downloaded over TLS, you won't be able to decrypt the TLS session without the appropriate keys. Let me know if this helps!
@@jstrosch Thank you Josh for your reply. I couldn’t use HTTP as it’s FTP protocol. When I “Follow TCP Stream”, I see a string of data and there was a .docx document. How can I “extract” or “recover” the document to something readable ie to a normal textual image document that I can read? I’m not sure if I should “save as” ASCII data or “raw” and the appropriate file format. I tried saving it to Word but I wonder how can I decode the TCP Stream to something readable?
Hi! This is a pretty good tutorial from Unit42 that covers extracting files from FTP datan - unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/. This should get you there, if not close. If not let me know, happy to try to help more!
Getting started on your cyber security journey? Click the subscribe button, I have a lot of content already here to help you get started and more on the way! If you're looking for full courses, consider checking out my content on Pluralsight - www.pluralsight.com/authors/josh-stroschein
This was a good one. I didn't know that unzip was also available in cyberchef. Thanks!
Glad it was helpful!
Well explained and easy to follow! Definitely going to check out your other videos
Glad to hear that!
In every video I learn something new !!!, I'm really appreciate this, thank you
That's great to hear - thank you for the feedback!
This protocol used in Enthiran (Robot) Movie 😅
Oh cool - I haven't heard of that movie before!
The extraction and the unzip functions, where is the difference? Is the extraction based on extracting application data bytes after separating delimiters, null/padding values etc from raw data? I mean when I run an Hex through extraction which is supposedly a PKZIP, it gives out doc files, so are there overlapping functionalities?
Hi Josh,
thanks for the video.
I'm new to Wireshark. I wonder how to extract a PDF file from a .PCAP file?
Cheers!
Michael
Michael - if the PDF file is downloaded over a non-TLS connection, you'll be able to extract it using File->Export Objects-> - so HTTP would be a common protocol to look into. If it's downloaded over TLS, you won't be able to decrypt the TLS session without the appropriate keys. Let me know if this helps!
@@jstrosch Thank you Josh for your reply. I couldn’t use HTTP as it’s FTP protocol.
When I “Follow TCP Stream”, I see a string of data and there was a .docx document.
How can I “extract” or “recover” the document to something readable ie to a normal textual image document that I can read?
I’m not sure if I should “save as” ASCII data or “raw” and the appropriate file format.
I tried saving it to Word but I wonder how can I decode the TCP Stream to something readable?
Hi! This is a pretty good tutorial from Unit42 that covers extracting files from FTP datan - unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/. This should get you there, if not close. If not let me know, happy to try to help more!
@@jstrosch Thanks Josh. I’ll check out the video 🙏.