tags:

views:

295

answers:

4
Q: 

uncompress gzipped HTTP message

Hi everybody,

I am analyzing Pcap captures with C and I need to uncompress the Gzipped body of the HTTP replies. I know that I can do that using Wireshark manually, but I would need to do it on the fly, inside my program.

My understanding is that I should look into zlib and the RFC. But since it's a little analysis program, do you know where I could find a quick solution?

Thanks

A: 

It doesn't sound like you'll need to read any additional RFCs from what you already know. You don't need to understand the compression algorithm to use it.

Using zlib is pretty easy.
You can do this deflating within a few lines of code: Here is an example.

Brian R. Bondy  2010-01-25 15:23:47
Thanks for your reply. I had tried the example code for Zlib that you pointed me at, it's called Zpipe.It is a simple program that takes a compressed stream from stdin and produces an uncompressed one.However, the sample program fails to decode the gzipped page complaining that the data is not in a valid format.A gzipped page always starts with the bytes, 1F8b (the magic number of gzipped files). If you get the stream, copy-paste it into a file and ask gzip (the program) to decompress it, it does it no problem. However, Zpipe still complains and would not decompress.
Dan  2010-01-26 09:15:08
A: 

Probably, whatever language you're building your analysis program in, there should be a library already ready to use to decode gzip compressed streams. Google or Bing for "your-language-of-choice gzip implementation" or something alike and you'll likely get the solution for your problem.

As a last resort, you may always get your program to use GNU gzip (there must be a build for your system of choice) by feeding the data to it and using gzip's decompressed output to work on.

Miguel Ventura  2010-01-25 15:28:13
A: 

Solved! I found an implementation on gzip called minigzip. It's a little nice program that does the trick, i will use as a reference implementation.

Dan  2010-01-26 09:26:02
A: 

Wouldn't it be simpler to run it rhough a proxy that rewrites the Accept-Encoding cleint header to Accept-Encoding: compress;q=0, gzip;q=0

?

C.

symcbean  2010-01-27 14:28:48
That would not be possible since I only have access to the pcaps.However the problem is solved. It only took 10 lines of code and a call to gzuncompress in zlib ;)
Dan  2010-02-02 10:27:42

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS